With the launch and popularization of software such as ChatGPT or the new Bing, we are realizing how useful the use of artificial intelligence can be for our lives. But it is also being applied by those with bad intentions because it turns out that artificial intelligence is an ax at cracking passwords, or so this study says: more than half are able to figure them out in less than a minute.
The cybersecurity company Home Security Heroes has published a study on artificial intelligence and password cracking for which it used the PassGAN ( password generative adversarial network ) tool on a list of more than 15 million passwords from the Rockyou database. The results are truly terrifying about what can befall us: 51% of common passwords can be cracked in less than a minute, 65% in less than an hour, 71% in less than a day, and 81% % in less than a month.
To make it more visual, it is possible to see the conclusions in the table below, where it can be seen that almost all passwords with six characters or less were instantly cracked. On the other side of the scale, those passwords with more than 18 characters, even if they are only numbers, would cost at least ten months with tools like PassGAN.
Tools for automating password cracking already existed before the AI boom, but the difference is that instead of running manual key analysis from leaked password databases, PassGAN is able to “learn autonomously ” the distribution of real passwords from real password leaks .”
If you want to test how robust your password is against PassGAN’s artificial intelligence, you can enter it on its website. Although the web ensures that everything that is written is not stored or shared, I have been cautious and have used a password similar to mine (but not mine) to discover that it would theoretically crack it in seven hours.
How to protect account passwords from artificial intelligence?
Go ahead, there is nothing completely infallible, but if your keys are among that percentage that takes the longest to decipher, the better. The summary table of the study confirms many of the requirements that a good password must have, but it is worth refreshing:
- The first thing is to combine characters of all kinds : numbers with letters in upper and lower case and symbols to make the process difficult.
- As for its extension, ideally it should have at least 12 characters or more. According to the cybersecurity company, the ideal is 15 characters.
- Avoid patterns like “1234” which reduce the complexity of the password. Here password generators can help you.
Note that all passwords with 18 characters that include both letters and numbers are safe from PassGAN and similar intelligence for now.
It’s also a good idea to change your password regularly and avoid using the same password for multiple accounts, which is why you either have a method to generate and remember passwords , or use a password manager to deal with so much information. If you are looking for extreme security in your accesses, it is also a good idea to bet on two-factor authentication systems (if possible, that do not use SMS).