skip to main content

Access
Box
Outlook Web
Forms
About IMSS

Information Management Systems and Services

Services
News
Get Support
Annual Report
Duo MFA
- Enrollment/Device Management
- Authentication Methods
Search

Services
News
Get Support
Annual Report
Duo MFA

Access
Box
Outlook Web
Forms
About IMSS

Services

Accounts, Passwords & Access
- Account Termination
- Incoming Students
- Password Information
- Account Eligibility Details
Administrative Applications
Collaboration, Storage & Backups
Computers, Printers & Software
Email, Calendar & Messaging
- How to Log in to Office 365
- Email Features
- Calendar Features
- Messaging Features
- Email Configuration Guides
- Email Configuration Guides for Alumni
- Basic Auth Decommissioning
Generative AI
- AI Tools at Caltech
Information Security
Research Computing
Teaching and Learning
- Teaching Continuity
Video, A/V, Events
Voice, Mobile, Conference Calls
Web Hosting & Development
Wired, Wireless & Remote Access

Get Support

Academic Media Technologies
Caltech Help- Login required
IMSS Phone Directory
Remote Help
Services Catalog
Service Rates
Student House Representatives
Training & Guides

I Want to..

Change my Voicemail Message
Connect to a Wireless Network
Create a Website
Download Software
Reset my Caltech Password
Set Up Conference Call
Setup Email
Set Up Multi-Factor Authentication
Set Up VPN Software
Setup Video Conferencing (Zoom)

Duo MFA

Enrollment/Device Management
Authentication Methods

Search

IMSS / Services / Information Security / Information & Recommendations / Password Guidelines / Password Strength

Password Strength Comparision

Information Security

Duo Multi-factor Authentication
Security Issues
Information & Recommendations
Security Services
Security for IT Staff
Policies and Security Standards

This table illustrates how long it might take to brute‑force a password under specific assumptions.

Key Takeaways

Passwords under 8 characters are generally cracked very quickly
Length matters more than complexity
Adding symbols helps, but only when combined with sufficient length
Passwords 12+ characters with mixed types become extremely resistant to brute-force attacks

Actual attacks more often rely on phishing, malware, or credential reuse. Multi‑factor authentication is the most effective protection.

A table showing time to brute-force passwords by length (4–18 characters) and character type (numbers only, lowercase, mixed, etc.). For example: 9-character numbers-only: 2 hours 12-character mixed with symbols: 3 billion years…"

Image Lightbox

A table showing time to brute-force passwords by length (4–18 characters) and character type (numbers only, lowercase, mixed, etc.). For example: 9-character numbers-only: 2 hours 12-character mixed with symbols: 3 billion years…"

Download Full Image

Image source: Hive Systems

California Institute of Technology

1200 East California Boulevard

Pasadena, California 91125

Digital Accessibility | | Privacy Notice | Site Content Copyright © 2026 | Log In