How strong are your passwords? A recent study found that AI password crackers can crack the most common 4- to 7-character passwords in seconds. What's frightening is that this includes passwords with upper and lower case letters and numbers. Even hackers could lose their jobs to AI!

Cybersecurity firm Home Security Heroes (opens in new tab) (via Tom's Hardware) has shown that PassGAN, an AI password cracking tool that leverages the Generative Adversary Network (GAN), can be used to crack the most common passwords in More than 15 million common passwords were given to train the model to be able to brute force some of them in seconds. The passwords were taken from the RockYou dataset (which contains passwords for Myspace and Facebook) that was hacked in 2009. In other words, they "improve the quality of predicted passwords" by training the AI with passwords that people have actually used.

According to Home Security Heroes, PassGAN cracks 51% of common passwords (4-7 characters) in under a minute, and more challenging passwords (up to 11 characters) in less than a month. Enter your password in the fun little tool on the site and the AI will tell you how long it will take to crack it. For safety reasons, however, it is best not to enter your current password.

So I typed in "AbC12345" and learned that it would take the AI roughly 48 minutes to figure it out. The more extended and random the character set, the harder it is for AI to predict it; according to Cybernews, the most common password in 2023 was (open in new tab) 123456, which took PassGAN only 6 minutes to crack.

The AI struggled with passwords longer than 12 characters, with a mix of numbers and upper and lower case letters, and an 18-character password would take 7 billion years to crack. However, the most commonly used passwords are usually 8 characters or less.

The researchers recommend using passwords of at least 15 characters, with at least two upper and two lowercase letters, plus a couple of symbols. Another tip is to avoid using the same password for multiple accounts and change it every three to six months.

I actually went back and typed 123456! And now that I've gone from 6 minutes to 356 years, I have to say something about throwing a couple of symbols into a new password; the PC Gamer staff uses password management tools like LastPass. But if you want maximum security, we recommend you take a look at our password primer (opens in a new tab) and protect yourself.