The recent Equifax hack is one of the largest exposures of highly sensitive information in US history. The breached information includes social security numbers, home street addresses, credit card numbers and other personal details. Breaches of this magnitude bring to light how personal data is managed along with how unauthorized access to information can occur.
User generated passwords are the most common method employed to protect resources online. Unfortunately, there are already a plethora of methods designed to guess passwords. A new approach, PassGAN, extends upon this technology with artificial intelligence. PassGAN uses deep learning, generative adversarial networks specifically, to guess passwords after being trained on a set of known passwords from two large leaks in the past, LinkedIn and RockYou leaks. PassGAN was then tested on a subset of that data, which was not within the training set, and was able expand the number of correctly guessed passwords by 20-25% when combined with current state of the art methods. Other methods are limited to dictionary transformations, such as c4t = cAt, and cannot expand upon what they already know.
Interestingly enough, most hacks occur via an inside job, not password guessing. Hackers are also constantly innovating, and security measures must continue to improve or risk falling behind. Rather than moving towards more complicated passwords, experts suggest that two factor authentication methods might be the best way to remain secure.
Acknowledgments: Thank you to Mr. Simon Selitsky, Co-Founder and CEO of Coingyft, for his commentary about security and the use of deep learning for password guessing.
Managing Correspondent: Aaron Aker
Original article: PassGAN: A Deep Learning Approach for Password Guessing.
News article: Artificial intelligence just made guessing your password a whole lot easier
Image credit: Wikimedia Commons