Paper 2020/583

A New Targeted Password Guessing Model

Xie Zhijie, Zhang Min, Yin Anqi, and Li Zhenhan


TarGuess-I is a leading targeted password guessing model using users' personally identifiable information(PII) proposed at ACM CCS 2016 by Wang et al. Owing to its superior guessing performance, TarGuess-I has attracted widespread attention in password security. Yet, TarGuess-I fails to capture popular passwords and special strings in passwords correctly. Thus we propose TarGuess-I$ ^+ $: an improved password guessing model, which is capable of identifying popular passwords by generating top-300 most popular passwords from similar websites and grasping special strings by extracting continuous characters from user-generated PII. We conduct a series of experiments on 6 real-world leaked datasets and the results show that our improved model outperforms TarGuess-I by 9.07\% on average with 1000 guesses, which proves the effectiveness of our improvements.

Available format(s)
Publication info
Published elsewhere. 25th Australasian Conference on Information Security and Privacy(ACISP 2020)
TarGuessTargeted password guessingProbabilistic context-free grammar(PCFG)Personally identifiable information(PII).
Contact author(s)
22920142204024 @ stu xmu edu cn
2020-05-18: received
Short URL
Creative Commons Attribution


      author = {Xie Zhijie and Zhang Min and Yin Anqi and Li Zhenhan},
      title = {A New Targeted Password Guessing Model},
      howpublished = {Cryptology ePrint Archive, Paper 2020/583},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.