Can AI be used by hackers to crack passwords?


AI could make it easier for some malevolent hackers to crack passwords. — AFP Relaxnews

Artificial intelligence has many uses, some of which can be malicious. Hackers could be tempted to use ChatGPT or other such tools to crack passwords and thereby illegally access personal data that is supposedly protected.

Hackers often spare no effort in coming up with new ways to achieve their duplicitous ends and some could very well use ChatGPT with such unscrupulous intent. With cleverly written prompts, they may indeed be able to obtain the passwords of some individuals, at least those who have chosen something related to their own life (date of birth, children's names, pets, etc) as a source of inspiration.

Computer security specialists, like Check Point, have already tested the approach. In fact, just by giving information about someone, or referring to their online biography, ChatGPT is able to imagine examples of passwords that this person could use, based on their life, hobbies and preferences, etc. Fortunately ChatGPT isn't fooled by direct requests of this type, responding with answers like "I'm sorry, but it would be inappropriate and potentially dangerous to suggest or guess passwords that this person might use to access their online account."

However, an artificial intelligence specifically dedicated to password cracking has been available on GitHub for a few years now. PassGan has been fed with machine learning, from a database of several hundred million passwords. The cybersecurity specialists at Home Security Heroes have also put together a tool that shows, in theory, how long it would take an artificial intelligence to crack a password.

Depending on its complexity, it could take from a few seconds to several billion years! So far, it has been found that around half (51%) of "classic" passwords can be cracked in less than a minute, 35% in less than an hour and 71% in less than a day. The more complex the chosen password is, the longer it will take to crack, even for a well-trained artificial intelligence. To summarise - beyond 10 characters mixing lower case, upper case, numbers and special characters, you are relatively safe.

But in any case, double authentication, which consists of validating access to your account via a code provided by SMS, email or a dedicated app, will prevent anyone from approaching your data, even after successfully cracking your password, via ChatGPT or otherwise. – AFP Relaxnews

Get 20% OFF The Star Digital Access

Monthly Plan

RM 13.90/month

RM 11.12/month

Billed as RM 11.12 for the 1st month, RM 13.90 thereafter.

Best Value

Annual Plan

RM 12.33/month

RM 9.87/month

Billed as RM 118.40 for the 1st year, RM 148 thereafter.

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Others Also Read