AI Powered Tools Make Guessing Passwords Easy

By Benjamin Roussey

Internet users have always been told to use complicated passwords to make it harder for hackers to breach their security. Now, data scientists have only made things worse for the folks by coming up with a piece of software development that makes guessing passwords easier than ever.

Cybercriminals usually hack into a system to steal personal information. If they could just access that information simply by guessing passwords, things could be only easier for them. Scientists have just made that possible. The new machine learning tool has studied millions of passwords and can put the information together to guess other passwords and break into the strangest accounts. Scary, right?

So how does it work?

Most people tend to use their names as passwords. For instance, Tom sets his password as Tom. When the system tells him that the password must contain numbers, he changes it to Tom123. When he is told that he cannot use his own name as his password, he uses the name of his favorite car, actor, or the name of his cat as his password.

Even though you may not be so stupid to set such insecure passwords, many people still do. That’s the reason why most leaked passwords have a similar pattern: they are a combination of names and numbers that are very easy to guess.

To make things more concerning, there are password guessing tools that use these patterns to trace passwords. This process is called dictionary attack that uses a combination of the words in the dictionary one after the other to guess passwords. For instance, if most of the leaked passwords have a combination of a name and number, like Tom 123, then this same pattern is used to try and guess other passwords. In most cases, this system works.

However, since this is a manual system, this list needs to be updated every time new passwords are leaked and new patterns are noticed. Needless to say, when this database of passwords gets too long, it isn’t possible to manually find patterns. Even if it is possible, there is a strong chance many patterns would be left out.

This is when Artificial Intelligence comes in.

What is Artificial Intelligence?

First things first: what is Artificial Intelligence? To put it simply, Artificial Intelligence (AI) is a set of computer systems that is designed to perform and replicate human behavior and tasks. These tasks include speech recognition, visual perception, translation, and decision making. While AI does make life easier by handling loads of tasks that humans couldn’t manage, it also paves the way for criminal activities. Data scientists have simply facilitated the latter by coming up with a tool that is several times more efficient than any other password guessing tool.

Business systems analysts have trained computer systems with databases of leaked passwords to generate passwords more effectively and in a shorter time. These computer systems, or neural networks, are capable of replicating the human brain. Just like humans learn from observation, neural networks function the same way. For instance, if you are shown a few pictures of a person and told he is called Tom, the next time you see the person you can recognize him. These computer systems recognize and guess passwords the same way.

Researchers have used two neural networks to accomplish this. One network performs the task and the other gives it feedback. While one network guesses passwords, the other says whether it is right or wrong or close enough. This process is completely automated, and the network keeps guessing password combinations until there are satisfactory results.

It was observed that even when the system couldn’t get the exact combination, it came close enough. For example, if the actual password was DEG#921, the generated result was D3G#921. Since this tool is in its nascent stage, scientists will keep developing it to iron out the kinks and make the system more capable. It is only a matter of time before cybercriminals start using this tool to easily guess passwords and steal personal information.

How to be safe?

Data scientists are hopeful that this AI powered tool will be beneficial in identifying weak and insecure passwords and making them stronger. But as with every piece of technology, this password-guessing tool will not remain safe from the hands of cybercriminals. This means, people have to use stronger and more difficult passwords.

Researchers recommend using longer and complicated passwords, and always keeping the two-step authentication enabled but this latter step is not practical for many reasons. Making each password unique is another highly recommended way to keep your accounts safe. If you fear forgetting your passwords, use an online application to store your passwords, or save them somewhere else on your computer and perhaps even code them so if someone else sees that file they will not be able to easily ascertain your password (you know your life better than anyone) and look them up if you forget.

No technology ever remains safe for too long. Keeping your passwords safe by making them long, complicated, and difficult to memorize is the best way to protect the security of your online accounts.



#Securityarchitect #cybersecurity #datascientist #applicationsecurity  #SAMM #BSIMM #machinelearning