Gone in 60 seconds: That is what it takes for AI to steal your password

PassGAN, an AI tool, can crack common passwords in less than a minute.

Your commonly used passwords might be in danger.  

Now is the time to reset your password to something more complex and longish, as artificial intelligence (AI) driven tools can crack your passwords easily. 

Home Security Heroes, a cybersecurity firm, used an AI password cracker PassGAN to run through 15,600,000 common passwords. The intent was to find the time taken for AI to crack your password in 2023. 

The result was alarming. 

In less than a minute, AI can decipher nearly 51% of all popular passwords, according to the findings. The tool was able to crack 65% of the most popular passwords within an hour and 81% of passwords in a month. 

The writers of the report state that a ten-letter password with only lowercase letters would take an hour to hack, while a ten-letter mixed-case password would take four weeks. On the other hand, a ten-character strong password using letters, symbols, and numbers would take five years to decipher. 

So, the stronger your password, the lesser is the likelihood that AI systems can crack it. 

What is PassGAN, and how does it work? 

PassGAN is a concerning advancement in password cracking techniques. 

The GAN in PassGAN stands for Generative Adversarial Network that autonomously learns the distribution of real passwords from actual password leaks instead of relying on manual password analysis. 

GAN makes two neural networks compete against each other (Adversary). One network (called the Generator) generates new passwords and sends it to the other network (Discriminator) that looks at every piece of data for authenticity and decides if the data is real or a fake. This trains both networks, one to create better fakes, and the other to determine if the data is real or not. 

Many experts state that PassGAN significantly improves the ability to guess user passwords over tools such as Hashcat or John the Ripper. The writers of the report state that a ten-letter password with only lowercase letters would take an hour to hack, while a ten-letter mixed-case password would take four weeks. On the other hand, a ten-character strong password using letters, symbols, and numbers would take five years to decipher. 

This means the stronger your password, the lower the likelihood that people or AI systems can figure it out. 

Here’s how you can stay safe from humans and AI hacks: 

Have at least 15 characters in your password. 

→ Use a combination of uppercase and lowercase letters, numbers, and symbols in the password. 

Avoid using commonly used passwords or password patterns like your name, family members, date of birth, etc. 

Update your password once every 3 to 6 months. 

Don’t use the same password on various platforms. 

Disclaimer: The views expressed in this article are those of the author and do not necessarily reflect the views of ET Edge Insights, its management, or its members

Scroll to Top