For years, we’ve been told that “8 characters with a symbol” was safe.
That is no longer true.
According to the 2025 Hive Systems Password Table, a hacker using modern hardware can now crack an 8-character lowercase password in just 57 minutes. Even when numbers and symbols are added, short passwords are often broken in days.
The reason is simple. Computing power has increased dramatically. What once required massive resources can now be done quickly and cheaply. Password-cracking tools are faster, automated, and widely available.
The most effective defense today is length.
A password over 14 characters takes exponentially longer to crack than a short one, regardless of how many special characters you add. Each additional character significantly increases the time required to break it.
This is why security experts now recommend passphrases instead of short, complex passwords. A longer phrase made up of unrelated words is often both stronger and easier to remember than a short string of symbols.
Prioritize making your passwords longer rather than just more complex.
If your business is still relying on minimum 8-character requirements, it may be time to review your password policies. Stronger standards, combined with multi-factor authentication, dramatically reduce the risk of unauthorized access.