Even with new biometric and multi-factor authentication systems, passwords are still the main way users identify themselves. Many large data breaches show that users often create passwords based on predictable patterns. They include personal details like names, dates, or places. Traditional methods for checking password strength cannot detect these patterns. This means they underestimate how vulnerable these passwords are, even if they look complex. We suggest a new method to find password patterns. This method combines personal information from social media, probabilistic grammar models, and neural network analysis of sequences. The system has three parts: (1) It extracts personal tokens from social media profiles, such as names, schools, graduation years, interests, and companies. (2) It creates personalized password guesses using a grammar model that adapts to each user. (3) It tests these guesses with a character-level LSTM model trained on 31,000 real-world leaked passwords. Testing shows that including personal tokens improves results. Precision goes up by 14%, recall by 18%, and the number of attempts needed drops by over ten times. The system works locally and only uses anonymized and outdated personal data. This protects user privacy. Our approach helps find hidden patterns in how passwords are made. It can support better security policies and personalized password strength checks.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Personalized Analysis of Password Generation Rules Using OSINT-Derived Tokens and Neural Models

  • Leila Rzayeva,
  • Merei Zhaparkhanova,
  • Alissa Ryzhova,
  • Zhaksylyk Kozhakhmet,
  • Ali Myrzatay

摘要

Even with new biometric and multi-factor authentication systems, passwords are still the main way users identify themselves. Many large data breaches show that users often create passwords based on predictable patterns. They include personal details like names, dates, or places. Traditional methods for checking password strength cannot detect these patterns. This means they underestimate how vulnerable these passwords are, even if they look complex. We suggest a new method to find password patterns. This method combines personal information from social media, probabilistic grammar models, and neural network analysis of sequences. The system has three parts: (1) It extracts personal tokens from social media profiles, such as names, schools, graduation years, interests, and companies. (2) It creates personalized password guesses using a grammar model that adapts to each user. (3) It tests these guesses with a character-level LSTM model trained on 31,000 real-world leaked passwords. Testing shows that including personal tokens improves results. Precision goes up by 14%, recall by 18%, and the number of attempts needed drops by over ten times. The system works locally and only uses anonymized and outdated personal data. This protects user privacy. Our approach helps find hidden patterns in how passwords are made. It can support better security policies and personalized password strength checks.