AI can now crack 51% of common passwords in just a minute
From writing software codes to performing at the 90th percentile on a simulated bar exam, AI has gone from being an obscure tool for technologists to becoming an indispensable tool used by companies to power their products and services. The latest is the use of AI by security professionals to crack passwords.
According to a recent study from Home Security Heroes, more than half (51%) of commonly used passwords can be cracked in less than a minute with the assistance of AI. Moreover, the accuracy of AI-powered password cracking can improve by up to 81% in under a month.
The study employed PassGAN, an AI-based password-cracking tool, to assess the time it takes for AI to crack passwords from the RockYou database. Then the team usedPassGAN to run through 15,600,000 common passwords (Rockyou dataset) to find out how long it will take AI to crack your password in 2023. The results are shocking.
Below are their findings:
• AI can crack 51% of common passwords in under a minute, 71% in under a day, and 81% in under a month.
• It takes AI less than 6 minutes to crack any kind of 7-character password, even if it contains symbols.
• Passwords longer than 18 characters are generally safe against AI.
o It takes PassGAN at least 10 months to crack number-only passwords and 6 quintillion years to crack passwords that contain symbols, numbers, lower-case letters, and upper-case letters.
The team also created an interactive calculator to help readers determine the strength of their password against AI.
How PassGAN Works
Understanding the functionality of PassGAN requires a closer examination of the framework that underpins most contemporary password-guessing tools. Typically, such tools employ rudimentary data-driven techniques that utilize data models to conduct manual password analyses. Additionally, these tools make assumptions about password patterns and utilize password generation rules, such as concatenation.
While these strategies are effective for small-scale and predictable passwords, they become either too slow or completely ineffective when dealing with larger and more intricate password patterns. This is where advanced systems such as PassGAN come into play.
PassGAN, a portmanteau of “Password” and “Generative Adversarial Networks” (GAN), utilizes a neural network as its core mechanism. GAN is the general mechanism that powers this password-cracking tool.
Methodology
The team used a collection of 15,680,000 frequently used passwords from the Rockyou dataset for both training and testing purposes. However, passwords exceeding 18 characters in length or less than four characters were omitted from the study. The remaining list was segmented into subcategories based on character types and length.
Subsequently, PassGAN was employed to examine the list, with the results recorded in terms of accuracy percentage and estimated prediction time.
You can check the full report here.