AI can crack your password

SmileStudioAP / iStock / Getty Images Plus via Getty Images

Artificial intelligence (AI) platforms have quickly risen in popularity. There are websites that allow users to generate artwork for desktop backgrounds, character designs and family portraits. The increasingly popular program ChatGPT allows users to create written work varying from emails, cover letters and even code. While the platforms can be beneficial, they also pose a number of security risks.

Security leaders have voiced a variety of concerns regarding the use of AI in different sectors. The ability to quickly complete tasks utilizing AI platforms creates the possibility of cybercriminals utilizing the same systems. AI can generate phishing emails quickly and potentially make them more believable to increase the chances of being clicked. ChatGPT recently had to override settings that allowed cybercriminals to generate ransomware using the platform.

AI also poses risks to credentials. Home Security Heroes recently released the results of their study analyzing how quickly a program called PassGAN can crack passwords. The study found that passwords with only four or five characters — regardless if those passwords contained a mix of numbers, letters and special characters — were cracked instantly. For longer passwords, the time required to crack a password was dependent on the use of numbers or letters only, upper and/or lowercase letters, a combination of numbers and letters and the inclusion of special characters.

The study found that AI cracked 51% of common passwords in less than a minute. Additionally, PassGAN could crack any seven-character password in under six minutes. The platform would make it easier for cybercriminals to locate and use employee credentials, granting them access to company data.

Security leaders should work to ensure their employees are utilizing best practices when creating their passwords. The study recommended passwords of 15 or more characters with a combination of numbers, upper/lowercase letters and special characters. A 15-character password with all four components would take 14 billion years to crack, according to the study. Security leaders should also encourage employees to use different passwords for different websites and to change those passwords regularly.

Learn more here.

Taelor Daugherty is the Assistant Editor at Security magazine. Daugherty covers news affecting enterprise security leaders, from industry events to physical & cybersecurity threats and mitigation tactics. She is also responsible for coordinating and publishing web exclusives, multimedia content, social media posts, and a number of eMagazine departments. Daugherty graduated in 2022 with a BA in English Literature from Agnes Scott College.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.