Artificial intelligence and password security: AI can now steal your passwords
Artificial intelligence (AI) is fast becoming part of our everyday lives. Whether it’s chatbots artificial intelligence, or in other areas such as artificial intelligence at home, or artificial intelligence and programming, or technology, healthcare and finance. AI has the potential to bring many positive things to society, but it also has the potential to pose a threat to our privacy and security online (check our article internet safety tips). When was the last time you changed your password? After reading this article, you might want to do it immediately. One of the potential artificial intelligence dangers is that it can be used to steal passwords. Hackers can use AI to train models that are able to predict passwords based on information available about us online. This information may include our names, dates of birth, addresses and even our hobbies. Researchers at Cornell University have also discovered a new way for AI tools to steal your data – keystrokes. A new research paper details an AI-driven attack that can steal passwords with up to 95% accuracy by listening to what you type on the keyboard. After just a few keystrokes, artificial intelligence began to narrow down the possible combinations. By the time you finish typing in the entire strong password, there’s a good chance the AI has already guessed it. A bit disturbing, isn’t it? We all know that using the same passwords over and over on different sites is a bad idea, but now even your most secure passwords could be vulnerable to this new threat. The researchers came to this conclusion by training an AI model based on the sound of keystrokes and deploying it on a phone. The integrated microphone listened to keystrokes on the MacBook Pro and was able to reproduce them with 95% accuracy, the highest accuracy the researchers have recorded without using a large language model. The team also tested accuracy during the call via the Zoom app, in which keystrokes were recorded using the laptop’s microphone during the meeting. In this test, the artificial intelligence was 93% accurate in reproducing keystrokes. In Skype, the model was 91.7% accurate. Before you throw out your loud mechanical keyboard, it’s worth noting that the volume of the keyboard had little to do with the accuracy of the attack. Instead, the AI model was trained based on the progression, intensity and timing of individual keystrokes to identify them. For example, you might press one key a fraction of a second later than others because of your typing style, and the AI model takes that into account. The researchers used CoAtNet, which is an AI image classifier, for the attack and trained the model on 36 keystrokes on a MacBook Pro, each pressed 25 times. There are several ways around this kind of attack. What won’t help you, however, is a new keyboard. Even the best keyboards can fall victim to attack due to the way it works, so quieter keyboards won’t make any difference.
In the article you will learn:
4 common consequences of security breach
What happens when a company password is hacked? Once a password is compromised, the company is open to malicious activities that threaten its overall cyber security. Damages can include everything from financial losses to the theft of trade secrets. Here are some typical events after a corporate password breach: 1. Hacked passwords can lead to data theft Data loss is a devastating consequence of a security breach.
Financial records, trade secrets, and product development can be compromised because an AI tool figured out the right password, which allows the wrong person to access company data. 2. Hacked passwords can cause business disruption When a breach occurs, one of the most serious consequences can be a complete disruption of the business. For example, a data breach in April 2023 caused a complete disruption of Western Digital’s digital storage services. The costs associated with business disruption can range from thousands to millions of dollars per day, depending on the size of the organization. And when a network security threat succeeds, it can take several weeks to recover from the attack, causing problems such as loss of trust in the marketplace and theft of corporate assets. 3. Hacked passwords can lead to financial theft The financial impact of a security breach depends on the type of cyber attack. The affected company may lose revenue due to shutdowns, stolen funds or fines from regulators. Add to this the cost of administrative improvements, such as fixing security infrastructure or implementing new procedures, and a business can face devastating financial consequences. The cost of a data breach can be devastating. According to a 2022 IBM report, the average cost of a cybercrime incident is $8 million. 4. Hacked passwords can lead to legal liability In addition to regulatory fines, a business that suffers a data breach also faces legal consequences. There are state and federal standards that help minimize the impact of a cyberattack and require a full audit of company records, practices and procedures to ensure that the business was in full compliance with all rules and regulations at the time of the breach.
Tips to protect passwords and online privacy from AI hacker threats
If you want to protect yourself from AI systems that can hack your passwords just by listening to your keystrokes, here are some tips:
- Don’t enter your password using features such as Windows Hello and Touch ID.
