How to generate strong AI-proof passwords

Password protection

Passwords that once seemed secure are now no longer secure due to Artificial Intelligence. Let’s see how to create AI-proof passwords.

A few days ago we informed you about how AI is capable of cracking approximately half of the passwords used in a matter of less than a minute. This method makes use of PassGAN, a list of over 15 million common passwords.

According to the Home Security Heroes study, more than 51% of general user passwords are on this list and can be cracked in less than 1 minute.

If we give it an hour, that percentage reaches 65% and if we leave the AI ​​working for a month, it reaches 81% effectiveness, which, honestly, is scary.

It’s like leaving a locksmith long enough to open a door, and of course we should be able to protect ourselves against this new AI. There is an option to put more complicated locks and with greater armoring (passwords) and even the option of using custom locking systems that are not on the market and, therefore, the locksmith does not know how to open. 

So let’s see how to generate passwords that can withstand this type of AI brute force attack.

Generating AI-proof passwords

It certainly seems that there are foolproof methods to have the perfect password, but the reality is that given time and with this accelerated computing time thanks to AI or quantum computing, passwords as we know them today could become obsolete.

However, until that arrives here we leave you with a series of tips to be able to be part of that 19% of passwords that AI is not capable of violating even in a month of operation.

Many are old tips, such as avoiding passwords like 12340000password, which is like putting cellophane on your front door. Other tips are just being able to improve the complexity of these passwords, which is making it difficult for the AI.

  • Avoid using predictable or generic passwords that only contain numbers.
  • Passwords should have a minimum of 15 characters, although we recommend 18 characters, which is the number of characters with which PassGAN is no longer effective.
  • With characters we mean numbers, uppercase, lowercase and symbols.
  • Use a password manager to maintain different passwords for different accounts.
  • Change passwords periodically. Here we recommend, given the computing power of AI today, at least every quarter.
  • Avoid using common passwords for all your accounts.

If you want to know if your password is immune to AI, the official Home Security Heroes website has a checker that tells you how long any AI software could crack your password. Obviously this is taking into account the current computing power, which grows year after year, and therefore the time will decrease.

So even if that checker says 38 years old with your 11-character password, it’s still a good idea to make your password a little more complicated for the AI. 

If you change your password in less time than the verified one says, you are safe. If not, you should follow the advice above and, above all, if you want to be safe : have passwords of at least 18 characters and start having a password change policy every 3 months.

Leave a Reply