Passtrans
An Improved Password Reuse Model Based on Transformer
Xiaoxi He (Peking University)
Haibo Cheng (Peking University)
Jiahong Xie (Peking University)
Ping Wang (Peking University)
Kaitai Liang (TU Delft - Cyber Security)
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
Passwords have been widely used in online authentication, and they form the front line that protects our data security and privacy. But the security of password may be easily harmed by insecure password generator. Massive reports state that users are always keen to generate new passwords by reusing or fine-tuning old secrets. Once an old password is leaked, the users may suffer from credential tweaking attacks. We propose a password reuse model PassTrans and simulate credential tweaking attacks. We evaluate the performance in leaked password datasets, and the results show that 67.51% of accounts is breakable under 1,000 guesses, indicating our model is accurate in capturing password reuse behavior.