Artificial intelligence tech has the ability to crack any kind of seven-character password in just six minutes, a new study has found.
The research, shared by identity theft prevention company Home Security Heroes, said the same was true even if the password contains symbols.
The company used a generative AI service called PassGAN to run through 15,680,000 common passwords from the Rockyou dataset to determine how long it would take to crack them.
Rockyou is a data group used to train intelligent systems on password analysis.
The company used PassGAN to run through the list of passwords and record the results in terms of accuracy percentage and estimated prediction time.
The study said 65% of common passwords could be cracked in less than an hour, and 81% of common passwords can be cracked in less than month.
It took the AI password cracker at least 10 months to crack number-only passwords and six quintillion years to crack those that contain symbols, numbers, lower-case letters and upper-case letters.
The study said 18-character passwords are generally safe against AI password crackers like PassGAN.
All passwords longer than 18 characters or shorter than four characters were excluded from the experiment, with the list divvied into subcategories with varying lengths and character types.
PassGAN is a shortened version of the words “password” and “generative adversarial networks,” and the “GAN” is the general mechanism that runs the pass-word hacking tool. At its core, the mechanism runs on a neural network, which trains machines to interpret and analyze data like humans do.
Home Security Heroes says PassGAN represents a “concerning advancement in password cracking techniques” and can making it easier for cybercriminals to crack passwords and gain access to personal data.
To protect passwords, users need to update them regularly – around every three to six months – and ensure the strength of their passwords is long-lasting.
Home Security Heroes recommends using at least 15 characters, avoiding obvious patterns and having at least two upper and lower-case letters, numbers and symbols.
Also, generate new passwords for each account, as a bad actor can easily access multiple accounts if the same password is used.