Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Password Cracker. Show all posts

Here's How to Prevent AI From Cracking Your Password

 

The world has begun to explore the powers of artificial intelligence and what it can accomplish with a little help. While some individuals are worried about AI, others are eager to discover novel techniques that they can benefit from. 

Though AI offers countless benefits, it also has certain disadvantages. Concerns have been raised in recent months regarding AI and how it may jeopardise people's cybersecurity. 

A study conducted earlier this year by Home Security Heroes discovered that artificial intelligence (AI) can crack over 50% of regularly used passwords in less than a minute. The study used an AI password cracker called PassGAN to examine a dataset of 15,680,000 passwords, indicating that over 51% of common passwords can be cracked in less than a minute and 66% of passwords can be cracked in less than an hour. 

While AI can guess your password in less than a minute, it should be highlighted that this is only feasible if you choose easy to predict and generic passwords with short character lengths. For example, your phone number, date of birth, and so on. Passwords with a mix of characters and symbols that are 18 characters long, on the other hand, will take longer to detect. 

Additionally, the report stated that passwords with 18 or more characters are typically resistant to AI password cracking. It took at least ten months to crack passwords of this length that contained only numbers. The most difficult to crack passwords were those with a mix of symbols, digits, and upper- and lower-case characters, which might take up to 6 quintillion years. 

Prevention tips

Avoid passwords that are simple to guess and common, especially ones with just numbers, to keep safe. The best passwords are at least 15 characters long and include a combination of characters, symbols, numbers, and upper- and lower-case letters. If you are worried about remembering these types of passwords, you can use a password manager to take the necessary action. 

The report also recommends that an individual's password contain at least two characters (in upper- and lowercase), digits, and symbols. As a best practise, it is also advisable to keep updating passwords every three to six months. Last but not least, it is not advisable to use the same password for all of your accounts as it is extremely risky.

This AI Tool Can Crack Your Password in Sixty Seconds; Here's How to Protect Yourself

 

Even though ChatGPT may be the AI that everyone is thinking about right now, chatbots aren't the only AI tool that has emerged in recent times. DALL•E 2 and Runway Gen 2 are just two examples of AI picture and video creators. Sadly, some AI password crackers exist as well, such as PassGAN. 

PassGAN is actually not that new, at least not in the grand scheme of things. The most recent GitHub update was six years ago, and it made its debut back in 2017. In other words, this isn't a brand-new hacking tool developed in response to the ChatGPT revolution. But when it was recently put to the test by cybersecurity research company Home Security Heroes, the results were startling. PassGAN can break any — yes, any — seven-character password in six minutes or less, according to the Home Security Heroes study. It can quickly crack passwords of seven characters or fewer, regardless of whether they contain symbols, capital letters, or numbers. 

Modus operandi 

PassGAN combines Password with the Generative Adversarial Network (GAN), much like ChatGPT combines Chat with the Generative Pre-trained Transformer (GPT). In essence, the deep learning model that the AI is trained on is GAN, similar to GPT.

In this case, the model's objective is to provide password guesses based on real-world passwords that it has been given as input. In order to train PassGAN, a popular tool for studies like these, Home Security Heroes used the RockYou dataset that resulted from the 2009 RockYou data breach. PassGAN was given the data set by the organisation, and it then generated passwords in an effort to properly guess sample passwords. 

In the end, it was possible to quickly break a wide range of passwords. Home Security Heroes then had an AI tool trained on actual passwords that could instantly crack passwords after using PassGAN to train on the RockYou dataset. 

Should I be alarmed about PassGAN?

The good news is that, for the time being at least, you don't really need to panic about PassGAN. Security Editor for Ars Technica Dan Goodin claimed in an opinion piece that PassGAN was "mostly hype." This is because while the AI tool can fairly easily crack passwords, it doesn't do it any more quickly than other non-AI password crackers. 

In example, Goodin quotes Yahoo Senior Principal Engineer Jeremi Gosney, who claimed that using standard password-cracking methods, they could quickly accomplish similar results and decrypt 80% of passwords used in the RockYou breach. For his part, Gosney characterised the study's findings as "neither impressive nor exciting." And after taking a closer look at the results, you might not be as impressed as you were when you first heard that "50% of common passwords can be cracked in less than a minute." These passwords rarely include capital letters, lowercase letters, digits, and symbols and are primarily made up of numbers with a character count of seven or less. 

This means that all it takes to fool PassGAN is a password of at least 11 characters, made up of a mixture of uppercase and lowercase letters, numbers, and symbols. If you can do that, you can make a password that PassGAN will need 365 years to figure out. If you make that number 11 characters long, it becomes 30,000 years. And the finest password managers make it simple to create these kinds of passwords. 

But let's say you don't want to use a password manager because you don't trust that they won't be vulnerable to data breaches, like the LastPass compromise in August 2022. It's a legitimate concern. Fortunately, using a passphrase—a password created by combining several words—will likely still be enough to fool PassGAN. Home Security Heroes estimates that it would still take PassGAN on average 890 years to crack a 15-character password made up entirely of lowercase letters. That timeline could jump to a staggering 47 million years if only one capital letter were added, long after our AI overloads have already dominated the world. 

However, always keep it in mind that no password is ever completely secure. Despite your best efforts, data breaches might still leave you exposed, and by pure dumb luck, a password cracker might guess your password earlier than planned. But as long as you follow the best practises for password security, you have nothing to worry about with PassGAN or any other rogue actor.