AI Enhances Cyber Threats: The Need for Stronger Password Security

AI-driven cyberattacks are accelerating, making passwords more vulnerable to brute-force and dictionary attacks. Common weak passwords can be cracked instantly, while even complex ones are at risk. Experts recommend using long, unique passphrases, password managers, and passkeys for security.

The growing capabilities of artificial intelligence (AI) are transforming various industries, but they are also introducing new cybersecurity challenges. One significant concern is AI's ability to compromise password security. 

With advancements in language models and computing power, AI can conduct brute-force and dictionary attacks more efficiently, reducing the time required to crack even complex passwords.

According to a study by cybersecurity firm Hive Systems, an eight-character password containing only lowercase letters can be cracked instantly, while an eight-character password with a mix of letters, numbers, and symbols takes only 39 minutes. Even a 12-character complex password, which was previously considered secure, can now be cracked in about two months using AI-enhanced attacks. 

Furthermore, reports indicate that cyberattacks leveraging AI have increased by 300% in the last five years, demonstrating the growing risks associated with password security.

Cybersecurity experts warn that AI is accelerating the pace at which passwords can be guessed or compromised. Ignas Valancius, Head of Engineering at NordPass, states, 

“AI is a breakthrough technology that is beginning to permeate all aspects of life and business, including cybersec. We should be mindful that in 2025, the time it takes to guess, social engineer, or brute-force passwords is going to drop dramatically due to AI tools in the hands of cybercriminals.”

Common passwords: An easy target

Research on the Top 200 Most Common Passwords highlights the vulnerability of widely used passwords. Simple and frequently used passwords, such as “123456” and “qwerty”, can be cracked in less than a second. Traditionally, complex passwords provided greater security, but AI’s ability to analyse and test multiple combinations at unprecedented speed poses a significant threat.

The combination of AI and increased computing power means that even moderately complex passwords can now be compromised faster than ever before.

AI’s role in cyberattacks

Advancements in AI are making it easier for cybercriminals to conduct dictionary and brute-force attacks. Dictionary attacks involve using precompiled lists of commonly used passwords, including words, names, and their variations. Attackers also manipulate letter and number substitutions, such as changing "password" to "p@ssw0rd", to breach accounts.

Valancius highlights that AI models are being commoditised, making sophisticated attacks accessible to a wider range of malicious actors. “I’m not saying that super long, random 18-character passwords are at immediate risk. But shorter ones – they could be in danger. With the arrival of DeepSeek, language models are being commoditised. 

Recently, researchers at Stanford and the University of Washington trained the ‘reasoning’ model using less than $50 in cloud computing credits. With things so cheap, more threat actors will choose the easy way – buy some datasets on the dark web, ask an AI to make dictionary or brute force attacks on all the accounts, and go watch a movie. No need to organise months-long phishing campaigns,” he explains.

Poor password security habits persist

Despite increasing awareness, many users continue to rely on weak passwords. The latest NordPass research on the most common passwords reveals that “123456” has remained one of the most frequently used passwords for five out of the last six years, while “password” has topped the list once.

Another concern is that AI tools, including free versions used for productivity, collect and analyse data that can be leveraged for cyberattacks. Valancius warns that AI’s ability to learn from user interactions presents additional risks. 

“And let’s not forget that the more people use AI, the more it learns about them. This is to say that many people already share sensitive data with ‘free’ AI tools to get things done, but here’s the catch – nothing’s really free. 

That data gets used for training, tracking, and, even worse, creating detailed profiles for more targeted attacks. So, as we move forward, it’s crucial to keep our passwords long and strong, and tread carefully as we interact with AI tools,” he states.

Strengthening digital security: Best practices

To mitigate the risks posed by AI-driven attacks, it is essential to create stronger passwords and adopt secure authentication methods. Experts recommend the following:

Use long and complex passwords: A password should be at least eight characters long and include a mix of uppercase and lowercase letters, symbols, and numbers. However, the longer the password, the better its security. Personal information such as names, dates of birth, anniversaries, and pet names should be avoided, as AI can predict and exploit such data.

Create passphrases: A passphrase—a combination of random words or a modified well-known phrase—can enhance security. For example, the phrase “May the Force be with you” can be transformed into a strong passphrase: “M@Y7heF0rc3BwithY0(_)”.

Use unique passwords for different accounts: Reusing passwords increases the risk of multiple accounts being compromised if one is breached. Each account should have a distinct and secure password.

Utilise password managers: Remembering multiple strong passwords can be difficult. Password managers help generate, store, and synchronise passwords securely across devices, requiring users to remember only one master password.

Adopt passkeys: An alternative to traditional passwords, passkeys use biometric verification and cryptographic keys to authenticate users. This method eliminates the need for passwords entirely, relying on facial recognition or fingerprint scanning for access.

About NordPass

NordPass is a password manager designed for both business and consumer users. Developed by the cybersecurity experts behind NordVPN, NordPass prioritises security, affordability, and ease of use. It allows users to securely store and access passwords across desktop, mobile, and browser platforms. All passwords are encrypted on the device, ensuring only the user has access. NordPass is backed by NordVPN, a trusted security and privacy provider with over 14 million users worldwide.