I was five seconds into scrolling through Hive Systems’ latest password cracking chart – released just in time for World Password Day celebrated worldwide on May 1, 2025 – when a mix of dread and awe hit me. About just how vulnerable our strong password can be, and just how much we stand to lose if we aren’t careful.
Because that’s exactly what today’s hardware can do. Hive’s infamous infographic, titled “Are Your Passwords in the Green?”, returns this year with an updated list of grim revelations related to your password strength, explaining just how fast modern GPUs can shatter your digital defenses.
Hive Systems modelled a hacker or an attacker’s attempt to guess your password, and it did so imagining the hacker was running twelve NVIDIA RTX 5090 GPUs – the kind of silicon setup that would make even crypto miners blush, which can also try to guess your password real quick. The revelations from such a hardware setup in trying to figure out someone’s password are alarming to say the least.
A basic all-lowercase eight-character password? Guessed in under a second. An eight-character combo of letters, numbers, and symbols? Cracked in less than a day. Want something that’s unbreakable and lasts years? According to Hive Systems, you’re looking at random 12-character passphrases – and even that’s starting to feel like the bare minimum of password strength now and into the near future.
For your passwords to be in the “green zone,” which Hive Systems is designating as “safe passwords,” where cracking estimates stretch into decades or centuries, they have to be more than 16 characters long with special symbols included. In other words, if your password still resembles something your fingers can type in under three seconds (hello, “qwerty123”), welcome to the red zone. Which is like most of the world, I think.
Also read: Deepfake AI to quantum ransomware: Top cybersecurity threats of 2025
Just to understand just how brutal password cracking has become, it helps to track the hardware curve that Hive Systems rides each year. In 2020, they used a single RTX 2080 to come up with their estimate – which increased to twelve NVIDIA RTX 4090s in 2023’s password cracking report they published two years ago. And this year, they’ve taken a dozen RTX 5090s, just to show what a dedicated hacker or hacking organisation can achieve with off-the-shelf tech that anyone can buy online or from their nearest electronics store.
That’s right, consumer-grade hardware now delivers nation-state-grade cracking capability. And in this new reality, not having a strong password to safeguard your bank or other accounts can be catastrophic.
Because last year’s cybersecurity data reads like a disaster movie script, if you take a closer look at the worrying cyber safety trends. As much as 68% of breaches involved the “human element,” according to Verizon’s 2024 report – which includes phishing, reused passwords, and easily guessable login attempts. Over a billion records were stolen in 2024, says NordLayer. And yes, login credentials were the most common target. All of this is costing businesses about $4.9 million from cybersecurity breaches, as per IBM’s 2024 report. And that figure’s climbing faster than a GPU’s hash rate.
Also read: Cybersecurity 101: Common cyber threats and online safety concepts explained
All this is exposing a bitter truth, one that all of us have to come to terms with (if we haven’t) – the password is no longer a single line of defense. In fact, on its own, it’s a downright liability.
So what’s the new best practice? Length over cleverness. Passphrases are the new ‘in thing’ for passwords.
Here’s what you need to know…
Multi-factor authentication (MFA) adds extra doors – whether it’s a one-time code, a hardware token, or a push notification. According to Microsoft, 99.9% of automated attacks fail if MFA is on, so enable them wherever you can.
And then there are passkeys – a quiet revolution backed by Apple, Google, Microsoft, Amazon, and pretty much everyone who’s tired of dealing with “forgot password” links. These device-bound, phishing-resistant logins ditch secrets altogether in favor of cryptographic keys stored on your phone or computer. Google alone has enabled 800 million accounts with passkeys, and reports a 30% increase in login success rates. That’s fewer breaches and less frustration in the long run.
Passwords aren’t just a cybersecurity issue. They’re increasing a trust issue. In a world where your digital identity unlocks your real-world life – everything from your money to your memories – guarding that identity is no longer optional.
So, maybe the real takeaway from Hive Systems’ chart isn’t just that passwords are breakable. It’s that our habits are fixable. Let that be your resolution this World Password Day.
Start with one account. Then another. By the time you’re done, you’ll have something most of us rarely feel online – peace of mind. And that’s worth every additional character in your newer, stronger password.
Also read: Cybersecurity in Age of AI: Black Hat 2024’s top 3 LLM security risks
