As AI becomes more accessible, we’re all considering the implications of this technology and how it might affect us. The concept of password cracking has become a popular topic in the AI conversation. It’s important to understand what AI is capable of and how you can protect your accounts.

AI Can Guess Passwords That Aren’t Secure

AI tools can be used for password cracking, and some work with impressive speed. AI may be able to guess shorter, less complex passwords in minutes. The most skilled hackers could guess passwords within an hour before the rise of password-guessing AI. Programs like PassGAN, hashCat and John the Ripper are all specialized password AI tools that cybercriminals can use to access your accounts.

The good news is that these AI tools can also be helpful to us. An understanding of the AI password-cracking tools we’re facing will help us choose more effective passwords to reduce the risk of hacking.

How to Protect Passwords From AI

While AI is constantly evolving, you can follow typical best practices to secure accounts from password cracking.

1. Make Long Passwords

When your password includes fewer characters, AI tools have fewer combinations to test before cracking it. The most secure passwords use at least 12 characters and contain a mixture of uppercase and lowercase letters. You should also try to include special characters and numbers to make your passwords more unique.

Most sites will require these elements when you make a password to improve your personal security. Keep the same principle in mind even if the site you’re logging into doesn’t require a strong password.

2. Change Passwords Regularly

Changing your passwords regularly is a good habit because it can significantly reduce the risk of a hacker accessing your account. In terms of AI, consider how long it might take an AI tool to crack your password. If you have a long and unique password, it might take months instead of minutes. If you change your password during the guessing period, you force the AI or the hacker to start over.

Generally, it’s recommended you change your passwords every 90 days. Some accounts may require you to change your password at specific intervals for security purposes. When you choose to update passwords, focus on your most sensitive accounts first.

3. Use Multifactor Authentication

Multifactor authentication (MFA) requires one or more means of identifying yourself before you can access your account. For example, you may enter your username and password and then receive a one-time code over text to confirm your identity. MFA is a significant part of identity and access management (IAM) for businesses. It’s also an excellent practice for personal accounts.

4. Do Not Reuse Passwords

While using one password across multiple platforms is certainly easier than making new ones, it’s risky. A hacker or AI tool that guesses that password will have access to every account that uses it. It’s particularly important to avoid reusing passwords across more sensitive accounts, like bank and credit card accounts.

How to Keep up With All Your Passwords

A unique password for every single account is a lot to keep track of — fortunately, you don’t have to remember them all. With password management tools, you can create a secure account that logs your access codes and passwords across various sites. You can log in with a single click without compromising the security of any accounts.

Another option for handling multiple passwords is single sign-on (SSO). With SSO, you create unique passwords for all your accounts, then link them to a separate username and password. With this system, you can log into every account with a single set of credentials and keep all your information secure.

Explore IAM Tools With Optimal IdM

Optimal IdM offers a range of IAM tools for businesses to protect their accounts. Explore these solutions and reach out to us for more information. 


  • The database in which all of your organization’s sensitive identity data is stored.
  • A digital ledger in which digital transactions are recorded chronologically and publicly.
  • Securely managing customer identity and profile data, and controlling customer access to applications and services.
  • The means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.
  • A legal framework that sets guidelines for the collection and processing of personal information of individuals within the EU.
  • The policy-based centralized orchestration of user identity management and access control.
  • An authentication infrastructure that is built, hosted and managed by a third-party service provider.
  • A security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity for a login or other transaction.
  • A global provider of innovative and affordable identity access management solutions. 
  • Managing and auditing account and data access by privileged users.
  • Tools and technologies for controlling user access to critical information within an organization.
  • An authentication process that allows a user to access multiple applications with one set of login credentials.

Pin It on Pinterest