To be honest this is not something I thought about too much until I found this tool, PassGAN, a password-cracking AI tool developed by a team of researchers from Home Security Heroes.
PassGAN can crack any password less than 7 characters, in less than 6 minutes, even if it contains characters and symbols. It can crack 51% of common passwords in under a minute, and 71% in less than a day.
It seems, although contrary to what you might think, there is no need to panic. The tool performs no better than the usual password cracking methods. In other words, anything PassGAN can do, conventional methods do as well or better.
To stump PassGAN, all you need is an 11 character password with numbers, symbols and upper and lowercase letters – the tool would need 356 years to crack it.
I will admit that my password hygiene is poor at the moment. Some are very strong, some not so much. Some are repeated in many places. Some are saved in the cloud, some on my phone, some in a notebook.
Thank goodness for Google Password Manager, I really don’t know what I would do without it.
What is safe these days?
However, is it safe? Google Password Manager boasts military grade security, is completely free and super useful if you use Google Workspaces and Chrome.
But, how can we be sure? PC Magazine says don’t use Google Password Manager because it links to Chrome which can be compromised as hackers can install extensions that can extract data stored on a browser.
Even LastPass was hacked last year, although they claim that in the vault that was stolen, sensitive data like usernames and passwords are encrypted fields secured with 256-bit Advanced Encryption Standard (AES) – a system commonly implemented in software and hardware – to encrypt sensitive data.
According to LastPass CEO Karim Touba, this encryption “can only be decrypted with a unique encryption key derived from each user’s master password”. LastPass doesn’t know its customers’ master passwords, nor is this information stored or maintained by the company.
In summary, this is a good reminder for us all to take a look at our passwords and the way we store them.
Here are some tips for stronger passwords:
- Make it longer: Passwords with more characters and a mix of numbers, lowercase, uppercase and symbols are the hardest to hack. A 12-character password with mixed symbols takes 30,000 years to crack.
- Don’t connect them with personal information: Avoid using easily guessable words and numbers. According to TerraNova Security, never use
- Your pet’s name.
- Your birthday or that of family members.
- Any words related to your hobby, job, or interests.
- Part of your home address, including city/town, street, house/apartment number, or country.
- Your name or the name of a family member.
- Don’t use common words or sequential characters: Avoid using common words and phrases, or sequential numbers and characters. Instead, use a random combination.
- Don’t repeat passwords: It is recommended to avoid using the same password for multiple sites. In case one of your passwords is compromised, it could put all of your other accounts at risk.
- Regularly change passwords: Although this is an activity from hell, ideally we should change our passwords every few months to help protect accounts from potential security breaches.
- Use strong passwords: This is a great password – m#P52s@ap$V. But how on earth will you ever remember it? It seems when you use a password manager, the only password you need to remember is the ‘master password’. How to Geek has a great tip to come up with a memorable yet complicated strong password which is called the pass phrase method. For example, write a sentence: “The first house I ever lived in was 613 Fake Street. Rent was $400 per month.” = TfhIeliw613FS.Rw$400pm would be the password. Pretty cool in my opinion!
So, another thing to be added to my list of ‘tedious’ things to do.
Anyone out there use a password manager other than Google Password manager?