Posting Passwords: How social media information can be leveraged in password guessing attacks

The explosion of social media, while fostering connection, inadvertently exposes personal details that heighten password vulnerability. This thesis tackles this critical link, aiming to raise public awareness of the dangers of weak passwords and excessive online sharing. We introduce a novel password guessing algorithm, SocGuess, which capitalizes on the rich trove of information on social media profiles. SocGuess leverages Named Entity Recognition (NER) to identify key data points within this information, such as dates, locations, and names. To further enhance its accuracy, SocGuess is trained on the rockyou dataset, a large collection of leaked passwords. By identifying different kinds of entities within these passwords, SocGuess can calculate the probability of these entities appearing in passwords. Armed with this knowledge, SocGuess dynamically generates password guesses in order of probability by filling these entity placeholders with the corresponding data points harvested from the target’s social media profiles. This targeted approach shows SocGuess to crack 33% more passwords than existing algorithms during experimentation, demonstrably surpassing traditional methods.