## Cryptology ePrint Archive: Report 2020/583

A New Targeted Password Guessing Model

Xie Zhijie and Zhang Min and Yin Anqi and Li Zhenhan

Abstract: TarGuess-I is a leading targeted password guessing model using users' personally identifiable information(PII) proposed at ACM CCS 2016 by Wang et al. Owing to its superior guessing performance, TarGuess-I has attracted widespread attention in password security. Yet, TarGuess-I fails to capture popular passwords and special strings in passwords correctly. Thus we propose TarGuess-I$^+$: an improved password guessing model, which is capable of identifying popular passwords by generating top-300 most popular passwords from similar websites and grasping special strings by extracting continuous characters from user-generated PII. We conduct a series of experiments on 6 real-world leaked datasets and the results show that our improved model outperforms TarGuess-I by 9.07\% on average with 1000 guesses, which proves the effectiveness of our improvements.

Category / Keywords: TarGuess, Targeted password guessing, Probabilistic context-free grammar(PCFG), Personally identifiable information(PII).

Original Publication (in the same form): 25th Australasian Conference on Information Security and Privacy(ACISP 2020)