The Average American's Password Could Be Hacked in Under One Hour

Safety Team
Updated Feb 12, 2021
2 min read
While it’s never recommended to use your mother maiden’s name for a password, if it happens to be fifteen or more characters long, you might be in the clear from a brute force attack. In order to report on how secure the average American’s password is, the research team conducted a survey of 1,210 US residents about the length and complexity of their passwords. Key findings:
  • 67.3% of survey respondents said their average password was equal to or less than eight characters long.
  • 7.8% of respondents said their average password was less than five characters long.
  • 19.3% of respondents said their average password was fifteen characters or more.
  • Adults younger than 25 and older than 55 were amongst the groups with the shortest passwords.
Most people don’t like thinking about having their personal information stolen through a hack or data breach. But people the research team surveyed over the past two weeks responded that their passwords are well short of security expert recommendations. The majority (67.3%) of survey respondents said their password was below nine characters in length, with some even saying (7.8%) their passwords were four characters or less. “I basically just create the easiest password I can remember on any sign-up forms online,” one person said regarding how they create their passwords. Mark Burnett, information security expert and author of Perfect Passwords, says the average consumer should shoot for a password somewhere between 12 and 15 characters. Longer is better, with every letter adding a new layer of security. A recent study conducted by security firm Hive Systems found that passwords below ten characters in length could often end up hacked in under an hour (and this length of time is shrinking as computer hardware processing power improves). According to their study, passwords that were at least 12 characters long, even if only lowercase letters, would take upwards of a year to crack, with passwords at least 15 characters long taking upwards of 1,000 years. Comparing their research with the survey data, the average U.S. resident’s password could be hacked in under an hour, with many more potentially being hacked instantly. Most recommendations from security experts revolve around the length of the password and stirring away from using information readily available about a person online. A few examples include avoiding short words —  instead stringing a series of memorable words together. It’s also important to avoid using names of loved ones or common password words like “password” or number sequences like “123.” Methodology: 
  • The survey collected 1,210 responses from US residents and was conducted December 29th, 2020 through January 2nd, 2021.  Respondents were 18 or older 52% of those surveyed were female and 48% were male. The survey did not ask for any passwords or personally identifiable information.

Home Security Experts

Safety Team

The Safety Team is a group of experts that handle provider research, product reviews and recalls to make your home safety and security search as easy as 1-2-3.

Like what you've read?

Share it with your friends