RICHMOND, Va. — New research from Hive Systems shows that passwords following industry-standard requirements can now be cracked through brute force in less than five minutes. The new findings were released by the cybersecurity company after conducting extensive research around password security and the increasingly large role artificial intelligence plays in data security. The results are presented in the firm’s annual password table.
“The time has finally come where passwords are just no longer secure by themselves,” said Alex Nette, CEO and co-founder of Hive Systems. “With the easily accessible use of artificial intelligence tools and hardware, hackers have never been in an easier position to gain access to our personal data. Without additional protections, I don’t think we can consider our data to be safe.”
Last year’s report noted that it could take a hacker just under an hour to crack a complex eight-character password. This year, the same passwords can be cracked up to eight times faster — in just five minutes. The technological advances in cybercrime have increased at such a rapid rate that any password under eight characters can instantly be cracked, regardless of the complexity of the password.
Hive Systems is calling for the universal use of multifactor authentication — a generally free cybersecurity tool that requires a multi-step process to log into any protected account. With the advent of publicly accessible AI tools, a second step that requires the personal action of a user to confirm their identity is the best way to keep account information safe.
Additionally, the use of a password manager for creating and storing passwords significantly increases the safety and security of passwords. However, these passwords are also becoming less and less secure. Last year, a 12-character password created by a reputable password manager could take up to 3,000 years to crack — this year, that number has been reduced to 226 years.
“Strong and unique passwords just aren’t very strong anymore,” said Corey Neskey, vice president of Quantitative Risk at Hive Systems. “The combination of a password manager that generates long, complex passwords, and the use of multifactor authentication are the best ways to reduce your risk.”