There are plenty of great tips for creating a good password, but let’s face it, most internet users don’t follow them. It is much easier to put an easy to remember word or an important date for us.
[Esta IA ha sido creada con el propósito de destruir a la humanidad]
If the latest leaks haven’t convinced you to change those habits, new types of AI-based attacks might; Or maybe it’s just what we needed to say goodbye to passwords once and for all.
Use AI to “crack” passwords
Home Security Heroes researchers have found that it is possible to use AI to crack passwords, and that the process is much faster than the usual force-based “decryption” methods.
The key lies in using machine learning models based on large amounts of data, from which you can derive the most likely solutions. In this specific case, obtaining this data is very easy due to the number of password leaks that have occurred in recent years. For the study, the researchers relied on the 32 million passwords from the RockYou service, leaked by a hacker attack in 2009, but much more recent and larger leaks exist.
The researchers trained an AI using these passwords using PassGAN, a password generator based on two neural networks that “combat” for the best result. Specifically, one neural network is responsible for generating passwords similar to the leaked ones and the other analyzes them to check if they would be valid for an attack.
The results have been incredible. The researchers found that the AI was able to “crack” 51% of the most used passwords in less than a minute; it took less than an hour to get 65% of the passwords, 71% a day, and less than a month to get 81% of the passwords. And if the password is six characters or less, it solves it instantly.
So, if your password is very common (like single words or popular combinations), the AI will find it without difficulty; but even if you use a hard password you are not safe, it’s just that the AI will take a little longer for now. In fact, the researchers then tested passwords created using best practices, including upper and lower case letters, numbers, and symbols, and the AI still managed to crack it in less than six minutes.
Avoid using the same password in multiple services
The expert recommendation is to extend the length of passwords up to 15 characters and include variations of upper and lower case letters, symbols and numbers; in this case, it would take thousands of years for the AI to crack the password. They also recommend changing your password often and avoiding using the same password on different accounts.
However, at the rate at which this technology is advancing, one might wonder if now is not the time to abandon passwords altogether, using alternative methods such as USB keys.
You may be interested
Follow the topics that interest you
