PASSTRANS: AN IMPROVED PASSWORD REUSE MODEL BASED ON TRANSFORMER

Abstract:

Passwords have been widely used in online authentication, and they form the front line that protects our data security and privacy. But the security of password may be easily harmed by insecure password generator. Massive reports state that users are always keen to generate new passwords by reusing or fine-tuning old secrets. Once an old password is leaked, the users may suffer from credential tweaking attacks. We propose a password reuse model PassTrans and simulate credential tweaking attacks. We evaluate the performance in leaked password datasets, and the results show that 67.51% of accounts is breakable under 1,000 guesses, indicating our model is accurate in capturing password reuse behavior.