Knowledge base
11 Oct 2022

How to create safe passwords on the Internet

Mateusz Kopacz
IT Security Manager
Any information that is collected from customers or from other sources must be adequately protected in accordance with the GDPR.
Any information that is collected from customers or from other sources must be adequately protected in accordance with the GDPR.


One of the pillars of digital security in terms of data protection are passwords. In this article, we would like to discuss the first and most important line of defense against cyber attacks – which is the implementation of a password creation and management policy (the password itself is a specific type of confidential information that we have and can use for authorization).

All information that is collected from customers or from other sources must be adequately protected in accordance with the GDPR. Currently, both the Supreme Audit Office and the Ministry of Digitization recommend completely blocking hacked (exposed) and easy-to-guess passwords. It is one of the easiest methods of protection.

By the way – you can easily and safely check if your password has ever been leaked on the website:

Basic hygiene rules for passwords:

  •  Use different password
    A good password must be difficult to crack or guess. Currently, the most common causes of data breaches are stolen and forced credentials. To protect your data, a password policy should prohibit the use of common and easy passwords. By using the same password multiple times, you risk being attacked by a hacker that uses password lists stolen from another system.
  • Do not use questions or hints
    It is common practice to create “secret questions” that can be answered to unlock or reset your account password. Secret questions are often “what is your mother’s maiden name” or “place of birth”. It is best to avoid them entirely as these types of questions are most susceptible to attacks.
  • Enable multi-factor authentication
    Currently, the most popular way to improve network security is to implement multi-factor authentication. In this case, in addition to the username and password, other factors are used to verify the user. It can be a one-time password sent via SMS or e-mail, which is generated especially for the user during authentication and is only active for a specified period of time. To improve this process, we provide instructions for the most popular applications: Facebook, Instagram, LinkedIn.
  • Use a password manager
    The basic function that a good manager should have is a password generator that suggests passwords that are a safer alternative to those invented by the user. This solution additionally protects the data stored in the database with the additional level of encryption. There are many free solutions on the market. It is an absolute ‘must have’ nowadays. Remember that you can adjust the strength of the generated password – the strongest should contain lowercase and uppercase letters, numbers and special characters.

How to create passwords

In this table, we present the time needed to crack the password depending on the number and types of characters used. We recommend using a minimum of 12 characters and a phrase consisting of lowercase and uppercase letters as well as numbers and special symbols.

We used this approach to assessment because in the near future hackers could use GPU-based computing clusters and in the future quantum computers, which could significantly reduce the time it takes to breach our security. Let’s remember about online safety. We recommend organizations of all sizes to introduce at least 12-component passwords.

The time it takes to crack the password with the Brute Force method

Number of characters
Lower case
Lower & upper case
+ numbers
+ numbers & symbols
1 second
5 seconds
25 seconds
1 minute
6 minutes
5 seconds
22 minuts
1 hour
8 hours
2 minuts
19 hours
3 days
3 weeks
58 minutes
1 month
7 months
5 years
2 seconds
1 day
5 years
41 years
400 years
25 seconds
3 weeks
300 years
2 000 years
34 000 years
4 minutes
1 year
16 000 years
100 000 years
2 mln years
41 minutes
51 years
800 000 years
9 mln years
200 mln years
6 hours
1 000 years
43 mln years
600 mln years
15 bln years

Ask for an offer

Would you like to learn more about our offer or have any questions about specific solutions.Please do not hesitate to contact us.