AI can crack most passwords in less than a minute

Data Breach
(Image credit: Shutterstock)

Now might be a good time to update your password to something longer and more complex, as experts have found AI systems are able to crack almost all passwords easily.

Cybersecurity researchers from Home Security Heroes recently fed millions of passwords from RockYou into the PassGAN AI platform to see how fast it could crack them and the results were nothing short of stunning.

RockYou was an immensely popular widget for MySpace, and later Facebook, in the early days of social media. However it was hacked in 2009, and 32 million passwords, stored in plaintext, leaked to the dark web. The researchers then fed 15.6 million of them into PassGAN, which served to train the AI's cracking abilities.

Common passwords at risk

PassGAN is a password generator based on Generative Adversarial Network (GAN), which works by creating fake passwords that mimic real ones found in the wild. 

It is comprised of two neural networks, a generator and discriminator. The generator builds passwords which the discriminator then scans and reports back to the generator. This constant back-and-forth helps both networks improve their results. 

After excluding passwords shorter than 4 characters and longer than 18, the researchers found that 51% of “common” passwords could be cracked in less than a minute. It took less than an hour to crack two-thirds (65%), under a day to track 71%, and less than a month to crack 81%. 

Seven-character passwords were cracked in under six minutes, even if they had numbers, upper and lowercase letters, and symbols. 

To stay safe, researchers suggest people go for passwords with at least 15 characters, and with lower and upper-case letters, numbers, and symbols, being mandatory. Such a password would take 14 billion years to decode. The best password manager will be able to generate strong and unique passwords for every account you have.

Frequently changing passwords is also highly recommended. 

Via: Tom's Hardware

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.