This algorithm can probably guess your password

TarGuess framework uses mathematical models to crack your paswords

University researchers have developed a framework that can guess passwords 73% of the time.

The system, called Targuess, was built by researchers from Lancaster University, Peking University and Fujian Normal University, whopublisheda paper on their efforts, saying thatagainst more security-conscious users, the framework can still claim success 32% of the time.

While trawling online/offline password guessing has been intensively studied, only a few studies have examined targeted online guessing, where an attacker guesses a specific victim's password for a service, by exploiting the victim's personal information, such as one sister password leaked from another account and some personally identifiable information (PII).

"A key challenge for targeted online guessing is to choose the most effective password candidates, while the number of guess attempts allowed by a server's lockout or throttling mechanisms is typically very small," said the authors.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The researchers said that TarGuess "systematically characterises typical targeted guessing scenarios with seven sound mathematical models", each of which is based on varied kinds of data available to an attacker. These models allow the team to design novel and efficient guessing algorithms.

The team then carried out experiments using 10 large real-world password datasets, notably including ones found in the Yahoo breach. Among the ten most popular passwords used on Yahoo were (unsurprisingly) 123456, password, welcome, and ninja, among others.

Targuess was trained up on one set of passwords from one website and then used its training to guess passwords users used on other websites.

The researchers said that the results from the framework suggested that currently used security mechanisms would be largely ineffective against the targeted online guessing threat, and this threat has already become much more damaging than expected.

"We believe that the new algorithms and knowledge of effectiveness of targeted guessing models can shed light on both existing password practice and future password research," said the authors.

Featured Resources

Digital Risk Report 2020

A global view into the impact of digital transformation on risk and security management

Download now

6 ways your business could suffer if you don’t backup Office 365

Office 365 makes it easy to lose valuable data regularly, unpredictably, unintentionally, and for good

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now

8 digital best practices for IT professionals

Don't leave anything to chance when going digital

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/security/ddos/28039/how-to-protect-against-a-ddos-attack
Security

How to protect against a DDoS attack

25 Oct 2019
Visit/data-breaches/29418/equifax-data-breach-cost-14-billion-so-far
data breaches

Ex-Equifax CIO to serve four months for insider trading

2 Jul 2019

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/technology/artificial-intelligence-ai/354796/ai-identifies-11-earth-bound-asteroids
artificial intelligence (AI)

AI identifies 11 earth-bound asteroids

18 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020
Visit/security/34616/the-top-ten-password-cracking-techniques-used-by-hackers
Security

The top ten password-cracking techniques used by hackers

10 Feb 2020