How many times have we heard in the news that the accounts of millions of unsuspecting users have been compromised by hackers? Unfortunately there are no signs that the number of security breaches will be reduced anytime soon; in fact, security experts warn users that these attacks will become more frequent and stronger than ever – particularly if AI is involved in the hacking process.
The idea of artificial intelligence being used for stealing identities or even money is already terrifying, but thankfully the future is not as dark as it may seem. The question is which side will adopt AI first and for what purpose: the bad guys for hacking or the good guys for protecting people and further strengthening the password system.
When AI Is Used for Ill
No matter how much we want to believe that AI will be the precursor of the helpful robotic assistants depicted in Isaac Asimov’s monumental novels, there is a huge chance that AI will be turned against us – albeit not in a way that James Cameron envisioned in the Terminator series. In fact, it is better to take evil AI for granted and be prepared for more frequent and more brutal cyber attacks that will cause more damage than ever.
With AI on their side hackers could gather the necessary information faster and on a broader scale, plus programs using AI could be capable of looking for multiple vulnerabilities at the same time, destroying any efforts at successfully patching coding errors. But by far the worst possible scenario is that due to its capability of self-studying the AI could decide at one point to go for other targets other than those initially coded into its programming without human intervention, causing damage on an even bigger scale.
The AI on the Good Side
Newton’s third law of motion states that “for every action, there is an equal and opposite reaction”. Translated to the world of IT this means that in order to prevent the attacks of AI used by hackers there must also be AI developed to protect our online identities. Thankfully the process of creating such intelligent programs is already on the go and some of the results are more than promising.
Up until this point password-guessing tools like HashCat and the appropriately named John the Ripper used traditional approaches, like randomly trying out countless combinations (brute force attack) or by guessing each character in a password based on what came before, applying the probability method. The effectiveness of these approaches was never questioned to begin with, but the problem is that they are the results of careful and tedious programming.
However, researchers of the Stevens Institute and the New York Institute of Technology managed to create a generative adversarial network (GAN) called PassGAN that simulated how humans think when composing passwords. In fact, after being given a set of leaked passwords and instructing it to create passwords on its own, the AI managed to detect certain patterns and replicate passwords that eerily resembled those created by ordinary users. Then the new passwords were compared with a set of login credentials leaked from LinkedIn, at which point PassGan cracked 12% of those LinkedIn passwords on its own. However, when working together with HashCat and John the Ripper, it managed to guess more than a quarter of the leaked password list.
How AI Will Revolutionize Passwords
The findings of Stevens Institute are a huge breakthrough, since it can lead to the creation of more intelligent software that is capable of warning users of weak passwords by analyzing already created passwords and their patterns. In other words, future password strength meters will not only be able to tell users that their passwords are weak, but it will also explain in detail why and how the password should be changed to stand a chance against hacker attacks.
This means that using complex yet memorable passwords will be more important than ever, which could lead to a boom for the password manager market and, as a pleasant consequence, a huge drop in number of data breaches. In fact, the use of passwords checked by AI could further the possibilities of additional or alternative login methods, like two-factor authentication or fingerprint access.
Best Password Managers of 2019
|Editor's Choice 2019|