- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
AI Password Cracking in 2025: Key Findings
AI-powered password cracking has become dramatically faster in 2025, with 85.6% of common passwords now crackable in under 10 seconds[1]. This acceleration stems from two main factors: advanced AI models that learn password patterns and powerful consumer GPUs.
Hardware Advances
The latest consumer graphics cards, particularly the RTX 5090, have transformed password cracking capabilities. Hive Systems reports that a setup of 12 RTX 5090s is now used as the benchmark for modern password cracking attempts[2].
Time to Crack by Password Type
For bcrypt-hashed passwords (work factor 10):
- 8 characters or less: Instant crack regardless of complexity
- 10 characters with mixed characters: 27 years
- 12 characters with mixed characters: 244,000 years
- 16 characters with mixed characters: 19 trillion years[2:1]
AI’s Impact
AI tools like PassGAN have revolutionized cracking by:
- Learning common password patterns
- Recognizing user habits like capitalizing first letters
- Predicting likely passwords instead of random guessing[1:1]
Security Recommendations
Recent findings emphasize:
- Length over complexity (minimum 16 characters)
- Use of password managers
- Implementation of Multi-Factor Authentication (MFA)
- Adoption of passkeys where available[3]
You must log in or register to comment.
2 billion years then? Not bad. Using my work password, it’s 14 digits with numbers, symbols, and upper and lower case letters.
Another trick I like — and I’m not sure if it matters — is to use a passphrase with words from two (or more) different languages, neither of which is native to where I’m from, or where I live.
But since our passwords are changed every 60 days, I’m not sure it matters. We can’t reuse passwords either.
They still have you rotating every 60 days in 2025?
more like 2 weeks.
with M$ authentication app or physical hardware key at hand.
and everytime you have to log back in.So anyone can walk into any random office and have high odds of finding a password written down?
that’s not what 2FA (two factor authentication) means.
deleted by creator
They also have us using Windows (albeit 11) in 2025.
Not my machine. I don’t question their policies. I just abide by them. I’ll occasionally make wisecracks about how my Macs don’t do this bullshit or that bullshit, but the truth is, Mac has some bullshit that Windows doesn’t, too. It goes both ways. And then there’s Linux, which I think is morally superior to an extent but also requires more upkeep. Anyway, any real geek knows you really can’t get away from the bullshit if you use a computer. It’s just fun to say this vs that, like car guys with Ford and Chevy.
What are the chances I find a password written down at any random desk? I’m gonna guess like 50/50
Yep, all too common. Despite the training videos we all must pass telling us NOT to do that.
Fun fact, one of those training videos is a series of videos with no quiz attached, you just watch a ~5 minute episode of a training-centric parody of The Office… and one of the characters has anime fan art in their cubicle. Not official art. Fan art. One of them is Killua from HUNTERxHUNTER, an 11 or 12 year old boy with psychokinetic powers. Nothing lewd (in any of the fan art) but some cool characters that pretty much only anime fans would recognise. And as an anime fan I’m just looking at this like “why?” I don’t feel like my demograph (anime fan) needed to be appealed to in a corporate training video, but here we are.
LOL training from some incompetent charleton. Sounds worse than knowB4.
I’ve seen some from knowb4 as well.
I don’t think HR cares about the quality of the videos. I think, by offering the videos at all, they check a box that says they tried.
And sometimes someone gets a referral fee off the top. You’ve got the idea, it’s a box they’re checking for insurance or a compliance rating.
Anyway in near future with AI and Quantum computers passwords/phrases are obsolete, than only physical encrypting token or good biometric loggings may help. The problem of quantum computing is, that the first who use it are big data hog corporations, while the normal user must wait until 2040 until the existence of an affordable quantum PC with which he as an opportunity to a selfdefence.
No. If you pick a good passphrase and encrypt something with aes256 it should be safe unless a major discovery in math is made.
Yes, the estimated time it gave is only estimated and will reduce with further advancements in AI, or the onset of the age of quantum computing. I do not think the passphrase I have now will be defeated in less than the 60 days until I cycle it. I don’t doubt that the organisation I work with would be targeted. What level of AI they bring to bear in that fight, I don’t know, but I’m not particularly worried now. Who knows what will happen in a year. I do know governments and businesses are woefully behind the hackers, though. They try to stay ahead, but I think they’re really just trying to give the illusion of staying ahead, and it isn’t a very convincing one.
so ah. this assumes a system that allows unlimited tried in that 10 seconds. you don’t need ai to bruteforce. All the password stuff in the world is not going to help if the admin does not lock out accounts after so many failed attempts. Don’t get me wrong its always good to use good passwords and follow recommendations.
