The most common way of identifying yourself online is using a password. People are not very good at choosing passwords. This makes guessing passwords easier than it could be. Systems that evaluate our password choices can help us to select better passwords. Unfortunately, the software for thorough password checking can be very complex, requiring time and resources that are impractical. This means that the password checkers we use currently are forced to be overly simplistic and inaccurate.
Melicher et al. propose using artificial neural networks to guess passwords. Artificial neural networks are a machine-learning technique that models human neurons. They are well suited to generating text and approximate classifications. It makes sense that they would be well suited to guessing passwords too, but this had never been tested.
The researchers experimented with different methods of training and implementing neural networks to guess passwords and to rate the ‘guessability’ or strength of passwords. They developed a neural network method that appears to be better than other methods, particularly when targeting more difficult passwords and when making more guesses. Despite this, they note it is still a good idea to use multiple methods together for better estimates of password strength. The neural networks method used only a tiny fraction of the disk space required by methods. The method can also be compressed further so that can be downloaded as part of a webpage. This is advantageous as it allows prospective passwords to be gauged without them ever travelling across a network. Used this way, the meter was able to measure password resistance to guessing more precisely than models currently in use.
Using neural networks to model password choices and measure their strength is not only possible, but it also offers benefits over current approaches. Password strength meters are only part of the puzzle of improving password selection and do not offer a total solution. Nonetheless, neural network based password selection assistance could prove to be valuable to improving security.
Artificial Neural Networks could provide valuable password strength checking tools.