Now might be a good time to update your password (opens in a new tab) to something longer and more complex, as experts have found that artificial intelligence systems are able to crack almost all passwords with ease.
Cybersecurity analysts from Home Security Heroes recently entered millions of passwords from RockYou into the PassGAN AI platform to see how fast it could crack them, and the results were simply staggering.
RockYou was an extremely popular widget for MySpace and later Facebook in the early days of social media. However, in 2009 it was hacked and 32 million passwords stored in plain text were leaked onto the dark web. From this dataset, the researchers used 15.6 million and fed them into PassGAN, where passwords are now often used to train AI tools.
Shared passwords at risk
PassGAN is a Generative Adversarial Network (GAN) based password generator that works by creating fake passwords that mimic real ones found in the wild.
It consists of two neural networks, a generator and a discriminator. The generator builds passwords, which the discriminator then scans and feeds back to the generator. This constant exchange of information helps both networks improve their performance.
After excluding passwords shorter than 4 characters and longer than 18, the researchers found that 51% of “common” passwords can be cracked in less than a minute. Two-thirds (65%) cracked in less than an hour, 71% tracked in less than a day, and 81% cracked in less than a month.
Seven-character passwords were cracked in less than six minutes, even if they contained numbers, uppercase and lowercase letters, and symbols.
To stay safe, researchers suggest that people choose passwords that are at least 15 characters long, with lowercase and uppercase letters, numbers and symbols being mandatory. It would take 14 billion years to decipher such a password. Still, it’s recommended that you change your passwords frequently, as well as making sure that each individual service has a unique password.
By: Tom’s gear (opens in a new tab)