If you think your password is strong? Think again.
Now might be a good time to update your password to something longer and more complex, as experts have found AI systems are able to crack almost all passwords easily.
Cybersecurity researchers from Home Security Heroes recently fed millions of passwords from RockYou into the PassGAN AI platform to see how fast it could crack them and the results were nothing short of stunning.
RockYou was an immensely popular widget for MySpace, and later Facebook, in the early days of social media. However it was hacked in 2009, and 32 million passwords, stored in plaintext, leaked to the dark web. From that dataset, the researchers used 15.6 million and fed them into PassGAN, where the passwords are now often used to train AI tools.
Common passwords at risk
PassGAN is a password generator based on Generative Adversarial Network (GAN), which works by creating fake passwords that mimic real ones found in the wild.
It is comprised of two neural networks, a generator and discriminator. The generator builds passwords which the discriminator then scans and reports back to the generator. This constant back-and-forth helps both networks improve their results.
After excluding passwords shorter than 4 characters and longer than 18, the researchers found that 51% of “common” passwords could be cracked in less than a minute. It took less than an hour to crack two-thirds (65%), under a day to track 71%, and less than a month to crack 81%.
Seven-character passwords were cracked in under six minutes, even if they had numbers, upper and lowercase letters, and symbols.
To stay safe, researchers suggest people go for passwords with at least 15 characters, and with lower and upper-case letters, numbers, and symbols, being mandatory. Such a password would take 14 billion years to decode. Even so, frequently changing passwords is highly recommended, as well as making sure that each individual service has a unique password.