Wonderful, an AI can crack the most common passwords almost instantly

It might be time to change your password.

It might be time to change your password.

Just how strong are your passwords? A recent study finds that an AI password cracker can figure out the most common 4-7 character passwords in a matter of seconds. The scary part is that it includes passwords with upper and lower case letters and numbers. Not even hackers are safe from having their jobs taken by an AI!

Cyber security firm Home Security Heroes (via Tom’s Hardware) fed PassGAN, an AI password cracking tool that leverages a generative adversarial network (GAN), over 15 million common passwords to train the model that could brute force some of the most common passwords in seconds.  The passwords were taken from the RockYou dataset (which included passwords for Myspace and Facebook), which was hacked back in 2009. So it’s training the AI with real passwords people have used, therefore “improving the quality of predicted passwords.”

Home Security Heroes found that PassGAN cracks 51% of common passwords (4-7 characters) in just under a minute, with more challenging passwords (up to 11 characters) in less than a month. A fun little tool on the site lets you type in a password, telling you how long the AI will take to crack it. Though, to be on the safe side, I wouldn’t type your current password in there. 

So, I typed in the ‘AbC12345’ only to find out that an AI would take roughly 48 minutes to figure it out. The more extended and more random the character set, the more difficult it is for the AI to predict it. The most common password of 2023 was, according to Cybernews, you guessed it, 123456, which would take PassGAN only six minutes to crack. 

The AI struggles with passwords more than 12 or more characters long with a mixture of numbers and upper and lower case letters, and a password with 18 characters could take up to 7 billion years to crack. However, the most commonly used passwords are usually eight or fewer characters. 

Window shopping

(Image credit: Microsoft)

Windows 11 review: What we think of the new OS
How to install Windows 11: Safe and secure install
What you need to know before upgrading: Things to note before downloading the latest OS
Windows 11 TPM requirements: Microsoft’s strict security policy

The researchers recommend using a password with at least 15 characters with at least two upper and lower case letters, as well as tossing in a couple of symbols. Another tip is to avoid using the same password for multiple accounts and changing them every three to six months.

I actually went back and typed in 123456.!!! And it went from six minutes to 356 years, so something is to be said about tossing a couple of symbols into your new password.

The staff here at PC Gamer use password managers like LastPass, which keeps all your passwords in one safe place. However, if you want the maximum level of security, we recommend giving our password primer a look and protecting yourself.

About Post Author