In recent years, there has been an increasing emphasis on the importance of password strength and complexity. Despite this, not everyone heeds the warnings to use strong passwords online. As technology continues to advance, even those who exercise reasonable caution may find their passwords insufficient. A team of cybersecurity experts from Home Security Heroes set out to explore this issue using a Generative Adversarial Network (GAN) to determine how long it would take to crack the most common passwords, and the results are concerning.
The team used a password generator called PassGAN, which stands out from most other password generators due to its use of GAN technology. The generator network creates fake data, while the discriminator network picks out real data from the fake data. Over time, both networks become better at their respective tasks, making the overall model more effective. In this case, PassGAN was provided with 15.68 million common passwords from the RockYou data set, which excluded passwords shorter than four and longer than 18 characters.
The results of the study were alarming. Home Security Heroes reported that PassGAN was able to crack 51% of passwords in under one minute, which includes the majority of commonly used passwords. Even passwords that people may think are secure are not immune to today’s AI technology. However, for those who take their password security seriously, there is still some good news. The most robust passwords are still functionally impossible to crack, but the study shows that many passwords that people use could be a breeze for AI.
PassGAN was able to decode 65% of passwords in an hour or less, but there was a significant difference between those who heeded the warnings about password strength and those who did not. For example, if you use a 10-character password with numbers and lower-case letters, PassGAN could crack 65% of all tested passwords in the sub-1-hour group. However, adding another layer of complexity with uppercase letters or special characters would boost the cracking time to an estimated five years.
In light of these results, Home Security Heroes recommends that people ensure their passwords are at least 15 characters long and include a combination of letters (both upper and lower case), numbers, and special characters. They also suggest changing passwords frequently to keep them secure. By swapping out important passwords every few months, it reduces the chances of AI cracking them before users are onto something else. However, while this strategy may work for now, it’s important to remember that the cat-and-mouse game between hackers and security experts is never-ending. Eventually, AI may be able to figure out even the most complex passwords, which is why some major tech companies are working to do away with passwords entirely.
The study conducted by Home Security Heroes is a reminder that AI technology is advancing rapidly, and password security must keep pace. For individuals, it’s critical to be aware of the risks and take steps to protect their online presence. For companies and organizations, it’s essential to invest in robust cybersecurity measures to safeguard sensitive data from potential breaches. In the end, everyone must remain vigilant and adapt to the ever-changing landscape of cybersecurity.
Turn Key Solutions, LLC – 2023