How to create a password that can't be quickly cracked by an AI "password guesser"

You might think that your online passwords are strong enough to prevent attackers from breaking into your apps, stealing your money, and hijacking your Amazon and eBay accounts. But thanks to AI, your industrial strength password might not be as hacker-proof as you thought.

An AI-based "password guessing" platform called PassGAN (password generative adversarial network) was able to solve 51% of the passwords it was attempting to crack in less than 60 seconds. It was able to figure out 71% of passwords in less than one day. That's pretty scary and Home Security Heroes (via 9to5Google) released the results of a study that used PassGAN to try and discover 15.6 million passwords.

Before we get to the results, you can head over to the company's website, type in a password you currently use or are planning to use, and see an estimate of how long it would take AI to crack it. For example, if you use phonefan99 as a password, it would take AI only 6 months to figure it out. On the other hand, using supercalifragilisticexpialidocious would take AI 6 Quadrillion years to figure out.

The study showed that 51% of common passwords can be figured out using AI in under a minute. 65% of such passwords can be cracked in less than an hour. AI can figure out 71% of common passwords in less than a day, and 81% of common passwords can be cracked in under one month. PassGAN has the capability to "autonomously learn the distribution of real passwords from actual password leaks."

To protect yourself from an AI "password guessing" platform, you need to make your passwords at least 12 characters long using a combination of upper, and lowercase letters plus numbers and symbols. A 12-character password made up of only numbers can be cracked in under 25 seconds. Using upper and lower case letters, it will require 289 years to discover and if you add numbers, upper and lower case letters, and symbols, your password could be safe from AI for 30,000 years.

An 18-character password using lowercase letters could be safe from AI for 22 million years while adding uppercase letters extends that protection to 7.23 billion years according to the study.

Other suggestions include the use of two-factor authorization (2FA). When you sign into an app, a code is sent to your phone which you will need to enter in order to open said app. Also,  do not use the same password for multiple accounts and apps. When possible, use auto-generated passwords and update your passwords often, especially for banking and other financial apps. Additionally, you are advised not to log in to financial and other sensitive apps via a public Wi-Fi network unless you want to get ripped off.

It might seem like hard work to keep your passwords safe, but it is well worth the effort to prevent an attacker from breaking into your important apps and accounts.