How to break them, how to choose them: Enabling secure passwords via Deep Learning

https://conf.intellisec.de/b/max-29w-rxu (148354)

2021-06-25

14:00

Enforcing the security of password-based authentication protocols requires us to cast realistic adversary models capable of accurately simulating real-world guessing attacks.
Even more importantly, this necessitates the development of techniques that prevent users from choosing insecure passwords at composition time.
In this talk, I will show how deep learning can serve a critical role in both improving the soundness of adversary models in password guessing and shaping novel directions in proactive approaches such as password strength meters.
Here, deep neural networks are used to mimic advanced guessing techniques harnessed by real attackers and devise a novel class of password meters that exhibit a natural feedback mechanism capable of describing to the users the latent relation between password strength and password structure.