This algorithm can probably guess your password

TarGuess framework uses mathematical models to crack your paswords

University researchers have developed a framework that can guess passwords 73% of the time.

The system, called Targuess, was built by researchers from Lancaster University, Peking University and Fujian Normal University, whopublisheda paper on their efforts, saying thatagainst more security-conscious users, the framework can still claim success 32% of the time.

Advertisement - Article continues below

While trawling online/offline password guessing has been intensively studied, only a few studies have examined targeted online guessing, where an attacker guesses a specific victim's password for a service, by exploiting the victim's personal information, such as one sister password leaked from another account and some personally identifiable information (PII).

"A key challenge for targeted online guessing is to choose the most effective password candidates, while the number of guess attempts allowed by a server's lockout or throttling mechanisms is typically very small," said the authors.

The researchers said that TarGuess "systematically characterises typical targeted guessing scenarios with seven sound mathematical models", each of which is based on varied kinds of data available to an attacker. These models allow the team to design novel and efficient guessing algorithms.

The team then carried out experiments using 10 large real-world password datasets, notably including ones found in the Yahoo breach. Among the ten most popular passwords used on Yahoo were (unsurprisingly) 123456, password, welcome, and ninja, among others.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Targuess was trained up on one set of passwords from one website and then used its training to guess passwords users used on other websites.

The researchers said that the results from the framework suggested that currently used security mechanisms would be largely ineffective against the targeted online guessing threat, and this threat has already become much more damaging than expected.

"We believe that the new algorithms and knowledge of effectiveness of targeted guessing models can shed light on both existing password practice and future password research," said the authors.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Recommended

Visit/security/cyber-security/355185/165-million-britons-experienced-a-cyber-crime-in-the-past-year
cyber security

Report: 16.5 million Britons fell victim to cyber crime in the past year

1 Apr 2020
Visit/cloud/amazon-web-services-aws/355183/aws-launches-amazon-detective
Amazon Web Services (AWS)

AWS launches Amazon Detective for investigating security incidents

1 Apr 2020
Visit/security/privacy/355182/government-to-launch-coronavirus-contact-tracking-app
privacy

UK government to launch coronavirus 'contact tracking' app

1 Apr 2020
Visit/software/video-conferencing/355180/zoom-does-not-use-end-to-end-encrypted
video conferencing

Zoom admits meetings don't use end-to-end encryption

1 Apr 2020

Most Popular

Visit/security/privacy/355155/zoom-kills-facebook-integration-after-data-transfer-backlash
privacy

Zoom kills Facebook integration after data transfer backlash

30 Mar 2020
Visit/security/data-breaches/355173/marriott-hit-by-data-breach-exposing-personal-data-of-52-million
data breaches

Marriott data breach exposes personal data of 5.2 million guests

31 Mar 2020
Visit/security/cyber-crime/355171/fbi-warns-of-zoom-bombing-hackers-amidst-coronavirus-usage-spike
cyber crime

FBI warns of ‘Zoom-bombing’ hackers amid coronavirus usage spike

31 Mar 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020