Culture

AI Is Getting Really Good at Cracking Passwords

A new study by Home Security Heroes suggests artificial intelligence can figure out 51% of common passwords in under a minute

By Kirk Miller
April 7, 2023 12:47 pm
Security padlock in circuit board background. AI is getting really good at cracking passwords.
Good news: If you follow some common-sense password practices, even AI will be stumped
Yuichiro Chino / Getty

We’re cautiously optimistic about how artificial intelligence will change our lives, but there are bound to be some issues where the increased capabilities of AI outstrip our current ability to reign in the technology. Today’s bad news: AI is really, really good at cracking passwords.

The online security company Home Security Heroes ran an AI password cracker called PassGAN through 15,600,000 common passwords to find out how long it would take the program to crack a password.

If you’re using any sort of four-digit password, the answer is “instantly.” And that quick code-cracking continues until you reach a combination of 11 characters and start throwing in uppercase and lowercase letters, plus symbols.

Is This App the Future of Password Management?
Is This App the Future of Password Management?
 Uno is a password manager that emphasizes design and ease of use along with security.

Overall, 51% of common passwords can be cracked in less than a minute, and 71% in a day. And it takes PassGEN under seven minutes to figure out a seven-character password even if it features symbols.

The “good” news: “Passwords > 18 characters are generally safe against AI password crackers, as it takes PassGAN at least 10 months to crack number-only passwords and 6 quintillion years to crack passwords that contain symbols, numbers, lower-case letters, and upper-case letters.”

So what’s PassGAN? The AI autonomously learns the distribution of real passwords from password leaks, eliminating the need for manual password analysis. Which is why it’s so quick.

HSH recommends some common-sense password practices to combat this threat: Use at least 15 characters in your password (!); have at least two letters (upper and lower-case), numbers and symbols in the password; and avoid “obvious” password patterns, no matter what characters you’re using. Also, change those ridiculously-long passwords every three-to-six months.

9to5Mac, when noting this news, also added their own protection suggestions, including auto-generated passwords and two- or multi-factor authentication (plus, avoiding public wifi).

If that all sounds like a bit much, it’s not too far removed from other password suggestions experts have been making for years. It’s also a good time to invest in a password manager, which can nullify your need to remember more than one passcode and generate ridiculously long and hard-to-crack sign-ins for you.

More Like This

Close up on screen of website sign in button
One Site Is Highlighting the Internet’s Dumbest Password Rules
Keyboard
Security Experts Offer Tips on Your Next Password
working place with laptop mouse and lazy funny cat laying on warm keyboard close up photo. Over a third of people using pet names as part of their online passwords, which is a serious security flaw.
Reminder: Don’t Use Your Pet’s Name as a Password

Culture
Kirk Miller is InsideHook's Senior Lifestyle Editor (and longest-serving resident). He writes a lot about whisk(e)y, cocktails, consumer goods and artificial intelligence.

Most Popular

Zach Wilson throws a pass against the Bills.
There’s Still a Sliver of Hope for the Busts of the 2021 QB Class
Bare-knuckle boxer Bobby Gunn
Excerpt: Meet Bobby Gunn, a Bare-Knuckle Boxing Father of Two
Head coach Sean McVay of the LA Rams.
No First-Round Draft Pick? No Problem for the Rams.
Two men, one a Republican and one a Democrat, sitting at a coffee shop in an illustration. We spoke with two men, one a Trump voter and one a Biden voter, about how they became friends despite political differences.
One’s a Conservative, One’s a Liberal. Here’s Their Secret to Friendship.
Luke Little of the Cubs pitches against the Houston Astros.
MLB Treats Pitcher’s American Flag Patch Like Sticky Stuff
Wilyer Abreu, Jarren Duran and Rob Refsnyder of the Boston Red Sox.
The Red Sox Are a $4.5 Billion Franchise With a $10 Million Lineup

The InsideHook Newsletter.

News, advice and insights for the most interesting person in the room.

More Culture, Right This Way

World Cup signage

It Might Already Be Too Late For Some Fans to Get Visas for the 2026 World Cup

Laiatu Latu poses with NFL commissioner Roger Goodell.

NFL Draft’s First Round Was Offensive for Defensive Players

Michael Penix Jr. reacts after the beating Utah Utes.

Michael Penix Jr. Was the Biggest Shock of the NFL Draft. We Spoke With Him.

An illustration of Boston Bruins goalies Jeremy Swayman and Linus Ullmark doing their trademark post-game hug

The Man Hug That Could Go Down in Hockey History

Explore More Culture

Keep Reading

An illustration of three young men after a soccer match next to the words "I Love You." We discuss the difficulty straight men still have expressing their love for their male friends.

Three Words Straight Guys Still Can’t Say to Each Other

A whiskey thief pouring bourbon from a barrel into a Glencairn at Bardstown Bourbon Company

For Whiskey Geeks, “Sourced” Is No Longer a Dirty Word 

Regardless of what kind of traveler you are, California has a park for you.

Which California National Park Is for You?

people dancing in a nightclub, orange dim lighting

The Best Bars in Dallas’s Bishop Arts District