Password Strength Detection via Machine Learning: Analysis, Modeling, and Evaluation

TL;DR

This paper explores machine learning techniques to assess password strength, analyzing password features and evaluating models to improve password security classification.

Contribution

It introduces a comprehensive analysis of password features and compares multiple machine learning models for effective password strength detection.

Findings

Decision trees and stacked models outperform others in accuracy and recall.

Password features like length and character variety are key indicators.

Machine learning can effectively classify passwords as strong or weak.

Abstract

As network security issues continue gaining prominence, password security has become crucial in safeguarding personal information and network systems. This study first introduces various methods for system password cracking, outlines password defense strategies, and discusses the application of machine learning in the realm of password security. Subsequently, we conduct a detailed public password database analysis, uncovering standard features and patterns among passwords. We extract multiple characteristics of passwords, including length, the number of digits, the number of uppercase and lowercase letters, and the number of special characters. We then experiment with six different machine learning algorithms: support vector machines, logistic regression, neural networks, decision trees, random forests, and stacked models, evaluating each model's performance based on various metrics, including accuracy, recall, and F1 score through model validation and hyperparameter tuning. The evaluation results on the test set indicate that decision trees and stacked models excel in accuracy, recall, and F1 score, making them a practical option for the strong and weak password classification task.