- Use Password Manager.
- Use a VPN (What is a VPN? It’s a virtual private network, more below).
The password manager creates and remembers complex and unique passwords for all your accounts. Instead of using the same password over and over again, you’ll have a different strong password for each service.
Password manager – recommended applications:
Most of the following apps can be used as a password manager on pc (desktop, Wndows, mac) or mobile (Android or Apple). You can also find a basic password manager in Chrome, Firefox or Google apps.
1password
The free 1password service is available in a limited free version. Pricing for the paid 1password service starts at $7.99 per month for individual users; a starter package for a team costs $19.95 per month with licenses for up to 10 users. Team Level provides options for as many unique, random passwords as your business needs, along with password management services to keep everything in order. For greater customization, 1password offers an enterprise-level service (pricing options available upon request) that provides additional layers of security such as custom roles and access levels, daily activity logs, and usage reports to help improve your enterprise security efforts.
Dashlane
Dashlane allows users to create completely random passwords on demand to give you continuous security (and the assurance that your important company data is safe). One of the key differentiators that Dashlane offers is a virtual private network (VPN), which is complemented by additional security features. With its VPN and dark web monitoring service, Dashlane provides robust functionality to any business, from one-person operations to large enterprises. Dashlane pricing: for a starter account, you can get 10 licenses for $20 per month – $2 per user. However, this service level does not provide VPN, single sign-on services or on-demand support. A corporate account with all the features and functions that Dashboard offers costs $8 per month per user.
ESET Password Manager
ESET Password Manager is part of the ESET Smart Security Premium package, which costs $139.99 per year for one device, $199.99 per year for three devices, or $299.99 per year for five devices. ESET Password Manager is a password management tool that helps you store, manage and protect your passwords. It offers many features:
- Secure password storage: ESET Password Manager stores your passwords in an encrypted format so they are protected from unauthorized access.
- Password generation: ESET Password Manager can generate strong and unique passwords for all your accounts.
- Autofill: ESET Password Manager can automatically fill in your passwords for you when you log in to websites and apps.
- Multi-device support ESET Password Manager can be used on multiple devices, so you can access your passwords from anywhere.
RoboForm
RoboForm offers a robust free service that provides unlimited password storage, cloud storage for notes, login sharing, and multi-platform support. It also includes a password generator, two-factor authentication and a mobile app. Paid levels of RoboForm: While the free service offers a reasonable amount of functionality, its paid service allows you to sync information across multiple devices and apps. Pricing for RoboForm’s paid service starts at $23.88 per year for an individual user, $47.75 per year for a family plan that supports up to five users, and an enterprise level that ranges from $29.99 to $39.99 per year per individual user.
NordPass
The free version of NordPass allows users to create and manage passwords, credit card details and multi-factor authentication. Paid versions of NordPass: Premium levels offer additional features such as syncing information between devices, identifying trusted contacts and granting access to secure files to known users. The good news is that Nord offers reasonable pricing structures with regular discounts (especially for first-time users). Its paid service for individual accounts costs $72 for two years, but there is also a discounted rate of $35.76 ($1.49 per month) for the first two years. Family plans with support for up to six users are also available.
Keeper
Individual Keeper pricing: for $35 per year, Keeper provides individual users with a mobile app and browser extension that simplifies password security while syncing data across as many devices as needed. There is also a family plan available for $75 billed annually. Keeper for Business pricing: Keeper Business Starter costs $2 per user per month, with a minimum of five users. You can securely share passwords with team members or trusted colleagues, so you don’t have to worry about hackers intercepting a text message or email. Perhaps best of all, Keeper decrypts the information on your device so it’s never stored on a remote server. Your information stays with you and is never shared with anyone. After leaving the service, all decryption data is deleted. Keeper also has Business and Enterprise tiers with additional features:
- Enable two-factor authentication
Two-factor authentication adds an extra layer of security to your accounts. Once you’ve entered your password, enter the code sent to your phone via text message or app. Enable two-factor authentication on any account that offers it, such as email, social media, banking, and more. This will help prevent hackers from accessing your accounts, even if they have your password.
