Artificial intelligence, renowned for its impressive capabilities such as coding, storytelling, and explaining complex theories, has an uncool side too: cracking your passwords.
Home Security Heroes, a team of security experts, recently released a report revealing the power of AI in deciphering common passwords within minutes or even seconds. They employed an AI tool called PassGAN to evaluate the time needed to crack 15.6 million common passwords. PassGAN, a blend of “password” and GAN (Generative Adversarial Network), excels in password cracking, not through conventional manual techniques, but by analyzing real passwords from actual leaks. This automated approach may enable malicious actors to break passwords more rapidly and effectively.
Home Security Heroes discovered that 81% of common passwords could be cracked within a month, 71% within a day, 65% within an hour, and 51% within a minute. Both length and complexity determined a password’s vulnerability to cracking. For example, PassGAN took just six minutes to crack a seven-character password with uppercase and lowercase letters, numbers, and symbols, and only three minutes for a 13-character password with numbers alone.
Unsurprisingly, lengthy and complex passwords proved most secure. A nine-character password with all character types would take five years to crack, an 18-character numeric password would require 10 months, and an 18-character password with all character types would take six quintillion years.
Also Read: Generative Adversarial Networks (GANs)
PassGAN’s prowess in password cracking stems from its reliance on a neural network, enabling it to learn and improve, unlike traditional password-cracking tools that use basic data models, password generation rules, and assumptions about password patterns.
But should we surrender to our AI adversaries? No. We can counteract this threat by practicing good password hygiene, as advised by Home Security Heroes:
- Use strong password patterns: A long, robust password resists cracking. Aim for at least 15 characters, including uppercase and lowercase letters, numbers, symbols, and avoid obvious patterns or real words.
- Change your password regularly: Periodically update your password to protect against unauthorized access or potential misuse.
- Don’t reuse passwords across accounts: Using the same password on multiple sites risks further account compromises if one gets hacked.
One final suggestion: use a password manager. Until passwordless options become ubiquitous, a password manager remains the best solution for managing unique, complex passwords for all your accounts.