Two neural networks can guess a quarter of the passwords in use on a website. At least that’s according to new research by a team from the Stevens Institute of Technology, who have built a so-called generative adversarial network that can make educated guesses at what your password might be.
The underlying idea is simple enough: have one neural network build something, then use another to determine its quality. It’s a concept masterminded by Ian Goodfellow, one of our 35 Innovators Under 35 for 2017, who isn’t part of this research project.
What the Stevens Institute team has done with that idea is have one AI chomp through tens of millions of leaked passwords to learn how to generate new ones, while the other learned how to judge whether a newly created one was compelling. Comparing their efforts to a LinkedIn credentials leak, the AI-generated passwords matched 12 percent of the real ones. When the researchers also rolled in some human-created rules from a software tool known as hashCat, they were able to guess 27 percent of passwords—as much as 24 percent more than hashCat can achieve alone.
Don’t settle for half the story.
Get paywall-free access to technology news for the here and now.