PassGAN AI can crack your passwords in seconds
As Artificial Intelligence becomes increasingly prevalent in various industries, it is also infiltrating our daily lives, including website chatbots and decisions about map data. However, the use of AI has recently raised security concerns, particularly in password protection.
PassGAN AI, a password-generative adversarial network, is a two-part system that has a "Generative Network" that generates passwords likely to be used by the average person and a "Discriminator Network" that compares the generated password against real passwords from the leaked data. The discriminator network trains the generative network to create better and more accurate passwords.
How quickly can PassGAN AI crack passwords?
According to Home Security Heroes (HSH), passwords with four, five, and six characters made up of a combination of letters (upper and lower case), numbers, and symbols can be guessed almost instantly by PassGAN AI. Even a seven-digit password with upper and lowercase letters and numbers (but no symbols) could be cracked in under a minute. The most structurally complex eight- and nine-digit passwords can be cracked in seven hours and two weeks, respectively. Therefore, if your passwords fall under these undesirable criteria, it's time to upgrade.
HSH ran the PassGAN AI through 15.600.000 common passwords and came up with the following result.
Should you be worried about AI cracking your passwords?
Although this may sound alarming, similar tools have been around for a while, and passwords and logins remain secure. Password crackers, even AI ones that train themselves, are only as good as the dataset at their disposal. While it's not clear whether AI like PassGAN can pick out your password, it's essential to use strong passwords.
Can you protect your password from PassGAN AI?
You can test your password's strength on HSH, although caution is advised when handing over any real passwords. It is essential to use strong passwords to safeguard against AI password cracking. The longer and more complex the password, the more challenging it is to crack.
While AI password-cracking tools like PassGAN may be able to crack short passwords in seconds, the security of your passwords remains intact as long as you use strong and complex passwords. As AI models continue to evolve, it is important to keep your passwords updated and secure to stay ahead of potential threats.
Advertisement
I had the same thought as Martin. Important sites lock you out after about 3 attempts.
I always use unique a 32 characters combination of letters (upper and lower case), numbers, and symbols.
I proposed a new one, freshly generated, to HSH and the analysis reported :
“An AI would need about 6 quadrillion years to crack your password”
Always — UNIQUE — 32 characters — letters (upper and lower case) AND numbers AND symbols… except for sites which limit either component. I don’t register as I used to years ago, but I remember sites which would limit the size to 12 characters and/or either refuse symbols either accept only a few of them. Should I encounter such limits nowadays that I simply would skip the registration IF the site handles confidential data of course.
This said I find it hard to understand how AI could be of any help for random (or pseudo-random) generated passwords. As I understand it AI will be pertinent when confronted to any password which contains sens, meaning as its basis, which is why i’m very skeptical about passphrases, whatever way they are encrypted, because their core is intelligible. RANDOM, always RANDOM, nothing but RANDOM (though purists evoke pseudo-randomness when generator is itself computerized).
ChatGPT hasn’t been around that long and already we’re getting sites for which the content is entirely generated by chatbots according to The Guardian: https://www.theguardian.com/technology/2023/may/02/chatbot-journalists-found-running-almost-50-ai-generated-content-farms
As to the p/w guessing app I guess that belongs in the same nefarious club.
I am long retired from computing now, but I don’t understand what is the point of being able to crack a password if you get locked out after three false tries? how does that work?
A randomly generated pass phrase with three words like this: voltage-abridge-politely. Generated in Bitwarden takes 6 quadrillion years to crack according to the site. Pretty safe I guess.