Ensuring the security of personal accounts has become a key concern due to the widespread password attack techniques. Although passwords are the primary defense against unauthorized access, the practice of reusing easy-to-remember passwords increases security risks for people. Traditional methods for evaluating password strength are often insufficient since they overlook the public personal information that users frequently share on social networks. In addition, while users tend to limit access to their data on single profiles, personal data is often unintentionally shared across multiple profiles, exposing users to password threats. In this paper, we present an extension of a data reconstruction tool, namely SODA ADVANCE, which incorporates a new module to evaluate password strength based on publicly available data across multiple social networks. It relies on a new metric to provide a comprehensive evaluation of password strength. Moreover, we investigate the capabilities and risks associated with emerging Large Language Models (LLMs) in evaluating and generating passwords, respectively. Specifically, by exploiting the proliferation of LLMs, it has been possible to interact with many LLMs through Automated Template Learning methodologies. Experimental evaluations, performed with 100 real users, demonstrate the effectiveness of LLMs in generating strong passwords with respect to data associated with users’ profiles. Furthermore, LLMs have proved to be effective also in evaluation tasks, but the combined usage of LLMs and SODA ADVANCE guaranteed better classifications up to more than 10% in terms of F1-score.

Evaluating password strength based on information spread on social networks: A combined approach relying on data reconstruction and generative models

Caruccio Loredana;Cirillo Stefano
;
Polese Giuseppe;Solimando Giandomenico
2024-01-01

Abstract

Ensuring the security of personal accounts has become a key concern due to the widespread password attack techniques. Although passwords are the primary defense against unauthorized access, the practice of reusing easy-to-remember passwords increases security risks for people. Traditional methods for evaluating password strength are often insufficient since they overlook the public personal information that users frequently share on social networks. In addition, while users tend to limit access to their data on single profiles, personal data is often unintentionally shared across multiple profiles, exposing users to password threats. In this paper, we present an extension of a data reconstruction tool, namely SODA ADVANCE, which incorporates a new module to evaluate password strength based on publicly available data across multiple social networks. It relies on a new metric to provide a comprehensive evaluation of password strength. Moreover, we investigate the capabilities and risks associated with emerging Large Language Models (LLMs) in evaluating and generating passwords, respectively. Specifically, by exploiting the proliferation of LLMs, it has been possible to interact with many LLMs through Automated Template Learning methodologies. Experimental evaluations, performed with 100 real users, demonstrate the effectiveness of LLMs in generating strong passwords with respect to data associated with users’ profiles. Furthermore, LLMs have proved to be effective also in evaluation tasks, but the combined usage of LLMs and SODA ADVANCE guaranteed better classifications up to more than 10% in terms of F1-score.
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11386/4869752
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
social impact