How Long Would It Take to Crack Your Password?

Ever wondered how fast a hacker could crack your password? The answer depends on three things: your password's length and complexity, the hashing algorithm the service uses, and the attacker's hardware.

Cracking Speed by Password Length

Using a single modern GPU (NVIDIA RTX 5090) running Hashcat in 2026, here's how long it takes to crack passwords against various hash types:

• 6 chars (lowercase only): Instant — less than 1 second against NTLM
• 8 chars (all characters): ~12 hours against MD5, ~5 days against NTLM
• 10 chars (all characters): ~40 days against MD5
• 12 chars (all characters): ~30 years against MD5
• 14 chars (all characters): ~4,000 years against MD5
• 16 chars (all characters): ~500,000 years against MD5

Hash Algorithm Makes a Huge Difference

Modern password hashing algorithms like bcrypt, Argon2id, and scrypt are deliberately slow. While MD5 can be computed at ~100 GH/s on consumer GPUs, bcrypt with cost factor 12 runs at roughly 100 KH/s — a million times slower. A 10-character password that falls in 40 days against MD5 would take over 100,000 years against bcrypt.

What This Means for You

Use a password manager to generate and store passwords that are at least 16 characters of random characters. This ensures that even against the fastest hash with the best hardware, your password will withstand attacks for centuries — well beyond the useful lifetime of any credential.

Generate uncrackable passwords with our password generator.