Cracking passwords is nothing new, but with AI technologies, the playing field has changed a bit. PassGAN (Generative Adversarial Network) is an AI tool that can reveal passwords much faster than previously thought. While PassGAN has been around for several years, AI is developing at an astonishing rate. According to the Home Security Heroes (HSH) study, a 7-character password can now be cracked in less than 10 minutes – even if there are symbols, uppercase letters or numbers. THAT IS SCARY and far different from Hive System’s 2024 annual chart which lists a complex 7-character password brute force cracked in 1 month.
PassGAN is a generative password-cracking AI tool. There are many password-cracking tools, so this is not really anything new, but the time it takes to crack the password is! The new chart from HSH’s PassGAN test of running through a list of 15,680,000 passwords shows just how quickly passwords can be cracked based on their length and complexity.
Source: Home Security Heroes
HSH noted that PassGAN can produce better predictive passwords as well as generate multiple password properties which then makes it easier for cybercriminals to brute force crack a password. Commonly used passwords, short passwords, weak passwords/passwords with no complexity can be guessed with relative ease as per their chart below.
What’s the recommendation?
Although longer complex passwords are more difficult to crack, they also make it harder for the user to remember. Create a 10+ character phrase with numbers, upper and lower case letter(s), and a symbol to significantly increase the time it takes to crack your password. For any account you truly value, bank accounts or your work laptop, – consider multi-factor authentication in addition to a strong password.
Tips:
- Don’t use the same password on multiple accounts
- Don’t use common words like “password” or “qwerty”
- Don’t write it down
- DO safeguard your password at all times
- DO use a phrase that is easy to remember but tough to crack
- DO make your password at least 10 characters – the longer the better
- DO use a second personal identifier to authenticate access (like your cell phone)
- DO consider using a password generator
As long as you are using standard best practices for password/passphrase generation, PassGAN won’t be a worry (for now).
Adam Brigandi, CPA, MBA
Supervisor
Adam is a Supervisor who works with both nonprofit and education clients. His auditing experience allows him to assist in vital audit functions such as systems testing and analysis.
