Since we've been discussing passwords lately:

 

     --https://www.extremetech.com/internet/ai-can-now-crack-most-passwords-in-less-than-a-minute

 

Paranoids and legit crims, take note.

 

 

 

Welcome to a world with no more government secrets. There will a lot of worried politicians and spooks out there.

But don't most sites block access after, say, 5 failed password attempts?

I call BS. There's no AI that can be applied to a randomly generated strong password with special characters. AI is about data recall.

1 minute ago, Lee65 said:

But don't most sites block access after, say, 5 failed password attempts?

Yes. In addition, most sites are going with 2FA these days. Nothing to see here.

I think this is with brute force (running thousands of passwords every second until the good one hits home). Bank accounts and other applications only allow a handful or trials before the system locks though.

Just now, JackGats said:

I think this is with brute force (running thousands of passwords every second until the good one hits home). Bank accounts and other applications only allow a handful or trials before the system locks though.

The OP implies that AI can use some kind of intelligence to help crack the code. AI is a misnomer anyway, computers are no more intelligent than they were when first invented. They are simply faster and can store more data.

Even with this chart, still 30000 years needed. Other one 6 QN years. 

Which is 

6,000,000,000,000,000,000

years

Good luck.

Edited April 12, 20233 yr by FritsSikkink

26 minutes ago, FritsSikkink said:

Even with this chart, still 30000 years needed. Other one 6 QN years. 

Which is 

6,000,000,000,000,000,000

years

Good luck.

My password actually has near double the 18 characters too lol, silly AI news all the time, it can barely do anything like this today.

AI can't guess a random password like #sdfDWLfsfdfs*&$#578

If you use a password like "Bangkok" then don't be surprised if it is "hacked".

2 hours ago, JackGats said:

I think this is with brute force (running thousands of passwords every second until the good one hits home).

According to the article it is not using a brute force method:

 

>"Home Security Heroes ran this test with the PassGAN password generator. Unlike most password generators, PassGAN uses a Generative Adversarial Network (GAN) to learn from real passwords to create new ones. A GAN in this context consists of two opposing neural networks, a generator and a discriminator. The generator network created fake data, and the discriminator is tasked with picking out real data in a sea of fakes. Over time, the generator and discriminator become better at what they do, making the overall model more effective."<

 

Just me guessing here but I think AI may be able to quickly gain enough information about an individual, their family, friends, hobbies etc from social media and public records that would help it to narrow down the range of  possibilities that individual would likely use when creating a password.

 

So, is there an address that I can just send all of my money to so that I won't have to worry?

I use a password manager / generator.

Not perfect, but it generates passwords made up of symbols and alphanumerics, and I only have to remember one long one to access.

2 hours ago, phetphet said:

I use a password manager / generator.

Not perfect, but it generates passwords made up of symbols and alphanumerics, and I only have to remember one long one to access.

What he said.

5 hours ago, ozimoron said:

I call BS.

Much overblown reporting.

Being presented with a password hash without any context, what can AI do more than brute force crackers?

The graphics though is useful.

Length counts, over complex pw is not necessary, <A-Z><a-z><0-9> suffices with proper length >= 16.

sTpxehc2jZVForutdY is better than .>,,{}:* in any category.

Of course the long one is created by PWTech.

AI can know as much about me as possible and still what's the difference.

There is a recent thread where PWs were discussed.

Edited April 12, 20233 yr by KhunBENQ

I think there's a better chance AI can predict the winning lottery numbers before it can crack a strong PW.

For me the telling comment is in the secondary headline and then repeated in the text - 

Quote

how long it would take to crack the most common passwords

 

16 hours ago, KhunBENQ said:

The graphics though is useful.

Agreed. Which is why it would help if all financial/personal info sites would insist on a minimum 10 character and minimum Upper,lower case, number and special character. It always surprises me that many don't.

21 hours ago, JackGats said:

Bank accounts and other applications only allow a handful or trials before the system locks though.

Still disturbing. Imagine you need money right now, but your account has been locked thanks to scammers trying to access it. And then you have to wait hours or days till it is unlocked again by your bank...

7 minutes ago, StayinThailand2much said:

Still disturbing. Imagine you need money right now, but your account has been locked thanks to scammers trying to access it. And then you have to wait hours or days till it is unlocked again by your bank...

Has that happened to you? I think hackers try to access bank accounts with hits by the millions every day. What has happened to me is the bank disabling my card when trying to deposit to my online broker after several successful deposits in the weeks prior and not giving me online access to it to request it be unblocked until I called them which involved an international call and a wait of over half an hour to get a person to answer. Infuriating.

Edited April 13, 20233 yr by ozimoron

17 hours ago, dingdongrb said:

I think there's a better chance AI can predict the winning lottery numbers before it can crack a strong PW.

She doesn't seem worried about that.