Artificial intelligence (AI) introduces new challenges for cybersecurity, particularly in the area of password cracking. Experts have been warning the public for years to use unique and complex passwords for each of their accounts. This is more important today than ever. Bad actors are increasingly using AI to improve the speed and efficiency of brute force password attacks, which can have devastating consequences for individuals and organizations.
For password security, AI introduces three principle threats: more efficient brute force attacks, more efficient phishing attacks, and more scalable attacks.
AI models train on large bodies of public and private texts. This gives AI the ability to generate text based on patterns and relationships between words and phrases. AI algorithm that train on large password datasets can identify common patterns and develop more effective password cracking strategies. By analyzing a particular target individual’s public profile, AI can analyze a target’s behavior, use natural language processing to recognize password hints, and generate prioritized lists of potential passwords for use in attacks. All of which can significantly reduce the time required to complete a successful brute force attack.
Bad actors are also using AI to improve phishing attacks by analyzing a user’s publicly-available communications. AI can better emulate the user’s communication and writing style, develop more effective social engineering attacks, and improve the ability of bad actors to bypass security systems. All this increases the likelihood that a phishing attack deceives users.
AI can also automate the password cracking process, enabling bad actors to launch attacks at scale and with greater efficiency. This means that even strong passwords can be cracked in a matter of hours or days, rather than years. Of course, this depends on password complexity and available computing power, as well as other factors impacting the effectiveness.
To protect against AI-supported attacks, use unique and complex passwords with a mix of characters and symbols. Use password generators, password managers, and multi-factor authentication whenever possible, and routinely monitor accounts for signs of unauthorized or suspicious activity.
Originally published April 25, 2023, and updated May 5, 2023