Skip to Content

A Pair of AIs Have Become Very Good at Guessing Your Passwords

September 18, 2017

Two neural networks can guess a quarter of the passwords in use on a website. At least that's according to new research by a team from the Stevens Institute of Technology, who have built a so-called generative adversarial network that can make educated guesses at what your password might be.

The underlying idea is simple enough: have one neural network build something, then use another to determine its quality. It's a concept masterminded by Ian Goodfellow, one of our 35 Innovators Under 35 for 2017, who isn't part of this research project.

What the Stevens Institute team has done with that idea is have one AI chomp through tens of millions of leaked passwords to learn how to generate new ones, while the other learned how to judge whether a newly created one was compelling. Comparing their efforts to a LinkedIn credentials leak, the AI-generated passwords matched 12 percent of the real ones. When the researchers also rolled in some human-created rules from a software tool known as hashCat, they were able to guess 27 percent of passwords—as much as 24 percent more than hashCat can achieve alone.

It is, obviously, still a technique in its infancy, and it's unclear if a 24 percent boost really warrants the weight of such advanced machine learning. But this appears to be the first time that a generative adversarial network has been used to help crack passwords, and it seems likely that the technique will improve faster than conventional approaches as it chews on more data.

At any rate, it may not be all bad news. As Thomas Ristenpart, a computer scientist from Cornell Tech in New York City, tells Science: “The new technique could also potentially be used to generate decoy passwords to help detect breaches.”

Keep Reading

Most Popular

Here’s how a Twitter engineer says it will break in the coming weeks

One insider says the company’s current staffing isn’t able to sustain the platform.

Technology that lets us “speak” to our dead relatives has arrived. Are we ready?

Digital clones of the people we love could forever change how we grieve.

How to befriend a crow

I watched a bunch of crows on TikTok and now I'm trying to connect with some local birds.

Starlink signals can be reverse-engineered to work like GPS—whether SpaceX likes it or not

Elon said no thanks to using his mega-constellation for navigation. Researchers went ahead anyway.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.