Picture a hacker. Did you see a shadowy figure in a hoodie typing in password after password? Hate to break it to ya, but they’re a lot smarter than that. (Though I can’t say either way about the hoodies.)
Hackers are jumping on the artificial intelligence bandwagon and upping their game. Get this: AI service PassGAN cracked 51% of common passwords in less than a minute. Let’s take a look at other hacker tools so you can stay safe.
Brute-forcing: A special program enters different combinations of letters, numbers and symbols. It’s fast! A hacker can try up to 100 billion possible passwords per second.
Dictionary attack: Brute-forcing but add words from the dictionary, company names and sports teams to speed things up.
Credential stuffing: Someone takes one of your breached accounts and tries that email and password combo across different accounts and websites.
Phishing: A scammer convinces you to click a link to a bogus site, then you (willingly) put in your login details.
Even if you do everything right, there’s something else working against you.
Cybercriminals love to share
They create software that anyone can download and improve. A few standard options for cracking passwords have some pretty funny names: John the Ripper, Hashcat and Ophcrack.
Bottom line: What can you do about it?
- Longer is better. An eight-character password comprising only uppercase and lowercase letters takes 22 minutes to crack. A 12-character password that includes symbols, too? 34,000 years.
- Use fake words, extra characters and oddball phrases.
- Never reuse a password, even if it’s been out of circulation for a while.
- Triple check you’re on the real site before you enter your password.
- If a site lets you get away with “password” or “123456,” step away.
✅ I know, passwords stink. I have a few more smart rules here to make it easier to stay safe.