AI doesn't just guess passwords anymore; it is learning them. Passwords that took hackers years to crack can now be cracked in seconds with machine learning models. Weak, short, or reused passwords are essentially unlocked doors for AI-powered cracking machines.

AI Password Cracking in 2025: Key Findings

AI-powered password cracking has become dramatically faster in 2025, with 85.6% of common passwords now crackable in under 10 seconds[1]. This acceleration stems from two main factors: advanced AI models that learn password patterns and powerful consumer GPUs.

Hardware Advances

The latest consumer graphics cards, particularly the RTX 5090, have transformed password cracking capabilities. Hive Systems reports that a setup of 12 RTX 5090s is now used as the benchmark for modern password cracking attempts[2].

Time to Crack by Password Type

For bcrypt-hashed passwords (work factor 10):

  • 8 characters or less: Instant crack regardless of complexity
  • 10 characters with mixed characters: 27 years
  • 12 characters with mixed characters: 244,000 years
  • 16 characters with mixed characters: 19 trillion years[2:1]

AI’s Impact

AI tools like PassGAN have revolutionized cracking by:

  • Learning common password patterns
  • Recognizing user habits like capitalizing first letters
  • Predicting likely passwords instead of random guessing[1:1]

Security Recommendations

Recent findings emphasize:

  • Length over complexity (minimum 16 characters)
  • Use of password managers
  • Implementation of Multi-Factor Authentication (MFA)
  • Adoption of passkeys where available[3]

  1. Messente - How Quickly Can AI Crack Your Password? ↩︎ ↩︎

  2. Hive Systems - Are Your Passwords in the Green? ↩︎ ↩︎

  3. Forbes - AI Can Crack Your Passwords Fast—6 Tips To Stay Secure ↩︎

  • CerebralHawks@lemmy.dbzer0.comEnglish
    5·
    4 months ago

    2 billion years then? Not bad. Using my work password, it’s 14 digits with numbers, symbols, and upper and lower case letters.

    Another trick I like — and I’m not sure if it matters — is to use a passphrase with words from two (or more) different languages, neither of which is native to where I’m from, or where I live.

    But since our passwords are changed every 60 days, I’m not sure it matters. We can’t reuse passwords either.

    • Zerush@lemmy.mlOP
      12·
      4 months ago

      Anyway in near future with AI and Quantum computers passwords/phrases are obsolete, than only physical encrypting token or good biometric loggings may help. The problem of quantum computing is, that the first who use it are big data hog corporations, while the normal user must wait until 2040 until the existence of an affordable quantum PC with which he as an opportunity to a selfdefence.

      • CerebralHawks@lemmy.dbzer0.comEnglish
        3·
        4 months ago

        Yes, the estimated time it gave is only estimated and will reduce with further advancements in AI, or the onset of the age of quantum computing. I do not think the passphrase I have now will be defeated in less than the 60 days until I cycle it. I don’t doubt that the organisation I work with would be targeted. What level of AI they bring to bear in that fight, I don’t know, but I’m not particularly worried now. Who knows what will happen in a year. I do know governments and businesses are woefully behind the hackers, though. They try to stay ahead, but I think they’re really just trying to give the illusion of staying ahead, and it isn’t a very convincing one.

  • HubertManne@piefed.socialEnglish
    2·
    4 months ago

    so ah. this assumes a system that allows unlimited tried in that 10 seconds. you don’t need ai to bruteforce. All the password stuff in the world is not going to help if the admin does not lock out accounts after so many failed attempts. Don’t get me wrong its always good to use good passwords and follow recommendations.