Artificial Intelligence verses Passwords

Passwords are important but if they do not provide you with any protection there isn't much use in having one.

Case in point, a security company recently used an AI (artificial intelligence) program to crack passwords and was successful over eighty percent of the time in less than one hour. In terms of security that is almost the equivalent of not having a password.

There is also a list of over ten million commonly used passwords - that list is easily available over the Internet. That list is used by security professionals to assess basic security levels in company networks. That list is also available to hackers to quickly access computers and systems using those ten million commonly used passwords.

Artificial Intelligence programs now make using that list all but obsolete, because even if a person is not using one of the passwords in the list, then the program can discover eigthy percent of passwords in under an hour.

What has been a standard, eight characters with a combination of upper and lower case letters, numbers and symbols is or will be obsolete very soon. It only took the Artificial Intelligence program an average of seven hours to crack those passwords.

Additional security methods that are of limited benefit:

• Some websites use a CAPTCHA where the user has to verify they are a human and not a machine. This is where you select a series of pictures or input a code displayed on your screen.
• Many online systems also use two-step or two-factor authentication. This is where a company sends the user a text message, email or verifies the users identity by phone.

Hackers have proven time and again these can be bypassed, giving the hacker access to personal information and profile settings.

Yes, it is aggravating that there are so many people out there who are up to no good on the Internet, but there are and it is difficult to try and stay one step ahead of the bad guys.

The age old saying, about the only way to keep a computer safe is to not connect it to the Internet, or not turn the computer on. This is hardly an option in this day. Computers, phones, tablets and even our household appliances are connected to the Internet. And even if a person does not use the Internet, the probabilty is all the companies we do business with are constantly connected to the Internet.

There are a plethora of security systems and appliances on the market that attempt to keep us safe on the Internet, and if one used everything on the market our computers would not be able to work. Most computers simply are not powerful enough to run all the security programs, certainly at one time. And in some cases security systems work against each other making a computer unusable. A traditional example is running more than one antivirus program at the same time, some can have a tendancy to cancel out the other making a computer in esscence having no antivirus software.

Age old recommendations to not use the same password for multiple needs, and to change passwords frequently are still good advice. Years ago when I was managing a network system a foreign government was constantly attempting to get through our firewall. I noticed it took them about three weeks to breach the first of our multiple firewalls. I simply made it a practice to change the passwords every two weeks. Yes it is a hassle to be constantly changing passwords, but it is something needing to be done.

I would suggest, given the Artificial Intelligence programs chart to begin using ten characters or more, using a mixture of nonseqeuntial upper and lower case alphabets, numbers and symbols. In fact using eighteen characters or as many characters as possible might not be a bad idea. At least they project that current artificial intelligence programs would take 6Qn years to crack those passwords; again that is estimating the time using AIs current capabilities. Next year, who knows.