As AI becomes more accessible, we’re all considering the implications of this technology and how it might affect us. The concept of password cracking has become a popular topic in the AI conversation. It’s important to understand what AI is capable of and how you can protect your accounts.
AI Can Guess Passwords That Aren’t Secure
AI tools can be used for password cracking, and some work with impressive speed. AI may be able to guess shorter, less complex passwords in minutes. The most skilled hackers could guess passwords within an hour before the rise of password-guessing AI. Programs like PassGAN, hashCat and John the Ripper are all specialized password AI tools that cybercriminals can use to access your accounts.
The good news is that these AI tools can also be helpful to us. An understanding of the AI password-cracking tools we’re facing will help us choose more effective passwords to reduce the risk of hacking.
How to Protect Passwords From AI
While AI is constantly evolving, you can follow typical best practices to secure accounts from password cracking.
1. Make Long Passwords
When your password includes fewer characters, AI tools have fewer combinations to test before cracking it. The most secure passwords use at least 12 characters and contain a mixture of uppercase and lowercase letters. You should also try to include special characters and numbers to make your passwords more unique.
Most sites will require these elements when you make a password to improve your personal security. Keep the same principle in mind even if the site you’re logging into doesn’t require a strong password.
2. Change Passwords Regularly
Changing your passwords regularly is a good habit because it can significantly reduce the risk of a hacker accessing your account. In terms of AI, consider how long it might take an AI tool to crack your password. If you have a long and unique password, it might take months instead of minutes. If you change your password during the guessing period, you force the AI or the hacker to start over.
Generally, it’s recommended you change your passwords every 90 days. Some accounts may require you to change your password at specific intervals for security purposes. When you choose to update passwords, focus on your most sensitive accounts first.
3. Use Multifactor Authentication
Multifactor authentication (MFA) requires one or more means of identifying yourself before you can access your account. For example, you may enter your username and password and then receive a one-time code over text to confirm your identity. MFA is a significant part of identity and access management (IAM) for businesses. It’s also an excellent practice for personal accounts.
4. Do Not Reuse Passwords
While using one password across multiple platforms is certainly easier than making new ones, it’s risky. A hacker or AI tool that guesses that password will have access to every account that uses it. It’s particularly important to avoid reusing passwords across more sensitive accounts, like bank and credit card accounts.
How to Keep up With All Your Passwords
A unique password for every single account is a lot to keep track of — fortunately, you don’t have to remember them all. With password management tools, you can create a secure account that logs your access codes and passwords across various sites. You can log in with a single click without compromising the security of any accounts.
Another option for handling multiple passwords is single sign-on (SSO). With SSO, you create unique passwords for all your accounts, then link them to a separate username and password. With this system, you can log into every account with a single set of credentials and keep all your information secure.