Paper review - Beyond Credential Stuffing Password Similarity Models using NN
June 12, 2019
Summary
So far password protection measures do not take into account leaked passwords (untargeted measures) This is a targeted measure taking into account leaked password dataset.
Description
Uses Recurrent NN to see how possible it is to predict passwords based on leaked passwords. Metric is how close guessed password is from leaked password. 16% success in 1000 guesses. PPSM System predicts whether the password is safe or not. Collaboration with Cornell IT department, to see how often people used similar passwords even when their old passwords were compromised.
Proposal is to build the tool PPSM, can be deployed client site and gives you an indication of how strong is your password using two tools (untargeted tool does not take into account leaked passwords) and targeted tool (Pass2Path takes into account leaked passwords).
Strong Points
PPSM Easy to deploy and accurate Passwords stored as series of keystrokes instead of ASCII characters (so minimum edit distance takes into account keys like Shift keys, Caps Lock etc)