Password Strength Analysis Through Social Network Data Exposure: A Combined Approach Relying on Data Reconstruction and Generative Models

TL;DR

This paper introduces SODA ADVANCE, a tool that combines data reconstruction and generative models to evaluate and enhance password strength by leveraging social network data and LLMs, revealing new methods for password security assessment.

Contribution

The paper presents a novel approach integrating social media data and large language models for improved password strength evaluation and generation.

Findings

LLMs can generate strong, personalized passwords based on user profiles.

LLMs effectively evaluate password strength considering user data.

Experimental results with 100 users validate the approach.

Abstract

Although passwords remain the primary defense against unauthorized access, users often tend to use passwords that are easy to remember. This behavior significantly increases security risks, also due to the fact that traditional password strength evaluation methods are often inadequate. In this discussion paper, we present SODA ADVANCE, a data reconstruction tool also designed to enhance evaluation processes related to the password strength. In particular, SODA ADVANCE integrates a specialized module aimed at evaluating password strength by leveraging publicly available data from multiple sources, including social media platforms. Moreover, we investigate the capabilities and risks associated with emerging Large Language Models (LLMs) in evaluating and generating passwords, respectively. Experimental assessments conducted with 100 real users demonstrate that LLMs can generate strong and personalized passwords possibly defined according to user profiles. Additionally, LLMs were shown to be effective in evaluating passwords, especially when they can take into account user profile data.