The PassGAN tool analyzes 15.6 million passwords from real data leaks. It takes less than an hour for eight-digit passwords with numbers and upper and lower case letters.
Security vendor Home Security Heroes warns of potential risks to passwords by using AI-based tools. The company says it has processed 15.6 million common passwords using an AI tool called PassGAN. The tool was able to crack 51 percent of the passwords in less than a minute.
PassGAN stands for Password Generative Adversial Network. The tool cracks passwords by analyzing real passwords from real data leaks. Of the 15.6 million passwords, 81 percent were cracked in less than a month. PassGAN took less than a day to crack 71 percent of the passwords, and 65 percent took less than an hour.
Five-digit passwords fall in less than a second
How long the tool takes to crack a password, as with other tools and attack methods, depends on their complexity and length. However, PassGAN shows that criteria specified by many service providers, such as a minimum of eight characters and the use of upper- and lowercase letters as well as at least one number or special character, are not really a challenge for AI-based tools. In the test, such passwords were overcome after seven hours.
According to Home Security Heroes, five-digit passwords are not a hurdle at all, at least for PassGAN. Regardless of the complexity, they were cracked “immediately”. A six-digit password with upper and lower case letters as well as symbols and numbers withstood the tool for four seconds. Seven digits and the same criteria extended the process to six minutes.
Recommendation: 15-digit passwords
The tool cracks pure numeric codes up to and including 12 digits in less than a minute. The same applies to passwords with only small letters and nine digits, upper and lower case letters and seven digits, as well as numbers, lower and upper case letters and numbers.
Home Security Heroes advises using passwords with 15 digits, upper and lower case letters and numbers and symbols that do not contain words or follow other common patterns. Currently, PassGAN would take 14 billion years to crack such passwords.