Best Reviews logo
Best Reviews logo
Search
Best Reviews may receive compensation for its content through paid collaborations. See how we sustain our work & review products.
Best Reviews
Articles
How Neural Networks Can Guess Your Password

How Neural Networks Can Guess Your Password

By István F.István F. Verified by Sander D.Sander D. Last updated: July 17, 2024 (0)
Table of contents

When thinking about a new password, there are at least a dozen aspects users need to keep in mind to prevent it from being cracked by cybercriminals: it should be at least 12 characters long, not use the names of their family members or pets, postal codes, house numbers, or birth dates. To come up with a password that meets all these criteria is a hard task, one that we often tend to skip by using the same password over and over again when creating new online accounts. But you shouldn’t feel safe even if a variation of an earlier used password is created, because there are tools such as neural networks that can easily guess such passwords.

Neural networks and password guessing

Hackers have various methods of gaining access to online accounts, as the security breaches we read about on an almost daily basis shows. The most widely known is the technique known as a brute-force attack, which essentially means they try every possible password in alphabetical order. But that requires time, so sophisticated approaches use different techniques, such as a brute-force combined with dictionary attacks. And then there is password guessing software, which is also a highly useful utility in the hand of cyber-criminals.

Researchers at the Stevens Institute of Technology in New York and the New York Institute of Technology have taken password cracking to another level by using machine learning. Their technique, called ‘PassGAN‘ (Password Generative Adversarial Networks), is a deep-learning, GANs-based password guessing tool that turned out to be more effective than some open source password guessing tools such as John the Ripper and HashCat. GANs are machine learning tools comprised of two deep neural networks: a generative network and a discriminative network.

In a technical paper entitled PassGAN: A Deep Learning Approach for Password Guessing, researchers detail how to release human-generated password rules with theory-grounded password generation based on machine learning.


At the heart of their experiment are guessing tools that expand dictionaries using password generation rules. That’s a more sophisticated method than a ‘simple’ dictionary attack, which takes every word of the dictionary and tries a match. The password generation rules define transformations, such as concatenation of words (for example: “password123456”) and leetspeak (for example: “password” becomes “p4s5w0rd”).

Teaching machines to guess your password

The theory is simple, and it matches what we have seen in other industries: to teach a computer what a flower is, researchers show the software tons of images of a flower. To evaluate the performance of PassGAN when compared to password generator utilities, researchers first trained their GAN, John the Ripper and HashCat using a large set of passwords. The RockYou leak contains 32 million passwords, and the researchers selected all passwords of 10 characters or less and used 80% of them to train each tool. For the testing they used the remaining 20%. In addition, they also used a dataset from the LinkedIn leak, which consists of 60 million unique passwords.

60% off RoboForm for Best Reviews readers
RoboForm logo
Commit to RoboForm using Best Reviews' exclusive discount and enjoy a discount of 60% off the regular price.
/goto/roboform/ Click to show code

Can machines guess your password? Yes, they can!

The training produced incredible results: using the PassGAN technique, the researchers were able to match more than 46% of the passwords in the testing set extracted from the RockYou leak.

In another experiment, UNC researchers obtained the passwords of more than 10,000 defunct accounts belonging to former university students and staff. Since users were required to change their passwords quite often, their initial dataset contained more than 50,000 passwords. After cracking roughly 60% of the passwords using a regular password-hacking approach, the researchers developed a more advanced password cracking approach that formulated guesses based on the previous password selected by the user.

They made an important discovery: users tended to come up with passwords that followed predictable patterns, which they call ‘transformations’, such as using an incremental number, or changing a letter into a similar-looking symbol. These results suggest that attackers who have previously guessed a user’s password may be able to guess the user’s later passwords fairly easily, especially if the change was initiated by an unexpected password-change prompt.


Best password managers of 2025

Editors' choice
RoboForm logo
Editor's rating:
(4.5)
Effective security center
Passkey compatibility
Intuitive and organized interface
Affordable prices
Visit RoboForm
Reviews
Families
LastPass logo
Editor's rating:
(4)
Logical interface
Automated password categorization
Advanced mobile version
Various two-factor authentication options
Visit LastPass
Reviews
Businesses
1Password logo
Editor's rating:
(4.5)
End-to-end encryption
Secure authentication method
Data breach alarms
One-time password support
Visit 1Password
Reviews
Security features
Keeper logo
Editor's rating:
(4.5)
Robust security
Wide range of platform support
Affordable
Great customer support
Visit Keeper
Reviews
Personal use
NordPass Personal logo
Editor's rating:
(4.5)
Strong security features
Effective password generator
Excellent free version
Attractive price
Visit NordPass Personal
Reviews
Password sharing
Dashlane logo
Editor's rating:
(4)
Password changer
Built-in VPN
Flawless data import
Thorough iOS/Android app
Visit Dashlane
Reviews
Local storage
Enpass logo
Editor's rating:
(4)
Packed with features
Free for desktop users
Offline password manager
End-to-end encryption
Visit Enpass
Reviews

Related articles

Best Ways To Keep Passwords Safe and Organized
Read more
Best Ways to Share Passwords Securely With Your Team
Read more
Are Password Managers Worth It?
Read more

User feedback

 Leave a reply

Your email address will not be published. Required fields are marked *


Popular Guides

Latest Reviews

Best Reviews

Best Reviews may receive compensation for its content through paid collaborations and/or affiliate links. Learn more about how we sustain our work and review products.

©2012-2025 Best Reviews, a clovio brand – All rights reserved
Privacy policy · Cookie policy · Terms of use · Partnerships · Contact us