- Use a virtual private network
A VPN encrypts all data sent to and from your devices. It hides your online activity and location, making it much harder for hackers to find out what accounts you’re accessing or intercept keystrokes.
Recommended VPN apps
VPN – what is it? A VPN is a virtual private network that creates a secure and encrypted connection on less secure networks. Allows you to hide your internet activity and IP address.
NordVPN
The award for overall best VPN went to NordVPN, which costs just £2.39 per month and comes with a 30-day money-back guarantee. It has a great balance between best-in-class security and price, so if you want to protect your privacy from everything else, then NordVPN is the best option. The performance is top notch too, boasting a huge number of servers located in almost every country you could need.
Surfshark
Surfshark has earned the Most Advantageous VPN label and you can get it on sale for as little as £1.83 per month and it comes with a 30-day money-back guarantee. Its security is also top-notch with 256-bit AES encryption, audited non-logging policy and automatic shutdown. The performance is also impressive.
ExpressVPN
If you’re looking for a great all-round option that’s very easy to use, then this VPN is for you. ExpressVPN has all the features you could want from a premium VPN: top-notch security, a fast and stable connection, and it’s a great option for streaming.
Private Internet ACCESS
Private Internet Access (PIA) is a VPN service that provides its users with privacy and security on the Internet. PIA offers a wide range of features and services. PIA uses AES-256-GCM encryption, which is considered the most secure encryption on the market. The kill switch will automatically disconnect your internet connection if your VPN connection is interrupted. DNS leak protection prevents your DNS requests from leaking out, which could reveal your real IP address. PIA supports P2P file sharing, so you can download torrent files without worrying about your privacy. It is available on a wide range of platforms, including Windows, macOS, Linux, iOS and Android. In addition to these basic functions, PIA offers several other advanced features. Split tunneling allows users to route certain types of traffic through the VPN and other traffic through their normal Internet connection. Port forwarding allows users to access their home devices from the Internet. Ad blocker blocks ads and other unwanted content. WebRTC leak protection prevents your IP address from being leaked via WebRTC. The price of PIA ranges from $1.98 to $11.95/month, but the price depends on how long you want to use the service. If you don’t want to commit to an annual subscription, you can choose a monthly plan for $3.33/month. The best value plan would be 3 years + 3 months for $1.98/month.
CyberGhost
CyberGhost was created with speed in mind and provides unlimited bandwidth. You can set your location to any location while keeping your address hidden. Choose from over 100 locations in 100 countries. It also provides protection from public Wi-Fi. It provides comprehensive online protection, with 256-bit AES encryption and multiple protocols, plus split tunneling and a kill switch, you know your internet connection is fully protected. All your data is encrypted, and includes additional security features in addition to 256-bit AES encryption and multiple leak protection options. The price ranges from 2.11€ per month, or 56.97€ for the first two years. They also offer a 6-month tie-up for €6.99 per month and a VPN service for one month where the price is €11.99. In addition to the one-month subscription, the other two options come with a 45-day money-back guarantee if you’re not satisfied with the service.
Be careful what personal information you share
The more information about you that’s available online, the easier it is for hackers and artificial intelligence systems to guess or steal your passwords. Be cautious about sharing details such as date of birth, hometown, pet names and other personal facts on social media and elsewhere. Only make public information that you would agree to anyone having access to. Taking these steps will make you a much less attractive target for AI hackers trying to obtain passwords. As worrying as this technology is, with some improved security practices you can help ensure your accounts and data stay safe from these new threats.
Safety is important at msg life
At msg life Slovakia, we regularly participate in Hackerfest, for example, and the experience gained is used by our colleagues to protect their data. If you are a Java developer or IT tester with German, take a look at our employee benefits and respond to the latest job offers!
- Java vs C# – comparison of programming languages (2024)
- Interview questions for the prospective employee and the employer with answers
- Generations X, Y, Z and Baby boomers in the workplace: how to work with them?
- Why soft skills are important
- Workplace bullying: bossing, mobbing. How to fight them?
- Programming is the future! Learn to code with programming courses online
