AI doesn't just guess passwords anymore; it is learning them. Passwords that took hackers years to crack can now be cracked in seconds with machine learning models. Weak, short, or reused passwords are essentially unlocked doors for AI-powered cracking machines.

AI Password Cracking in 2025: Key Findings

AI-powered password cracking has become dramatically faster in 2025, with 85.6% of common passwords now crackable in under 10 seconds[1]. This acceleration stems from two main factors: advanced AI models that learn password patterns and powerful consumer GPUs.

Hardware Advances

The latest consumer graphics cards, particularly the RTX 5090, have transformed password cracking capabilities. Hive Systems reports that a setup of 12 RTX 5090s is now used as the benchmark for modern password cracking attempts[2].

Time to Crack by Password Type

For bcrypt-hashed passwords (work factor 10):

  • 8 characters or less: Instant crack regardless of complexity
  • 10 characters with mixed characters: 27 years
  • 12 characters with mixed characters: 244,000 years
  • 16 characters with mixed characters: 19 trillion years[2:1]

AI’s Impact

AI tools like PassGAN have revolutionized cracking by:

  • Learning common password patterns
  • Recognizing user habits like capitalizing first letters
  • Predicting likely passwords instead of random guessing[1:1]

Security Recommendations

Recent findings emphasize:

  • Length over complexity (minimum 16 characters)
  • Use of password managers
  • Implementation of Multi-Factor Authentication (MFA)
  • Adoption of passkeys where available[3]

  1. Messente - How Quickly Can AI Crack Your Password? ↩︎ ↩︎

  2. Hive Systems - Are Your Passwords in the Green? ↩︎ ↩︎

  3. Forbes - AI Can Crack Your Passwords Fast—6 Tips To Stay Secure ↩︎

  • Zerush@lemmy.mlOP
    12·
    4 days ago

    Anyway in near future with AI and Quantum computers passwords/phrases are obsolete, than only physical encrypting token or good biometric loggings may help. The problem of quantum computing is, that the first who use it are big data hog corporations, while the normal user must wait until 2040 until the existence of an affordable quantum PC with which he as an opportunity to a selfdefence.

    • redsand@lemmy.dbzer0.comEnglish
      4·
      4 days ago

      No. If you pick a good passphrase and encrypt something with aes256 it should be safe unless a major discovery in math is made.

    • CerebralHawks@lemmy.dbzer0.comEnglish
      4·
      4 days ago

      Yes, the estimated time it gave is only estimated and will reduce with further advancements in AI, or the onset of the age of quantum computing. I do not think the passphrase I have now will be defeated in less than the 60 days until I cycle it. I don’t doubt that the organisation I work with would be targeted. What level of AI they bring to bear in that fight, I don’t know, but I’m not particularly worried now. Who knows what will happen in a year. I do know governments and businesses are woefully behind the hackers, though. They try to stay ahead, but I think they’re really just trying to give the illusion of staying ahead, and it isn’t a very convincing one.