PANAMA CITY, Panama–Credit unions have yet another reason to warn members over just how important their account passwords are—artificial intelligence has made identifying passwords easier than ever.
In part that’s because managing passwords can be aggravating and difficult to do, with Tech.co recently reporting that the average person has at least 100 passwords across all their online accounts.
“It's difficult for most people to keep track of that many, so they resort to using keys that are easy to guess, or a few solid combinations that they reuse across all their accounts,” noted Stashgear in a new report on passwords and AI. “Neither approach is safe against hackers and other malicious agents online. But there's an even bigger threat in town: Artificial Intelligence…It turns out that AI has serious implications for online security as well.”
Citing a report by cybersecurity firm, HomeSecurityHeroes, Slashgear noted an AI password cracker tool called PassGAN (Password Generative Adversarial Network) can breach 51% of all common passwords in less than one minute, 65% in less than an hour, 71% in less than a day, and 81% in less than a month.
Less Than Six Minutes
The company used the tool to analyze over 15 million credentials from the Rockyou dataset of leaked passwords, and the findings shed more light on what makes a password weak or strong, according to Slashgear.
“Per the study, it takes PassGAN less than six minutes, on average, to crack any kind of password with less than eight characters, whether it contains symbols or not,” the report stated. “Numeric passwords offer better security — it takes at least 10 months for PassGAN to crack number-only passwords, but only if they have more than 18 characters. If a password contains a combination of symbols, numbers, lower-case letters, and upper-case letters (which is the recommended blend of characters), it'll take PassGAN six quintillion years to crack.”
As Slashgear further noted, however, even the good news isn’t so good.
“Of course, the takeaway here is to ensure that the passwords you're choosing for your accounts meet the criteria for what is considered ‘uncrackable,’ but that does not make this development less worrying in the long run,” the Slashgear analysis continues. “This is because AI password crackers like PassGAN will make cyberattacks easier than ever for hackers and crackers.”
How It Works
How does it do that? According to Slashgear it works this way:
Here's how.
In conventional password cracking, hackers would compare a list of words with the results from a database of leaked or common passwords, then attempt to guess other possible passwords based on variants of those ones, the report noted.
“With AI password crackers, that process is autonomous. In a fraction of the time required by human hackers, machine learning algorithms like the one used by PassGAN can quickly learn the distribution of real passwords from actual password leaks,” the report explained. “ For example, if a password like ‘password’ appears in a leak, AI password crackers can then generate variations of that credential such as ‘Passw0rd’ or ‘p@ssw0rd’ as possible passwords for hacking into other accounts. Because AI learns with use, it will produce these password combinations en masse, and it can get more precise the more predictions it produces.”
Small Silver Lining
If there is a silver lining, according to the report, it is that AI password crackers are only fully effective when they have access to leaked passwords or those that have been breached from a database.
Feeling the FOMO Fever? CUToday.info Has a Prescription
Are you missing out on the latest news in credit unions? Missing the trends and developments you need to be aware of? We can help. Each morning CUToday.info delivers its daily Fresh Today news update offering the latest headlines and breaking news right to your email, with the easy-to-read headlines format allowing you to click on the stories that interest you most in order to learn more.
And it’s free!
If you haven’t yet signed up for the new email solution on which CUToday.info has partnered with ResponseGenius, you can do so here. Signing up requires less than one minute of your time—and it’s free!
Please note that after signing up you may need to go to your Spam/Junk folder and mark the morning headlines email as safe. CUToday.info does not provide its list of readers and emails to outside parties, and we will not be contacting you to sell you an extended warranty or sending you any links so you may cash in on an inheritance you didn’t know was coming.
And did we mention it’s free?
Please note and/or make your IT department or email administrator aware the emails will be coming from the domains CUTodayinfo.com and CUTodayinfoReply.com