Hackers are constantly exploring new techniques and strategies to improve their success rates and machine learning algorithms help them as much as they help the rest of us improve our businesses and operations efficiency. By analyzing millions of passwords, machine learning algorithms can uncover patterns, identify frequently used words or phrases, and even predict potential passwords based on previous user behavior. In an alarming study, Home Security Heroes identified how fast AI can crack your password.
The report found that 51% of common passwords can be cracked in less than a minute using an AI-powered password cracker, and 81% can be cracked in less than a month. How can it be so effective?
One reason is the rapid advancement of AI. In this case, a password cracker called PassGAN was used that autonomously learns the distribution of real passwords from actual password leaks, making password cracking faster and more efficient. The technology can generate multiple password properties and improve the quality of predicted passwords, making it easier for cybercriminals to crack your passwords and gain access to your personal data.
The second reason is stubbornly weak passwords. Unfortunately, many password database leaks have revealed that people STILL tend to use simpler, easier-to-hack passwords than more secure ones. This technology took less than six minutes to crack any kind of 7-character password, even if it contained symbols.
Awareness of the technology behind AI-powered password-cracking tools emphasizes the need for small businesses to stay up to date with the latest security practices. Regularly updating passwords and implementing multi-factor authentication are vital steps to mitigate the risk of AI hacking attacks.
Secure password best practices should be routinely shared with your staff and include:
- Using strong passwords: Password strength is the main difference between an easy-to-hack password and a secure one. From the data obtained when Home Security Heroes ran password samples on PassGAN, a digit-only password with ten characters can be instantly hacked. A ten-letter password with only lowercase letters would take an hour to hack, while a ten-letter mixed-case password would take four weeks. On the other hand, a ten-character strong password using letters, symbols, and numbers would take five years to decipher. This means the stronger your password, the lower the likelihood that people or AI systems can figure it out. Here’s a list of factors that ensure your password strength is difficult to compromise.
- Use at least 15 characters.
- Have at least two letters (upper and lower-case), numbers, and symbols in the password.
- Avoid obvious password patterns, even if they have all the required character lengths and types.
- Changing passwords regularly: Home Security Heroes recommends changing your password every 3 to 6 months. If you suspect that someone has accessed your account or that you have shared your password with someone who shouldn’t have it, you should change your password immediately to prevent any security breaches.
- Avoid using the same password on multiple accounts: Using the same password across all your accounts can be very risky. When someone breaches the password, they can easily access multiple accounts. The best way to deal with this is to ensure you generate new passwords for every account. The main password format can be consistent, but you can make slight adjustments based on the account in question. For instance, you can have 5711@FB_FaceBookIsLocked as your Facebook password and 1286_IG@IGIsLocked as your Instagram password.
Organizations should require multi-factor authentication (MFA). Without MFA, even a strong password can be compromised if it falls into the wrong hands. MFA forces layers of proving you are who you say you are and typically involves a combination of something the user knows (password), something they have (such as a verification code sent to their mobile device), or something unique to them (such as a fingerprint or facial recognition).
Multi-layered security stacks are the best way to avoid a catastrophic cyber attack. Strong, healthy password hygiene and MFA are just part of a complete defense. Not sure if you’re cyber-ready? Get started with a FREE cybersecurity assessment.