How long will it take AI to guess your password? How to create the right passwords?

April 10, 2023  18:34

Your password may not be as strong as you think: the artificial intelligence model PassGAN can guess 51% of passwords in less than a minute, 65% in less than 60 minutes, and 71% in just one day. And within a month it can crack 81% of passwords.

A study by Home Security Heroes also found that four-six character passwords are the easiest to guess. Even if they are not only numbers, but also symbols, uppercase and lowercase letters, AI immediately cracks such passwords. It would only take AI about seven hours to crack an eight-digit password containing a variety of letters, symbols and numbers. And it will be able to crack all the mentioned versions and the nine-digit password in two weeks.

passwords_2.jpg (230 KB)

PassGAN uses the Rockyou dictionary as input data, which is specially created for guessing passwords and contains 15 million entries. The key to PassGAN's success is said to be that it "autonomously learns real password distributions during real leaks."

What passwords to use so that AI won’t guess them?

As the study showed, the well-known advice of cyber security experts should be followed. A password must be at least 12 characters long, contain uppercase and lowercase letters, numbers, and special characters.

It would take AI about 30,000 years to crack a password that meets all of these criteria. And an 18-character password containing numbers, letters and characters is generally considered unbreakable: it would take AI six quadrillion years to predict it.

Besides setting a strong password, how can you protect your accounts?

  • If possible, use two-factor/multi-factor authentication, preferably not through SMS, but through authenticator apps,
  • Do not use the same passwords for different accounts,
  • Generate passwords by automated means,
  • Update all important account passwords regularly,
  • Refrain from using public Wi-Fi networks, especially when using online banking and similar services.

You can check how strong your password is on the survey results page. Home Security Heroes claims that the data entered in this field is not stored or transfered anywhere. There is no reason to doubt it, but in any case, it is not worth entering real passwords there.

  • Archive