A few days ago we informed you about how AI is capable of cracking approximately half of the passwords used in a matter of less than a minute. This method makes use of PassGAN, a list of more than 15 million common passwords.
According to the Home Security Heroes study, more than 51% of passwords of the general user are in this list and can be deciphered in less than 1 minute.
if we give one hour that percentage goes up to 65% and if we leave one month working to the AI arrives at 81% effectiveWhich, honestly, is scary.
It’s like leaving a locksmith long enough to open a door, and of course we should be able to protect ourselves against this new AI. There is an option to put more complicated locks and with greater armoring (passwords) and even the option of using custom locking systems that are not on the market and, therefore, the locksmith does not know how to open.
Let’s see then, how to generate passwords that can withstand this type of AI brute force attack.
Generating AI-proof passwords
It certainly seems that there are foolproof methods to have the perfect password, but the reality is that given time and with this accelerated computing time thanks to AI or quantum computing, passwords as we know them today could become obsolete.
However, until that arrives here we leave you with a series of tips to be able to be part of that 19% of passwords that AI is not capable of violating even in a month of operation.
many are tips of a lifetime, such as avoiding passwords like 1234, 0000, password, which is like putting cellophane on your front door. Other tips are just being able to improve the complexity of these passwords, which is making it difficult for the AI.
- Avoid using predictable or generic passwords that only contain numbers.
- Passwords should have a minimum of 15 characters, although we recommend 18 characters which is the number of characters for which PassGAN is no longer effective.
- By characters we mean numbers, uppercase, lowercase and symbols.
- Use a password manager to maintain different passwords on different accounts.
- Change passwords periodically. Here we recommend, given the computing power of AI today, at least every quarter.
- Avoid using common passwords for all your accounts.
If you want to know if your password is immune to AI, the official Home Security Heroes page has a tester that tells you the time in which any AI Software could crack your password. Obviously this is taking into account the current computing power, which grows year after year, and therefore the time will decrease.
So even if that checker says 38 years old with your 11-character password, it’s still a good idea to make your password a little more complicated for the AI.
If you change your password in less time than the verified one says, you are safe. If not, you should follow the advice above and, above all, if you want to be sure: have passwords of at least 18 characters and start to have one password change policy every 3 months.