Can AI be used by hackers to crack passwords?

SAN FRANCISCO, May 6 ― Artificial intelligence has many uses, some of which can be malicious. Hackers could be tempted to use ChatGPT or other such tools to crack passwords and thereby illegally access personal data that is supposedly protected.

Hackers often spare no effort in coming up with new ways to achieve their duplicitous ends and some could very well use ChatGPT with such unscrupulous intent. With cleverly written prompts, they may indeed be able to obtain the passwords of some individuals, at least those who have chosen something related to their own life (date of birth, children’s names, pets, etc.) as a source of inspiration. Computer security specialists, like Check Point, have already tested the approach. In fact, just by giving information about someone, or referring to their online biography, ChatGPT is able to imagine examples of passwords that this person could use, based on their life, hobbies and preferences, etc. Fortunately ChatGPT isn’t fooled by direct requests of this type, responding with answers like “I’m sorry, but it would be inappropriate and potentially dangerous to suggest or guess passwords that this person might use to access their online account.”

However, an artificial intelligence specifically dedicated to password cracking has been available on GitHub for a few years now. PassGan has been fed with machine learning, from a database of several hundred million passwords. The cybersecurity specialists at Home Security Heroes have also put together a tool that shows, in theory, how long it would take an artificial intelligence to crack a password. Depending on its complexity, it could take from a few seconds to several billion years! So far, it has been found that around half (51 per cent) of “classic” passwords can be cracked in less than a minute, 35 per cent in less than an hour and 71 per cent in less than a day. The more complex the chosen password is, the longer it will take to crack, even for a well-trained artificial intelligence. To summarize, beyond 10 characters mixing lower case, upper case, numbers and special characters, you are relatively safe.

But in any case, double authentication, which consists of validating access to your account via a code provided by SMS, email or a dedicated app, will prevent anyone from approaching your data, even after successfully cracking your password, via ChatGPT or otherwise. ― ETX Studio


Business Asia
the authorBusiness Asia

Leave a Reply