That’s how fast AI cracks your passwords

Two weeks to two million years: That’s how long it would take the Home Security Heroes AI to crack the simplest or the most difficult password that the author of these lines entered for the test.

Scary, calming and incredibly motivating to deal more with the topic “super strong Pa§§Woert3r!”. But from the beginning:

The cyber security company Home Security Heroes fed a total of 15,600,000 common passwords into an AI. The AI ​​was able to crack a whopping 51 percent of them in less than a minute.

For the test, Home Security Heroes relied on the PassGAN password generator, which uses a Generative Adversarial Network (GAN) to generate new passwords from real ones. GAN is a group of unsupervised learning algorithms. So the generator network creates fake data, while the discriminator’s job is to identify real data in a flood of fakes.

PassGAN can generate multiple password properties and improve the quality of predicted passwords, making it harder for hackers to crack passwords and gain access to personal information.

Home Security Heroes fed millions of passwords from the Rockyou dataset (known as Rockyou.txt) for the test. To clarify: Since the company was the target of a large-scale hack two years ago, in which millions of unencrypted passwords were exposed, the Rockyou dataset has often been used in security research.

The AI ​​could crack the simplest passwords in less than a minute, 65 percent of all passwords in an hour or less. It took just one day to crack 71 percent of Rockyou passwords – and another month to already know 81 percent of all passwords.

While the AI ​​was able to crack a ten-digit password consisting only of numbers and lower-case letters in under an hour, the time with upper-case letters and special characters quickly increases to around five years.

The clear recommendation from Home Security Heroes is:

• Your password should be at least 15 characters long.
• Use at least two letters (upper and lower case) as well as numbers and special characters.
• Avoid obvious password patterns—even if your password otherwise meets all other criteria.
• Do not use the same password for different accounts.

No matter how strong your password is, according to Home Security Heroes, you should still change it every three to six months. So the AI ​​simply doesn’t have the time to crack the password before you create another one.

You can currently find your passwords on the Home Security Heroes website get checked for free. Simply enter a password in the field provided. An estimate of how long it would take an AI to crack the password then appears on the right-hand side.