No one should be confident about the strength of the passwords they use. A recent study by Home Security Heroes, a cybersecurity service, shows how long artificial intelligence (AI) takes to hack your password. [drumroll] It takes less than a minute to crack 51% of typical passwords.
What Is PassGAN and How Does It Work?
The researchers used PassGAN, which is a password creator based on a machine learning tool called Generative Adversarial Network (GAN). PassGAN doesn’t need manual password analysis to make new passwords. It learns from previous password leaks to create new passwords that look real. A GAN is a type of machine learning that uses two networks (a generator and a discriminator) to make better predictions.
PassGAN is a computer program that generates fake data to fool another piece of software called a discriminator. The discriminator’s job is to distinguish between the real data and the fake data generated by PassGAN. This process is similar to a two-player game where both players improve with each round. PassGAN gets better at producing more convincing fake data, and the discriminator gets better at distinguishing between real and fake data.
Well, now that you know how it works, that’s the right time to get acquainted with the experiment conducted by Home Security Heroes. The latter used 15,680,000 common passwords from the RockYou dataset. They selected passwords with fewer than four characters and longer than 18 characters. By the way, hackers broke into RockYou in 2009, taking the data of over 32 million customers since the corporation stored data in an unsecured database. So we can state that the RockYou dataset was very useful for training ML password-cracking models.
Gizchina News of the week
Cracking Passwords Faster Than Ever
As said above, PassGAN cracked 51% of typical passwords in less than a minute. But the AI took a little longer with the more difficult passwords. For example, PassGAN cracked 65% in less than an hour, 71% in less than a day, and up to 81% in less than a month.
In order to understand how useful AI could be when it comes to password hacking, we have to refer to Statista’s data. It turns out six out of ten Americans have a password between eight and eleven characters long. This doesn’t mean Americans don’t want to protect their accounts better. We mean most people use short passwords because they are easier to remember.
Another interesting result of the experiment was that PassGAN cracked passwords of seven characters containing digits, upper and lower case letters, and symbols in less than six minutes. Moreover, PassGAN can crack a ten-character password using only numbers and lowercase letters in an hour. On the other hand, you should know that adding uppercase letters, numbers, and symbols increases the decryption time by up to five years.
The security firm also found that it would take about seven hours or two weeks to hack passwords of eight or nine characters. Passwords of ten or eleven characters would take the AI five to 365 years to decode. Decoding a 15-character password takes 14 billion years. Changing your password on a regular basis, every three to six months is also vital. Plus, avoid using the same password for many accounts.
How To Protect Yourself?
That is why Home Security Heroes has created a guide to help you protect your data and avoid password cracking. The key concept is to use at least 15 characters and a strong pattern to generate a password. This means using at least two upper and lower case letters, numbers, and symbols.