If you think you have a strong password, think again.new research from home security heroes (opens in new tab)Cybersecurity company shows how artificial intelligence (AI) can crack passwords quickly and easily. According to statistics, 51% of common passwords he can crack within 1 minute.
Security researchers used PassGAN, a password generator based on Generative Adversarial Networks (GANs). PassGAN differs from other password generators in that it does not rely on manual password analysis. In contrast, PassGAN mode, as the name suggests, leverages GANs to learn from real password leaks and generate realistic passwords that can be used. A GAN is a machine learning (ML) model that pitches two neural networks (a generator and a discriminator) against each other to improve prediction accuracy.
In other words, the generator produces false data to fool the discriminator. On the other hand, the discriminator’s job is to discriminate the real data from the fake data created by the generator. It becomes a cat-and-mouse game in which both networks benefit from the constant controversy. Generators are continuously improved to build better fake data, and discriminators improve their ability to distinguish between real and fake data.
Home Security Heroes fed PassGAN with 15,680,000 common passwords from the RockYou dataset to train the model. For those who haven’t heard of RockYou, RockYou was a widget developer for popular social media platforms like her MySpace and Facebook. Hackers broke into RockYou in 2009 and stole the data of more than 32 million users. This is because the company stored data in unencrypted databases. The RockYou dataset eventually became a popular option for training ML password cracking models.
Numerous data breaches involving Facebook and Yahoo have occurred over the years with victims. As such, there are many personal datasets for training password generators like PassGAN. More data equals more fodder for growing AI.
| word count | numbers only | lower case | uppercase, lowercase | uppercase letters, lowercase letters, numbers | uppercase letters, lowercase letters, numbers, symbols |
|---|---|---|---|---|---|
| Four | Immediately | Immediately | Immediately | Immediately | Immediately |
| Five | Immediately | Immediately | Immediately | Immediately | Immediately |
| 6 | Immediately | Immediately | Immediately | Immediately | 4 seconds |
| 7 | Immediately | Immediately | 22 seconds | 42 seconds | 6 minutes |
| 8 | Immediately | 3 seconds | 19 minutes | 48 minutes | 7 hours |
| 9 | Immediately | 1 minute | 11 hours | 2 days | 2 weeks |
| Ten | Immediately | 1 hour | 4 weeks | 6 months | 5 years |
| 11 | Immediately | 23 hours | 4 years | 38 years old | 356 years |
| 12 | 25 seconds | 3 weeks | 289 years | 2K years | 30,000 years |
| 13 | 3 minutes | 11 months | 16K years | 91K years | 2 million years |
| 14 | 36 minutes | 49 years old | 827K years | 9 million years | 187 million years |
| 15 | 5 hours | 890 | 47 million years | 613 million years | 14 billion years |
| 16 | 2 days | 23K years | 2 billion years | 26 billion years | 1 trillion years |
| 17 | 3 weeks | 812K years | 539.72 million years | 2 trillion years | 95 trillion years |
| 18 | 10 months | 22M years | 7.23 billion years | 96 trillion years | 6Qn years |
A study by Home Security Heroes revealed that PassGAN cracked 51% of common passwords in less than a minute. However, the AI took a little longer with harder passwords. For example, PassGAN he cracked 65% within an hour, 71% within a day, and up to 81% within a month.
according to Statista (opens in new tab), 6 in 10 Americans use passwords between 8 and 11 characters long. However, she is less than one third of the population with passwords longer than 12 characters. Short and simple passwords are easy to remember, but they are also vulnerable to attack and therefore easy to understand.
PassGAN took less than 6 minutes to crack a 7-character password, even if it contained numbers, uppercase and lowercase letters, and symbols. For example, PassGAN can crack a 10-character password with only numbers and lowercase letters in an hour. However, mixing uppercase letters, numbers, and symbols adds up to 5 years to decryption time. So not only are the passwords long, but the patterns are complex and AI can’t solve them quickly.
Home Security Heroes provided some guidelines for protecting password integrity. For starters, the cybersecurity firm recommends creating a password of at least 15 characters with a strong pattern, combining at least his two uppercase and lowercase letters, as well as numbers and symbols.
PassGAN can come up with 8 or 9 character passwords in about 7 hours and 2 weeks, respectively, even following best practices. A 10- or 11-character password takes about 5 and 365 years for AI to crack. However, it would take 14 billion years to crack a 15-character password. Therefore, it is also essential to change your password regularly every 3-6 months. Also, as a good practice, avoid using the same password for different accounts.
AI is here to stay, and the hardware that drives it improves over time. There is no denying that AI brings many benefits to our daily lives, but nothing prevents us from using it for malicious purposes, such as cracking passwords and stealing data.
