AI Can Probably Guess Your Password Within Seconds

AI tool PassGAN needs less than 6 minutes to crack any kind of 7-character password.

The right AI program can crack 51% of all common passwords within less than a minute, a new report has found. Given an hour, AI can figure out 65% of common passwords.

The key takeaway: Passwords just aren’t the best way to protect your account.

Not only are they hard to remember unless you opt for a password manager, but now advances in technology mean that a computer can guess most common passwords in the same time it takes you to type them.

Any 7-Character Password Can Be Cracked in 6 Minutes

Cybersecurity firm Home Security Heroes has the data: Its team used an AI-powered password cracker called “PassGAN” to stress-test a list of 15.6 million common passwords.

The results found that PassGAN needs less than 6 minutes to crack any kind of 7-character password, even if it contains symbols, numbers, and a mix of upper- and lower-case letters.

Plus, 81% of common passwords can be cracked in less than a month. That might sound like a long time, but a dedicated hacker can keep a program running long enough to get through. Your Netflix account might be safe, but a CEO’s personal account could be worth the extra effort.

AI and passwords

How Your Password Could Beat an AI

All isn’t lost: As of 2023, artificial intelligence still has plenty of limits. Not only do chatbots still love inventing nonsense, but machine learning can’t brute force crack a password when it’s long enough.

Every additional letter or number in a password means that an algorithm will face exponentially more variations before it hits the right one. Computing power is set to continue increasing dramatically, so password lengths will have to increase as well, but according to the latest research, 11 digits may be the magic number.

You’ll need to mix in numbers and uppercase letters as well as lowercase letters, though: An 11-digit password using just lowercase letters can (in 2023) be solved by AI within about 23 hours. But an 11-digit password with all three will take 38 years to crack. Add in symbols, and it’ll take a tidy 356 years.

Add in more characters, and you’ll be even more safe:

“Passwords [with more than] 18 characters are generally safe against AI password crackers, as it takes PassGAN at least 10 months to crack number-only passwords and 6 quintillion years to crack passwords that contain symbols, numbers, lower-case letters, and upper-case letters.” – Home Security Heroes

Should Passwords Die Out?

Everyone has dozens of online accounts these days, and the human brain simply isn’t designed to retain that many 11-character passwords.

So, we tend to reuse passwords, and we tend to make them just one or two simple words. These are both massive mistakes that leave millions incredibly vulnerable every day — but our brains can’t really be expected to do much else, at least on a widespread scale.

Other security measures are preferable, with two-factor authentication one of the best. But until we completely change how online security works, we’ll still have too many passwords to deal with. There’s just one great solution: Password management tools, which can safely store all the complex 11-character passwords you need to stay safe and secure. The best tools will flag suspicious websites and logins as well, for greater security.

If you’re interested, we’ve rounded up the best and most trusted password management tools for businesses today.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Adam is a writer at Tech.co and has worked as a tech writer, blogger and copy editor for more than a decade. He was a Forbes Contributor on the publishing industry, for which he was named a Digital Book World 2018 award finalist. His work has appeared in publications including Popular Mechanics and IDG Connect, and his art history book on 1970s sci-fi, 'Worlds Beyond Time,' was a 2024 Locus Awards finalist. When not working on his next art collection, he's tracking the latest news on VPNs, POS systems, and the future of tech.
Explore More See all news
Back to top
close Building a Website? We've tested and rated Wix as the best website builder you can choose – try it yourself for free Try Wix today