AI for stronger passwords? Researchers unveil PassGPT, an LLM trained on the infamous RockYou leak

Generative AI is a powerful tool that can be used for both good and evil in the digital realm. Following the launch of ChatGPT when the technology exploded in popularity, experts began to contemplate its implications for cybersecurity. While we are thankfully yet to see the tech being used in major exploits by bad actors, security experts have been demonstrating clever ways generative AI can be employed to bolster cybersecurity.

A team of researchers from ETH Zürich, Swiss Data Science Center, and SRI International in New York have developed PassGPT, a new model based on OpenAI’s GPT-2 architecture that can generate and guess passwords. The model is trained on millions of passwords leaked in various cyberattacks, more specifically on the infamous RockYou leak. Reportedly, PassGPT can guess 20% more unseen passwords than state-of-the-art GAN models.

While PassGPT’s capabilities may sound scary, the goal is to actually help users create stronger and more complex passwords and to detect possible passwords based on some inputs. The model uses a novel technique called progressive sampling, which builds passwords one character at a time, making them harder to crack. The model also outperforms previous models that used generative adversarial networks (GANs), which are composed of two competing networks that try to fool each other with realistic or fake content.