AI Is Trying to Break Your Password

How AI can crack passwords 

AI tools may be transforming businesses, but they’re also helping cybercriminals. According to Home Security Heroes data, AI can hack 51 percent of common passwords in less than a minute. Perhaps more disturbing, AI can crack up to 81 percent of most passwords in less than a month. And because AI tools can learn autonomously, they can keep up with even strong passwords. 

Home Security Heroes discovered the following disturbing information about AI password cracking:

• If a password is five characters or fewer, an AI tool can break it nearly instantly. This finding was based on an AI password cracker called PassGAN, which processed over 15 million passwords. 
• If a password is six characters or fewer, it can be broken in four seconds or less – regardless of complexity. 
• More than half of all passwords processed in the study were cracked in less than a minute, and 71 percent of processed passwords were broken in less than a day. 
• Even when 18-character passwords are used, if a password is just a numerical code, PassGAN can still crack it in 10 months or less.

It’s only a matter of time before AI-based vulnerabilities appear in your business. Fortunately, password complexity measures can slow down AI’s password-cracking abilities – for now, at least. Specifically, once you include letters, capitalizations and special characters, AI tools have a much harder time. 

According to Home Security Heroes, it should take an AI tool around 30,000 years to break a 12-character password with upper- and lowercase characters, numbers, and symbols. That seems like a decent starting point that gives you plenty of time to stay ahead of the curve – especially if company policy dictates password updates every 90 days. 

4 common security breach outcomes

What happens when a corporate password is hacked? Once a password has been compromised, a business is open to malicious activities that undermine its overall cybersecurity. The damage could include everything from financial loss to trade secret theft. 

Here are some typical post-password breach occurrences: 

1. Hacked passwords can lead to data theft.

Data loss is a devastating security breach consequence. Financial records, trade secrets and product development can be compromised because an AI tool figured out the right password to give corporate access to the wrong person. 

2. Hacked passwords can cause business disruption.

Once a breach occurs, one of the more severe results could be complete business disruption. For example, an April 2023 data breach caused a complete service disruption for the digital storage company Western Digital. 

The costs associated with business disruption can range from thousands to millions of dollars daily, depending on the organization’s size. And once a network security threat succeeds, it can take weeks to recover from the attack, creating issues like loss of marketplace trust and theft of corporate funds. 

3. Hacked passwords can lead to financial theft.

A security breach’s financial impact depends on the type of cyberattack. An affected business could lose revenue because of ceased operations, stolen funds or regulatory fines. 

When you add in the costs of administrative upgrades like repairing the security infrastructure or implementing new procedures, a business can face overwhelming financial repercussions.

4. Hacked passwords can lead to legal liability.

Along with regulatory fines, a business that suffers a data breach also faces legal repercussions. State and federal standards are in place to help minimize the impact of a cyberattack, and they require a full audit of corporate records, practices and procedures to ensure a business was fully compliant with all rules and regulations at the time of the breach.  

Top tools to protect your passwords

The Home Security Heroes report offered a glimmer of hope regarding thwarting AI-based password-crackers: Passwords that use more than 18 upper- and lowercase characters mixed with numbers and special characters are generally considered safe against AI. So, how do we get there? 

One way is to create a full, complex phrase you can remember for each account you must access. Another option: Use a password generator combined with a password manager to track your login information.

Consider the following password generators and managers that can help keep your business safe: 

1password

Developed by AgileBits, 1password is an industry leader that offers a robust password generator, password management service, a digital vault and a secure digital wallet. 

• 1password’s free service: 1password is available in a limited free version. 
• 1password’s paid tiers: 1password’s paid service starts at $7.99 monthly for individual users; a team starter pack costs $19.95 monthly with licenses for up to 10 users. The team tier provides options for as many unique, randomized passwords as your business needs, along with password management services to keep everything organized. For more customization, 1password offers an enterprise-level service (pricing options are available upon request) that provides additional security layers like custom roles and access levels, daily activity logs, and usage reports to help hone your corporate security efforts.
• Additional 1password features: Other 1password features include two-factor authentication, cloud storage and mobile app support. 

Visit the 1password website to learn more.

RoboForm

An oldie but a goldie, RoboForm excels at all the basic core functionality you’d want from a password generator, with few of the frills. 

• RoboForm’s free service: RoboForm offers a robust free service that provides unlimited password storage, cloud storage for notes, login sharing and multiplatform support. It also includes a password generator, two-factor authentication and a mobile app.
• RoboForm’s paid tiers: While the free service offers a reasonable amount of features, its paid service lets you sync information across multiple devices and apps. The RoboForm paid service starts at $23.88 per year for an individual user, $47.75 per year for a family plan that supports up to five users and an enterprise level that ranges from $29.99 to $39.99 annually per individual user. The pricing for an enterprise-level service varies based on how many accounts are needed. 

Visit the RoboForm website to learn more.

NordPass

NordPass is another great password generator option. It’s designed to help users create and manage passwords easily for any account. Built by the same team that created the well-reviewed NordVPN service, NordPass helps organizations and business owners create, save, and organize unlimited passwords and keep them secure in one location. 

• NordPass free version: The free version of NordPass lets users create and manage passwords, credit card details, and multifactor authentication. 
• NordPass paid versions: Premium tiers offer additional features like syncing information between devices, identifying trusted contacts and granting access to secure files to known users. The good news is that Nord offers reasonable pricing structures with regular discounts (especially for first-time users). Its paid service for individual accounts costs $72 for two years, but there’s also a discounted rate of $35.76 ($1.49 per month) for the first two years. Family plans are also available, with support for up to six users.

Visit the NordPass website to learn more.

Keeper

Boasting an offline mode to manage security without an internet connection, Keeper is another strong password manager with unlimited password storage designed to help keep your data safe. 

• Keeper individual pricing: For $35 annually, Keeper gives individual users a mobile app and browser extension to simplify password security while syncing data across as many devices as necessary. There’s also a family plan for $75 billed annually.
• Keeper business pricing: Keeper’s Business Starter tier costs $2 per user per month, with a minimum of five users. You can securely share passwords with team members or trusted colleagues, so you don’t have to worry about hackers intercepting a text message or email. Perhaps best of all, Keeper decrypts information on your device, so it’s never stored on a remote server. Your information stays with you and is never shared with anyone. Once you leave the service, all decryption data is deleted. Keeper also has Business and Enterprise tiers with additional features. 

Visit the Keeper website to learn more.

Dashlane

Dashlane lets users create completely randomized passwords on demand to give you 24/7 security (and peace of mind that your critical business data is safe).  

One of the key differentiators that Dashlane offers is a virtual private network (VPN) on top of its other security features. With a VPN and a dark web monitoring service, Dashlane delivers robust functionality to any business, from one-person operations to large-scale enterprises. 

• Dashlane pricing: All this functionality comes at a cost. Dashline’s pricing structure depends on your desired service level and how many people need access. For a starter account, you can get 10 licenses for $20 per month – $2 per user. However, that service level doesn’t provide a VPN, single sign-on services or on-demand support. A business account with all the features and functionality Dashboard has to offer costs $8 per month per user. 

Visit the Dashlane website to learn more.

Stay ready for AI password-cracking

Cybercriminals will use any tool at their disposal to infiltrate the networks of unsuspecting businesses to steal money and valuable data. And they’re taking advantage of AI’s seemingly endless possibilities to conquer the most common passwords.

Password security is now more critical than ever. Businesses must prioritize generating complex passwords and using cutting-edge technology to store and manage them.