If George Washington Had a TikTok, What Would His Password Be?
Artificial intelligence can be tricked into making password-based authentication even weaker.
Have you ever thought of what George Washington's hypothetical TikTok password might be? It's a strange question, but a useful one. Why? Because George Washington can be replaced with anyone a hacker is targeting for impersonation on any platform. And artificial intelligence can help them. The chatbot ChatGPT was recently asked to come up with George Washington's TikTok password as a proof of concept.
Note: This article describes an experiment that was done for research purposes only, to raise awareness of how weak password-based authentication is, and how AI weakens it even more. It does not allow anyone to use the technique described to perform any illegal activity nor gain unauthorized access to different accounts.
What Is ChatGPT?
ChatGPT is an AI chatbot developed by OpenAI. It's trained to follow an instruction in a prompt and provide a detailed response, and anyone can ask it to complete various creative tasks — even to guess what George Washington's password would be if he had a TikTok account.
What Is a Password List?
A password list is a list of passwords that are commonly used. It can be either a generic list that can help with guessing anyone's password, or a customized list for a specific person, celebrity, or platform. This list can then be used to crack credentials using a dictionary attack and lead to identity theft and impersonation. The task of generating this list can be done by AI engines with great efficiency.
Let's hypothetically consider how ChatGPT could be used to generate a password list for George Washington's TikTok account. To start, we would need a data set of passwords that are commonly used by individuals, including historical figures like George Washington. This data set would then be used to train ChatGPT, allowing the model to learn patterns and generate new passwords that are similar in structure and complexity. Examples could include phrases or words from his famous speeches or quotes, historical events, or personal information such as his name or birthdate. Some potential password examples could be:
Icannottellalie1776!
1stPresOfUS
ValleyForge1778
GWbirthday0222
So, Can ChatGPT Help Anyone Generate a Password List?
The creators of ChatGPT and other AI chatbots don't want them to be used for malicious activities such as password cracking and credential theft. This is why a direct approach won't work:
But there's a workaround.
AI Chatbot Jailbreak
As with many other new technologies, ChatGPT has some flaws. Currently, it is extremely naive and can be tricked quite easily. Think of it as performing a social engineering attack against an artificial intelligence entity that acts like a young child. Escaping the restrictions of an AI chatbot is called jailbreak, and there are websites dedicated for the development and sharing of these techniques.
For example, if you want to generate a password list, you can just avoid explicitly writing down the phrase "password list," and also ask for a specific number of passwords:
Another option is to go with a positive approach instead of a negative one, and ask for a list of safe passwords:
Another technique includes attempts to persuade ChatGPT with different excuses:
In addition, there are more fancy techniques, like making ChatGPT act as a different character. For example, it can be turned into the helper AI chatbot of Niccolò Machiavelli, the famous Italian diplomat and philosopher who separated politics and moral and claimed that politicians do not need to follow moral standards. This shakes the moral level of ChatGPT and makes it do things it usually won't do:
Although ChatGPT is extremely naive, in some cases its naiveté has its limits:
So, How Dangerous is It?
Password list generation tools have existed for a long time. Like with other tasks, AI can greatly increase the quality, efficiency, and ease of generating these lists, hence increasing the chance of successful credential-guessing attacks. It can be used to generate password lists for real people and celebrities:
It can also be used to create focused and enhanced lists:
How to Stay Safe
Password-based authentication becomes weaker when attackers utilize AI for password list generation and cracking. To reduce the risk of credentials theft, these principles should be followed:
Use strong passwords of 12 or more characters with a mix of character types.
Do not reuse the same password for different systems; use password managers or a logic that would generate different passwords.
Enable strong multifactor authentication for any platform that supports it.
Block unnecessary access to login interfaces in systems under your control.
AI Is the Future — but We Need to Be Cautious
As with any new ground-breaking technology, AI chatbots grant us many exciting opportunities, alongside new challenges. Many societal changes will take place when this technology is widely adopted, and some of them might be hazardous, such as massive job loss. Recently, scientists, researchers, and tech leaders, including Elon Musk, published a letter that urges artificial intelligence labs to pause development and described AI tools as "profound risks to society and humanity." This is why we should be very careful and cautious with the speed of development and adoption of this game-changing technology. Nonetheless, artificial intelligence is considered the next great technology leap of mankind. Technology will keep moving forward and new technologies like AI, with its many benefits, should eventually be embraced.
It's also important to note that adoption and usage of AI should be done with a critical eye, as the technology is still new and it makes mistakes from time to time. For example, when ChatGPT was asked to address the issue of this article, it stated, "First and foremost, we have no way of knowing if George Washington even had a TikTok account." Another text-to-image AI had an interesting interpretation of "George Washington with a duck face":
Oh, one more thing: One of the paragraphs of this column was completely written by ChatGPT.
Can you spot which one?
About the Authors
You May Also Like