Artificial intelligence can do all kinds of cool things, like writing computer code, telling you a story, or explaining the theory of relativity. But it can also do at least one thing that isn’t very cool: figure out your passwords. A new report from security experts Home Security Heroes shows how a smart AI tool can be used to recover common passwords in minutes or even seconds.
To determine how long it would take to crack 15 million common passwords using artificial intelligence, Home Security Heroes used an AI tool known as PassGAN. This name is a combination of the word “password” and the acronym “GAN”, (Generative Adversarial Network, networks antagonistic generative in French, a technique of machine learning). This tool is capable of cracking passwords by analyzing real passwords from real leaks.
A few minutes to recover common passwords
Looking at all common passwords, Home Security Heroes found that 81% of them could be cracked in less than a month, 71% in less than a day, 65% in less than an hour, and 51% in less than an hour. % in less than a minute. The length and complexity of a password are factors that affect its vulnerability to hacking. PassGAN took just six minutes to find a seven-character password, even though it contained upper and lower case letters, numbers and symbols. And it only took him three minutes to figure out a 13-character password containing only numbers.
As expected, passwords that combine length and complexity are the most secure. It would take five years to crack a nine-character password with all types of characters, while it would take 10 months to recover an 18-character password with only numbers. A password consisting of 18 characters and all character types would take six quintillion (10 to the power of 30) years.
Table from Home Security Heroes detailing the time it takes to recover a password.
Neural network
Why is PassGAN so good at finding passwords? Most password cracking tools use simple data patterns to manually guess passwords. They use generation rules like concatenation and make certain assumptions about password patterns. PassGAN runs on a neural network, which is able to analyze and learn from data to become increasingly intelligent.
Faced with this type of threat to our passwords, we can defend ourselves by respecting good computer hygiene. Use strong password patterns: the longer and stronger your password, the more resistant it will be to hacking. This means using at least 15 characters, having at least two letters (uppercase and lowercase) as well as numbers and symbols, and avoiding obvious patterns such as real words.
Change regularly
Also change your password regularly. Whether you’re concerned about third-party access to your accounts or if you’ve given your password to the wrong person, you should change your password regularly to prevent it from being misused. Do not use the same combination for different accounts. A hacked password could then compromise the security of other accounts.
Finally, use a password manager. Creating, remembering and enforcing a long and complex password for each account is nearly impossible without help. Until new ways to identify us, a password manager remains your best asset to juggle all the unique passwords of all your accounts.
Source: ZDNet.com