How an AI tool can crack your passwords

[vtqhtr413]

Content source

https://www.zdnet.com/article/how-an-ai-tool-could-crack-your-passwords-in-seconds/#ftag=RSSbaffb68

AI may be able to do lots of cool things like write computer code, tell you a story, and explain the theory of relativity. But it can also do at least one thing that's not so cool: Figure out your passwords. A new report released by security experts at Home Security Heroes shows how a savvy AI tool can be used to crack common passwords in minutes or seconds.To determine how long it would take to crack 15,600,000 common passwords via artificial intelligence, Home Security Heroes enlisted an AI tool known as PassGAN.

How an AI tool could crack your passwords in seconds

More than half of the common passwords examined by online security experts can be cracked in less than a minute with help from AI.

www.zdnet.com

 

[Jonny Quest]

That was a good read.

As expected, passwords that combined both length and complexity were the most secure. A nine-character password with all the different types of characters would take five years to crack, while an 18-character one with just numbers would take 10 months to crack. One with 18 characters and all the different types of characters would take six quintillion years.

Which then led me to do a forum search. It looks like I have some reading to do

Password strength explained

The conclusion of my blog posts on the LastPass breach and on Bitwarden’s design flaws is invariably: a strong master password is important. This is especially the case if you are a target somebody would throw considerable resources at. But everyone else might still get targeted due to flaws...

malwaretips.com

Can someone point me to a link or a discussion here on the forum regarding the security of a desktop app like KPM or F-Secure PM over a browser-based extension? That article pointed to browser extension/apps as the best password managers. As of now, I'm having F-Secure replace some of my weak passwords with 16-character random passwords.

 

[simmerskool]

A new study from Home Security Heroes (opens in new tab), a cybersecurity firm, shows how quickly and easily artificial intelligence (AI) can crack your password.

 

[brambedkar59]

Clickbait title for the article

 

[Jonny Quest]

F-Secure PW generator at 16 characters long is 1 trillion years.

 

[I Walk MY Way]

An AI would need about

96 trillion years

to crack your password I am not afraid of no AI

 

[Trident]

Only quantum computers are threat to passwords (good ones) and cryptography. They are far away from becoming major enough to be abused and by then, we won’t be using passwords anymore.

 

[a090]

Only quantum computers are threat to passwords (good ones) and cryptography. They are far away from becoming major enough to be abused and by then, we won’t be using passwords anymore.

Cover your heads! Hide kids and your wife too. Why? Because the brain chip is coming. Don’t let them infect you with the Muskian brain virus. Via Elon Musk’s NeuralLink initiative. We must create brain antiviruses to combat this grave threat.

P.S: A brain chip was what you were alluding to, right @Trident? Or did I just blabber on about nothing lol?

 

[Trident]

Cover your heads! Hide kids and your wife too. Why? Because the brain chip is coming. Don’t let them infect you with the Muskian brain virus. Via Elon Musk’s NeuralLink initiative. We must create brain antiviruses to combat this grave threat.

P.S: A brain chip was what you were alluding to, right @Trident? Or did I just blabber on about nothing lol?

No, Apple, Microsoft and few giants are working on a password-less future.

About the security of passkeys

Passkeys are a replacement for passwords. They're faster to sign in with, easier to use and much more secure.

support.apple.com

Right now it’s in a very early stage, but in few years it will become more major.

 

[Zero Knowledge]

How many years? "1 trillionnnnnnnnnnnnnn yearrrrrrrrrrrs".

By then we will probably be controlling computers through our minds with CPU's built into our brains.

Quantum computing will change the game no doubt, but we are 20 years away from that unless there is a major breakthrough. And then it's a question of whether QC can scale enough to break super complex passwords or well-designed cryptography. From what I understand Publick Key Cryptography will be toast, but AES, Twofish and the like will have the key strength cut in half so from 256 to 128. So in theory AES with a 64-character password at 128 key strength will still take many years to crack even with QC. And then you will have Quantum resistant algorithms being designed and implemented right now and the future isn't so bleak.

 

[Trident]

but we are 20 years away

More than 20. For now nobody even needs those, there will be very few places that will be equipped with them and with all the inventory needed to use them. For home use, we are extremely far away from them, users prefer small and elegant solutions, they will not go back to computers that occupy a whole room. Most likely even Gen Z at the moment won’t get their hands on quantum PCs.

