A study conducted by the cyber security company Home Security Heroes shows that AI can now be used to crack the majority of common passwords in less than a minute. The company uses password-cracking AI technology, Pass GAN, to solve 51 percent of the most common passwords in under a minute. Of the more challenging passwords, 65 percent are cracked in less than an hour, 71 percent in less than a day and 81 percent within a month.
It should take an average of six minutes for Pass GAN to crack a 7-character password even if it contained numbers, lowercase letters, uppercase letters and symbols. This can be contrasted with a compilation released by the password manager Nordpass, which shows that the most popular password throughout 2022 was “password”. In Sweden, the list was topped by “123456”, while other popular passwords during the period were “123456789”, “mamma” and “heysan”.
Pass GAN differs from many of today’s password cracking methods, which rely on manually analyzing passwords. “GAN” is short for Generative Adversarial Network and involves two neural networks competing against each other in the form of a generator and an opponent in a zero-sum game to achieve better results. The system is trained against 15.7 million common passwords, where those shorter than 4 characters and longer than 18 are sorted out.
In conclusion, the study describes that passwords that are longer than 18 characters can be assessed as safe against AI cracking in the current situation. On associated web page there is also the option to enter and evaluate your own passwords, while the table above gives an indication of what is required to secure passwords. The company recommends having passwords with at least 15 characters, a mix of lowercase, uppercase and symbols, and avoiding obvious patterns in the password.