The right AI program can crack 51% of all common passwords within less than a minute, a new report has found. Given an hour, AI can figure out 65% of common passwords.
The key takeaway: Passwords just aren't the best way to protect your account.
Not only are they hard to remember unless you opt for a password manager, but now advances in technology mean that a computer can guess most common passwords in the same time it takes you to type them.
Any 7-Character Password Can Be Cracked in 6 Minutes
Cybersecurity firm Home Security Heroes has the data: Its team used an AI-powered password cracker called “PassGAN” to stress-test a list of 15.6 million common passwords.
The results found that PassGAN needs less than 6 minutes to crack any kind of 7-character password, even if it contains symbols, numbers, and a mix of upper- and lower-case letters.
Plus, 81% of common passwords can be cracked in less than a month. That might sound like a long time, but a dedicated hacker can keep a program running long enough to get through. Your Netflix account might be safe, but a CEO's personal account could be worth the extra effort.
How Your Password Could Beat an AI
All isn't lost: As of 2023, artificial intelligence still has plenty of limits. Not only do chatbots still love inventing nonsense, but machine learning can't brute force crack a password when it's long enough.
Every additional letter or number in a password means that an algorithm will face exponentially more variations before it hits the right one. Computing power is set to continue increasing dramatically, so password lengths will have to increase as well, but according to the latest research, 11 digits may be the magic number.
You'll need to mix in numbers and uppercase letters as well as lowercase letters, though: An 11-digit password using just lowercase letters can (in 2023) be solved by AI within about 23 hours. But an 11-digit password with all three will take 38 years to crack. Add in symbols, and it'll take a tidy 356 years.
Add in more characters, and you'll be even more safe:
“Passwords [with more than] 18 characters are generally safe against AI password crackers, as it takes PassGAN at least 10 months to crack number-only passwords and 6 quintillion years to crack passwords that contain symbols, numbers, lower-case letters, and upper-case letters.” – Home Security Heroes
Should Passwords Die Out?
Everyone has dozens of online accounts these days, and the human brain simply isn't designed to retain that many 11-character passwords.
So, we tend to reuse passwords, and we tend to make them just one or two simple words. These are both massive mistakes that leave millions incredibly vulnerable every day — but our brains can't really be expected to do much else, at least on a widespread scale.
Other security measures are preferable, with two-factor authentication one of the best. But until we completely change how online security works, we'll still have too many passwords to deal with. There's just one great solution: Password management tools, which can safely store all the complex 11-character passwords you need to stay safe and secure. The best tools will flag suspicious websites and logins as well, for greater security.
If you're interested, we've rounded up the best and most trusted password management tools for businesses today.