Besides, Windows barely supports ARM today with a lot of hiccups.

As to cryptography, new more powerful algorithms will be implemented.

 

[Zero Knowledge]

Your correct about QC. New resistant algorithms will come into play before the QC apocalypse. QC will be the domain of nation state military and intelligence services to begin with. Then it will slowly flow into business and corporations like MS & Google and finally to consumers, we are probably 50 to 100 years away from people having QC computers in their living room. But things progress fast so the timeline for mass adoption could be 20/30 years.

Sadly, the end result with all these new technologies like ML/A.I and I think with QC it will be used to serve people faster and better targeted advertising and sell people crap they don't need .

 

[Thales]

Oh boy. Sigh.
I still can use numbers only.
They need to know I'm using only numbers, or lowercase letters, etc.
If they don't know what characters I'm using, they need to include the entire character set.

 

[Trident]

Oh boy. Sigh.
I still can use numbers only.
They need to know I'm using only numbers, or lowercase letters, etc.
If they don't know what characters I'm using, they need to include the entire character set.

You can always throw a dot, exclamation mark, coma, etc in between the numbers to add hudreds of years more work

Btw about passwords, they usually allow 26 letters (in English), 10 numbers and a bit over 20 (but let’s say 20) special characters.

An 8-character password is then
(26+26+10+20)^8 or 82^8 = 2,044,140,858,654,976 combinations.

Good luck cracking that.

If there is no minimum length specified it will be even worse as criminals will have to test 82^1+82^2+82^3+82^4+82^5+82^6+82^7 as well.

Which is 25,236,306,896,892

 

[Nevi]

You can always throw a dot, exclamation mark, coma, etc in between the numbers to add hudreds of years more work

Btw about passwords, they usually allow 26 letters (in English), 10 numbers and a bit over 20 (but let’s say 20) special characters.

An 8-character password is then
(26+26+10+20)^8 or 82^8 = 2,044,140,858,654,976 combinations.

Good luck cracking that.

If there is no minimum length specified it will be even worse as criminals will have to test 82^1+82^2+82^3+82^4+82^5+82^6+82^7 as well.

Which is 25,236,306,896,892

Lastpass offer random PWs with 50 characters . I don't even wanna test how many trillion years a hacker with a brute force attempt would have to use.

Username Generator - LastPass

Create secure, unique usernames effortlessly with LastPass's free username generator. Protect your online accounts with customized, strong usernames.

www.lastpass.com

 

[a090]

Lastpass offer random PWs with 50 characters . I don't even wanna test how many trillion years a hacker with a brute force attempt would have to use.

Username Generator - LastPass

Create secure, unique usernames effortlessly with LastPass's free username generator. Protect your online accounts with customized, strong usernames.

www.lastpass.com

Probably 0 years if you’re storing your passwords with LastPass. They get hacked every year it seems like. Just got hacked again recently this year.

 

[TairikuOkami]

Trillion years you say, but that applies to an average CPU, hackers use GPU, GPUs farms actually, not to mention botnets as a supercomputer, especially IoT devices. I like 50 minimum.

 

[Nevi]

Probably 0 years if you’re storing your passwords with LastPass. They get hacked every year it seems like. Just got hacked again recently this year.

That's why I use the username generator, and avoid Lastpass.

 

[JB007]

Can someone point me to a link or a discussion here on the forum regarding the security of a desktop app like KPM or F-Secure PM over a browser-based extension? That article pointed to browser extension/apps as the best password managers. As of now, I'm having F-Secure replace some of my weak passwords with 16-character random passwords.

What is the conlusion ? Which is the most secure Password manager part of a security suite or browser extension ?

 

[Jonny Quest]

What is the conlusion ? Which is the most secure Password manager part of a security suite or browser extension ?

And that's the question I have. With the F-Secure desktop app within Total Security, there is no MY F-Secure online password manager ability. So is that just syncing through their servers and that's it and not stored there, and thus it's more secure?

With the Kaspersky password manager app on my desktop, and then the ability to access password manager in My Kaspersky, with that being on their servers (even though everything is encrypted) less secure than F-Secure?

Then for the final 3rd question (no, not the Monty Python Holy Grail 3 questions) are those desktop types of apps more secure than the more popular browser extension apps, even like Bitdefender's and the others?