How Ai is Being Used to Hack Your Passwords

With all the wonderful ways Ai is being used to improve society, with great power comes a great amount of people trying to use it for bad things. Hackers have began using Ai to rapidly workout the password of a target account.


The most common method of Ai powered hacks is a program such as PassGAN, this relies on neural networks to eliminate manual efforts in password analysis for password cracking or guessing.

Essentially, PassGAN uses previously breached passwords to work out your password in a fraction of the time a human would.

This is a relatively new program and likely isn’t functional yet, however, we have seen the speed in which AI can improve…

“The question isn’t ‘Can an artificial intelligence-driven tool crack user’s passwords?’ It is actually ‘How long will it take for AI-based tools to crack passwords?’”

Trained on a leaked dataset from 2009, PassGAN researchers found that,

  • 51% of common passwords can be cracked by PassGAN in less than one minute.
  • 65% of common passwords can be cracked in less than one hour.
  • 71% of common passwords can be cracked in less than one day.
  • 81% of common passwords can be cracked in less than one month.

However, the longer and more diverse your password is, the longer its going to take. For an 18-character password, it would take PassGAN:

  • Ten months if it is made up of just numbers.
  • 22,000,000 years if it is made up of just lower-case letters.
  • 7,230,000,000 years if it is made up of lower- and upper-case letters.
  • 96,000,000,000,000 years if it is made up of numbers, lower- and upper-case letters.
  • 6,000,000,000,000,000 years if it comprises numbers, lower and uppercase letters, and symbols.


Good Password Practices

  • It is good practice to stay up to date with your passwords, check your email hasn’t been breached with sites such as Have I Been Pwned.
  • It is also ideal to check your password strength with websites such as How Secure Is My Password?
  • Use 2FA whenever possible. It adds an extra layer of security by requiring you to provide a second verification method, such as a code sent to your mobile device, in addition to your password.
  • Avoid accessing sensitive accounts or entering passwords on public Wi-Fi networks, as they may be insecure. If you must use public Wi-Fi, consider using a virtual private network (VPN) for added security.
  • Avoid clicking on suspicious links in emails, messages, or pop-up ads that ask for your password. Legitimate organizations will not ask you to provide your password via email or other unsecured channels.
Comments are closed.