AI can crack your password

typing on keyboard — *SmileStudioAP / iStock / Getty Images Plus via Getty Images*

Artificial intelligence (AI) platforms have quickly risen in popularity. There are websites that allow users to generate artwork for desktop backgrounds, character designs and family portraits. The increasingly popular program ChatGPT allows users to create written work varying from emails, cover letters and even code. While the platforms can be beneficial, they also pose a number of security risks.

Security leaders have voiced a variety of concerns regarding the use of AI in different sectors. The ability to quickly complete tasks utilizing AI platforms creates the possibility of cybercriminals utilizing the same systems. AI can generate phishing emails quickly and potentially make them more believable to increase the chances of being clicked. ChatGPT recently had to override settings that allowed cybercriminals to generate ransomware using the platform.

AI also poses risks to credentials. Home Security Heroes recently released the results of their study analyzing how quickly a program called PassGAN can crack passwords. The study found that passwords with only four or five characters — regardless if those passwords contained a mix of numbers, letters and special characters — were cracked instantly. For longer passwords, the time required to crack a password was dependent on the use of numbers or letters only, upper and/or lowercase letters, a combination of numbers and letters and the inclusion of special characters.

The study found that AI cracked 51% of common passwords in less than a minute. Additionally, PassGAN could crack any seven-character password in under six minutes. The platform would make it easier for cybercriminals to locate and use employee credentials, granting them access to company data.

Security leaders should work to ensure their employees are utilizing best practices when creating their passwords. The study recommended passwords of 15 or more characters with a combination of numbers, upper/lowercase letters and special characters. A 15-character password with all four components would take 14 billion years to crack, according to the study. Security leaders should also encourage employees to use different passwords for different websites and to change those passwords regularly.

Learn more here.

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Taelor Sutherland is the Associate Editor at Security magazine. Sutherland covers news affecting enterprise security leaders, from industry events to physical & cybersecurity threats and mitigation tactics. She is also responsible for coordinating and publishing web exclusives, multimedia content, social media posts, and a number of eMagazine departments. Sutherland graduated in 2022 with a BA in English Literature from Agnes Scott College.