For many years we have heard the usual recommendations for creating strong passwords: at least 8 characters and including uppercase, lowercase, numbers, and symbols. But in 2023, a password with these characteristics it only takes 7 hours to be decrypted by PassGANan artificial intelligence tool that cybersecurity firm Home Security Heroes has trained with over 15 million passwords and against which also you can test the robustness of yours from their website.
The results that Home Security Heroes have published leave little room for reassurance. Any 7 character password can be cracked in less than 6 minuteseven if it contains symbols. 51% of common passwords can be cracked in less than 1 minute65% in less than an hour, 71% in less than a day and 81% in less than a month with this AI-powered password cracking software.
In fact, to have a strong enough password for a tool like PassGAN takes more than a year to decrypt it, you must use one with at least 10 characters including numbers, lowercase, uppercase and symbols. It would take the AI 5 years to crack such a password, but just removing the symbol from that same password could crack it in less than 6 months. Instantly, PassGAN can crack all passwords up to 11 characters consisting only of numbers or all passwords up to 5 characters including lowercase, uppercase, and symbols.
For this type of software, known as “password cracker” or password guesser, supported by artificial intelligence, the cybersecurity company recommends passwords of more than 18 characters. For one of this length and composed solely of numbers, the AI needs at least 10 months to discover it. If symbols, numbers, upper and lower case are added, it would take 6 trillion years.
PassGAN, a “password cracker” based on generative adversarial networks
PassGAN is the abbreviated name of Password Generative Adversarial Network and represents, according to the cybersecurity firm, “a worrisome advance in password cracking techniques.” use a generative adversarial network (GAN) “to autonomously learn the distribution of real passwords from real password leaks, eliminating the need for manual password analysis.”
A GAN is a machine learning model that pits two neural networks against one another to improve the accuracy of predictions.. A network is the generatorwhich creates false data, and the other is the discriminator, which tries to distinguish between real and fake. The goal of the generator is to fool the discriminator and the goal of the discriminator is to correctly classify the data. It turns out to be a kind of cat and mouse game with the generator providing better and better false data and the discriminator improving its ability to identify the true ones.
For AI training, Home Security Heroes used a list with 15,680,000 common passwordsexcluding all those that had less than 4 characters and more than 18. You can check how long it would take for PassGAN to figure out your password on the Home Security Heroes website.
In view of these tools and their better password cracking capabilities than other software tools, Home Security Heroes recommends changing your password regularly, not reusing them on different websites, and having at least 15 characters with numbers, uppercase, lowercase, and symbols. , as well as avoiding too obvious patterns.