AI may be able to do a lot of cool things like write computer code, tell you a story and explain the theory of relativity. But it can also do at least one thing that isn’t so cool: figure out your passwords.
A new report published by security experts Home Security Heroes shows how a savvy AI tool can be used to crack common passwords in minutes or seconds.
Also: How to write better ChatGPT prompts (and this applies to most other text-based AIs too)
To determine how long it would take to crack 15,600,000 common passwords via artificial intelligence, Home Security Heroes used an artificial intelligence tool called PassGAN. A combination of the terms “password” and GAN (Generative adversarial network), PassGAN is able to master the art of password cracking not through the usual manual processes, but by analyzing real passwords from real leaks. Such an automated method threatens to help malefactors crack passwords faster and more efficiently.
Looking at all common passwords, Home Security Heroes found that 81% could be cracked in less than a month, 71% in less than a day, 65% in less than an hour, and 51% in less than an hour. % in less than a minute.
The length and complexity of a password are taken into account in its vulnerability to cracking. PassGAN only took six minutes to find a seven-character password, even though it contained upper and lower case letters, numbers and symbols. And it only took three minutes to determine a 13-character password with only numbers.
Also: The best password managers
As expected, passwords that combined both length and complexity were the most secure. A nine-character password with all the different types of characters would take five years to crack, while an 18-character password with only numbers would take 10 months to crack. One with 18 characters and all the different character types would take six quintillion years.
How and why is PassGAN so adept at finding passwords? Most password cracking tools apply simple data patterns to perform manual password guesses, use password generation rules like concatenation, and make certain assumptions about password patterns. In contrast, PassGAN relies on the GAN part to run on a neural network, which is able to analyze and learn data to become more and more intelligent.
With this type of threat looming over our passwords, should we just give up and welcome our new AI overlords? No, not when we can fight back by practicing the right kind of password hygiene. And it requires following a few rules and requirements as suggested by Home Security Heroes.
Also: These experts are racing to protect the AI from hackers. Hurry up
Use strong password patterns: the longer and stronger your password, the more resistant it will be to hacking. This means using at least 15 characters, having at least two letters (uppercase and lowercase) as well as numbers and symbols, and avoiding obvious patterns such as real words.
Change your password regularly: you may be worried that someone has accessed one of your accounts. Or maybe you shared your password with the wrong person. Whatever the reason, you’ll want to periodically change a password to protect yourself against its use and abuse.
Don’t use the same password on multiple accounts: If you repeat the same password on different sites and a hacker gets it for one site, what will happen? This hacker can use this cracked password to compromise your other accounts.
Also: How to protect and secure your password manager
Beyond Home Security Heroes advice, here is another recommendation. Use a password manager. Creating, remembering and enforcing a long and complex password for each account is nearly impossible without assistance. Until passwordless options become universal, a password manager is still your best bet for juggling all of the unique passwords for all of your accounts.