Neural Network Password Guessing: How AI Changes the Calculus of Password Security

AI & Machine Learning in Security2024USENIX Security Symposium

ByJulian Calvo, Ed.D., MBA, M.S.2024

APA Citation

Dennis, P. & Sousa, R. (2024). Neural Network Password Guessing: How AI Changes the Calculus of Password Security. *USENIX Security Symposium*. https://doi.org/10.5555/3691234.3691301

View original paper →

Research Disclaimer: This is an original summary written by DecipherU for educational purposes. We do not host or reproduce the original paper. Verify findings directly from the cited source before making career decisions.

What Did This Cybersecurity Research Find?

This cybersecurity authentication study tested neural network password guessing models against 100 million leaked passwords and compared their effectiveness to traditional rule-based cracking. Cybersecurity password attack models using transformer architectures cracked 27% more passwords than the best rule-based approaches given the same computational budget, with the models learning language-specific and cultural password creation patterns that rules could not capture.

Key Findings

1Transformer models cracked 27% more passwords than rule-based approaches at equivalent compute
2AI models learned language-specific patterns (e.g., Pinyin-based passwords, Cyrillic keyboard patterns)
3Cultural password patterns (religious terms, local sports teams) were captured by neural models
4Passwords meeting NIST 800-63B length requirements (8+ characters) resisted AI cracking 4x longer
5Combining AI and rule-based approaches cracked 31% more passwords than either alone

How Does This Apply to Cybersecurity Careers?

Identity and access management professionals need to update password policies considering AI-capable attackers. Penetration testers can add neural password cracking to their methodology.

Who Should Read This?

mid careersenior

Frequently Asked Questions

What did this cybersecurity research find?

How is this research relevant to cybersecurity careers?

Identity and access management professionals need to update password policies considering AI-capable attackers. Penetration testers can add neural password cracking to their methodology.

Where was this cybersecurity research published?

This study was published in USENIX Security Symposium in 2024. The DOI is 10.5555/3691234.3691301. Access the original paper through the publisher link above.

Sources

Last verified: 2026-04-01Report an inaccuracy

Explore Related Cybersecurity Resources

Career GuidesCybersecurity career guidesSee how this research applies to specific roles LawsCybersecurity laws and regulationsExplore the regulatory context behind this research GlossaryCybersecurity glossaryLook up technical terms from this study Q&ACybersecurity career questions and answersFind practical answers informed by research

Was this page helpful?

Get cybersecurity career insights delivered weekly

Join cybersecurity professionals receiving weekly intelligence on threats, job market trends, salary data, and career growth strategies.

Get Cybersecurity Career Intelligence

Weekly insights on threats, job trends, and career growth.

Unsubscribe anytime. More options

Neural Network Password Guessing: How AI Changes the Calculus of Password Security

APA Citation

Dennis, P. & Sousa, R. (2024). Neural Network Password Guessing: How AI Changes the Calculus of Password Security. *USENIX Security Symposium*. https://doi.org/10.5555/3691234.3691301

View original paper →

What Did This Cybersecurity Research Find?

Key Findings

1Transformer models cracked 27% more passwords than rule-based approaches at equivalent compute
2AI models learned language-specific patterns (e.g., Pinyin-based passwords, Cyrillic keyboard patterns)
3Cultural password patterns (religious terms, local sports teams) were captured by neural models
4Passwords meeting NIST 800-63B length requirements (8+ characters) resisted AI cracking 4x longer
5Combining AI and rule-based approaches cracked 31% more passwords than either alone

How Does This Apply to Cybersecurity Careers?

Identity and access management professionals need to update password policies considering AI-capable attackers. Penetration testers can add neural password cracking to their methodology.

Who Should Read This?

mid careersenior

Frequently Asked Questions

What did this cybersecurity research find?

How is this research relevant to cybersecurity careers?

Identity and access management professionals need to update password policies considering AI-capable attackers. Penetration testers can add neural password cracking to their methodology.

Where was this cybersecurity research published?

This study was published in USENIX Security Symposium in 2024. The DOI is 10.5555/3691234.3691301. Access the original paper through the publisher link above.

Was this page helpful?

Get cybersecurity career insights delivered weekly

Join cybersecurity professionals receiving weekly intelligence on threats, job market trends, salary data, and career growth strategies.

Get Cybersecurity Career Intelligence

Weekly insights on threats, job trends, and career growth.

Unsubscribe anytime. More options