Artificial Intelligence Now Able to Crack Most Passwords < 60 Seconds

Reading Time: 3 minutes

There are some people who have more in the way of long-term memory ability than short-term memory, and while that may sound good it does come with its own set of problems. Ideally you have a balance of short and long-term memory, and that will be more beneficial if you’re the type who has a demon of a time remembering their passwords. But it’s never been a good idea to create simple passwords, and it’s even less of a good idea nowadays with the news that the rapid advances in AI recently mean that artificial intelligence is almost certainly going to be able to figure out those passwords.

The fact that most of us use password apps on our phones attests to two things. First, how many passwords we need to have given the ever more digital nature of our world. And second, just how many of us don’t have the memory to be able to remember them organically. So if you’re not good with memory but you’ve resisted putting one of these apps on your phone then you may want to now. This is a topic that will be of interest for us here at 4GoodHosting as like any good Canadian web hosting provider we can relate the proliferation of passwords we all have these days.

Some of you may be familiar with RockYou, and if you are you’ll know that it was a super popular widget found on MySpace and Facebook in the early years of social media. There’s a different connection there between the widget and where we’re going with AI being able to hack passwords in less than a minute, so let’s start there with our web hosting topic blog entry this week.

Password Mimicker

How it is part of the reason that now is a good time to update your password is this. Experts have found AI systems are able to crack almost all passwords easily, and that’s just one more example of how the capabilities of artificial intelligence are expanding in leaps and bounds these days. In 2009 RockYou was the victim of a big-time cyber attack and 32 million passwords that were stored in plaintext were leaked to the dark web.

From that dataset, the researchers used 15.6 million and fed them into PassGAN, where the passwords now often used to train AI tools. The significance of that is in how PassGAN is a password generator based on Generative Adversarial Network (GAN), and it creates fake passwords that mimic real ones found genuinely on the Web.

It has two neural networks. The first one is a generator, and the second on is a discriminator. The generator builds passwords which the discriminator before they are scanned and sent back to the generator. Both networks improve their results based on this constant back and forth interaction.

More than Half

Passwords shorter than 4 characters are not common and neither are ones longer than 18, so those were the minimum and maximum where before and beyond the password was excluded from consideration in the research. The findings were that 51% of passwords that could be considered common’ could be cracked in less than a minute by the AI. 65% of them were cracked in less than an hour.

More than 80% of them were able hold strong for over a month, but even this many passwords had been deciphered by AI within that time. The average for passwords with 7 characters was to have them AI-broken within six minutes, and even less if the password had any combination on 1-2-3 or 3-2-1 in it. Any other combination of numbers, upper- or lower-case characters or symbols made no difference in the relative strength of the password when squared up with AI.

Go 15 or Longer from Now On

The consensus now is that to have AI-proof passwords you should be creating ones that have 15 characters or more. researchers suggest people go for passwords with at least 15 characters, and with lower and upper-case letters, numbers, and symbols, being mandatory. Going with one that is unique as possible and updating / changing it regularly is recommended too, particularly considering that – like everything – AI is going to get better at this too.

Post Navigation