The perils of generative AI: Password fortification is the way to go


By Rajesh Ganesan, President, ManageEngine

Over the past few years, the frenetic acceleration of digitalization and the advent of generative AI have both garnered curiosity and raised many concerns with respect to data security.  Yet, the rapid advancement of technology is not without its own set of drawbacks. 

As the age-old adage goes, any new technology brings its own advantages and disadvantages. While AI is predominantly being used by cybersecurity specialists to reduce human error, eliminate time-consuming tasks, and spot security issues, malicious actors are using AI, specifically generative AI, to boost their hacking game.  Passwords are most often the first line of defense to get breached when cybersecurity infrastructures are compromised. There are several password cracking tools that malicious actors employ to breach security infrastructures, ranging from those that use basic data models to those that use generative adversarial networks (GANs) to crack passwords more quickly and effectively, like PassGAN, a password cracking tool currently making waves on the internet.

To maintain the integrity and security of their data, everyone—from individuals to organizations—must be up to date with today’s rapidly evolving IT security trends.  This stat becomes relevant particularly for India, as it is constantly among the most targeted nations for cyberattacks. According to a recent survey, India was the most frequently targeted country in Asia and ranks second globally just behind the United States. The same survey noted that India had a staggering 24.3% spike in cyberattack cases since last year. Given how quickly generative AI is advancing in its ability to facilitate identity theft, it is even more important to mitigate the effects by implementing a strong password hygiene routine.

What is PassGAN?

A portmanteau of the word “password” and the acronym “GAN”, it is a newer kind of tool that uses AI to swiftly crack passwords. According to a Home Security Heroes study, PassGAN could decipher 51% of popular passwords in under a minute; complex passwords take a bit more time, but not much, with 65% deciphered in under an hour, 71% deciphered in under a day, and 81% deciphered in under a month. The study also found that passwords that incorporated both perfect length (more than eight characters) and complexity (special characters) turned out to be the most secure.

Most password-cracking software employs straightforward data models and presumptions regarding password patterns. On the contrary, PassGAN has the capacity to evaluate and learn from data in order to become increasingly intelligent.

Is our data really in peril? 

It’s worth noting that similar password-cracking tools have been doing the rounds since 2017. Contrary to popular belief, it is not a ground-breaking tool developed at the height of the generative AI, despite appearing to employ cutting-edge, password-cracking technology.

Only when there is a data breach can these tools be used to crack passwords. Hackers do not immediately obtain access to password details the moment a website is compromised; they’ll only be able to access the passwords’ encrypted “hash,” which isn’t the same as accessing accounts directly. Additionally, they would need to compromise a server to access accounts and effectively breach the network.

Stronger password protection is the ideal approach

Although passwordless alternatives and biometrics have recently become all the rage, they aren’t devoid of errors or biases. At the moment, passwords continue to be the primary and easiest method of authentication. The way we can defend ourselves and the integrity of our data is by using proper password hygiene. Implementing a set of basic security hygiene procedures—such as ensuring and enforcing strict password policies, compliance with NIST and GDPR regulations, incorporating MFA controls, periodic vulnerability scanning and patching of endpoints, changing passwords on a regular basis, and never using the same password—can make a world of a difference. 


Please enter your comment!
Please enter your name here