Enhanced password recovery through user profiling : Improving password guessing accuracy by utilizing user metadata

Sammanfattning: The ability to recover passwords is an important step in red-teaming and penetration testing and can help users to prevent data loss in case the data is password protected and the password is lost. In this thesis, an exploration of password recovery is made by incorporating user profiling. By using gender and region as data points in order to profile users, it can be explored whether it will enhance password recovery and if there exist any gender related or region related biases. Machine learning models will be trained to predict gender from a given username and the top-level domain in an e-mail address is used as a region classifier. A generative model based on Improved Wasserstein Generative Adversarial Networks is trained to capture a distribution of passwords and thus be able to generate its own samples to be tested on. The results will show that the data points gender and region will enhance the password recovery on their own and when combined together, they will produce the most optimal results. However, different ways of combining the data points will yield different results and this is explored further in the report. This opens up for future extensions regarding this topic. One can add more data points in the discriminating part of thesis to perform attempts to increase the password recovery accuracy even more. The aim is to provide information regarding password choices so that users understand in more detail the weaknesses of user-chosen passwords.