If you haven’t already realized that weak passwords are easy for an attacker to crack – let us introduce artificial intelligence! An AI-based tool was given unlimited login attempts for one minute and managed to defeat more than half of the passwords – and more than 65 percent in less than an hour.
The experiment was conducted by the cyber security company Home Security Heroes and used PassGAN, a new kind of password cracker. Unlike more traditional tools based on pre-defined data, PassGAN is instead powered by two neural networks: One that learns to generate passwords and one that learns to distinguish between the former’s “fake” passwords and those leaked in genuine data breaches. With training, the model learns to use more and more sophisticated guesses.
Read also: 7 security packages – big test of this year’s software suites
In the Home Security Heroes test, PassGAN was fed more than 15 million passwords from the Rockyou breach in 2009. This has already been used before to train password crackers. Passwords with fewer than four and more than 18 letters were excluded. It probably doesn’t come as a surprise, but: Passwords with few letters and low character variation were cracked almost immediately. But even somewhat more complex passwords could be guessed relatively quickly. A sufficiently easy-to-guess password of 11 letters didn’t work either.
PassGAN managed to crack 51 percent of the more common passwords in under a minute, 65 percent in under an hour, 71 percent in a day, and 81 percent in a month.
Based on this, the security company came up with a couple of useful tips that most people know, but which are still worth repeating. Don’t reuse passwords, change those that may have been leaked in publicly known breaches, and feel free to use a healthy mix of uppercase and lowercase letters and numbers in your passwords.
IDG News
