AI may be able to do lots of cool things like write computer code, tell you a story, and explain the theory of relativity. But it can also do at least one thing that’s not so cool: Figure out your passwords.
A new report released by security experts at Home Security Heroes shows how a savvy AI tool can be used to crack common passwords in minutes or seconds.
Also: How to write better ChatGPT prompts (and this applies to most other text-based AIs, too)
To determine how long it would take to crack 15,600,000 common passwords via artificial intelligence, Home Security Heroes enlisted an AI tool known as PassGAN. A combination of the terms “password” and GAN (Generative Adversarial Network), PassGAN is able to master the art of password cracking not through the usual manual processes but by analyzing real passwords from actual leaks. Such an automated method threatens to help the bad guys crack passwords faster and more efficiently.
Looking at all the common passwords, Home Security Heroes found that 81% of them could be cracked in less than a month, 71% in less than a day, 65% in less than an hour, and 51% in less than a minute.
Both the length and the complexity of a password factored into their susceptibility toward cracking. PassGAN took a mere six minutes to figure out a password with seven characters, even if it contained uppercase and lowercase letters, numbers, and symbols. And it took just three minutes to determine a 13-character password with only numbers.
Also: The best password managers
As expected, passwords that combined both length and complexity were the most secure. A nine-character password with all the different types of characters would take five years to crack, while an 18-character one with just numbers would take 10 months to crack. One with 18 characters and all the different types of characters would take six quintillion years.