Along with the positive aspects of the new generative AI services come new risks. One that’s surfaced is an advanced approach to cracking passwords called PassGAN. Using the latest AI, it was able to compromise 51% of passwords in under one minute with 71% of passwords cracked in less than a day. Read on for a look at the character thresholds that offer security against AI password cracking, how PassGAN works, and more.
Last month, Microsoft brought attention to the security concerns that will come with the quick advancement of AI by announcing its new Security Copilot suite that will help security researchers protect against malicious use of modern technology.
Now Home Security Heroes has published a study showing how scary powerful the latest generative AI is at cracking passwords. The company used the new password cracker PassGAN (password generative adversarial network) to process a list of over 15,000,000 credentials from the Rockyou dataset and the results were wild.
51% of all common passwords were cracked in less than one minute, 65% in less than an hour, 71% in less than a day, and 81% in less than a month.
The reason AI is making such a difference in password cracking is that instead of having to run manual password analysis on leaked password databases, PassGAN is able to “autonomously learn the distribution of real passwords from actual password leaks.”
How to protect against AI password cracking
- As you can see below, making sure to stick with at least 12 characters or more with upper, and lowercase letters plus numbers (or symbols too) creates the distinction between instantly or quickly cracked passwords and tough-to-crack ones.
- All passwords with 18 characters that include both letters and numbers were found to be safe from AI cracking for now.
Here’s a look at how fast AI cracks passwords based on characters and complexity:
It’s always a good time for a password audit
Seeing how powerful AI can be for cracking passwords is a good reminder to not only make sure you’re using strong passwords but also check:
- You’re using 2FA/MFA (non-SMS-based whenever possible)
- You’re not re-using passwords across accounts
- Use auto-generated passwords when possible
- Update passwords regularly, especially for sensitive accounts
- Refrain from using public WiFi, especially for banking and similar accounts
There is a tool on the Home Security Heroes website that lets you test your own passwords vs AI. They say anything you type is not saved or shared – and we have no reason to doubt that. However, out of an abundance of caution, it’s safest to not enter any of your real passwords – if you want to try out the AI password analyzer, enter a random one.
More on PassGAN
If you’re curious to know more about how PassGAN works, Home Security Heroes has further details in its full report.
FTC: We use income earning auto affiliate links. More.
Comments