Boosting Password Security with Natural Language Understanding: Building a Simple Password Strength Checker with BERT Transformer

<p>Inan era where cyber threats are more pervasive than ever, ensuring the security of online accounts is of paramount importance. Passwords are often the first line of defense against unauthorized access, making their strength a critical factor in safeguarding our digital lives.</p> <blockquote> <p>In this article, I show how to enhance password security by harnessing the power of the BERT (Bidirectional Encoder Representations from Transformers) transformer model, one of the most common up-to-date publicly available models in Natural Language Understanding.</p> </blockquote> <p>The first step is to take the&nbsp;<a href="https://github.com/danielmiessler/SecLists/tree/master/Passwords" rel="noopener ugc nofollow" target="_blank"><strong>publicly available dataset</strong></a>&nbsp;of about 1 million of the most common passwords, also publicly&nbsp;<a href="https://www.kaggle.com/datasets/joebeachcapital/top-10-million-passwords" rel="noopener ugc nofollow" target="_blank"><strong>available in Kaggle</strong></a>, and to mix them with an equal sample of 1 million randomly generated complex passwords with lengths between 6 and 10 symbols, including lower and upper cases letters, digits, and common special characters.</p> <p>Then, I use one of the available pre-trained HuggingFace models to further train the data &mdash;&nbsp;<a href="https://huggingface.co/bert-base-cased" rel="noopener ugc nofollow" target="_blank"><strong>Google&rsquo;s BERT case-sensitive model</strong></a>&nbsp;&mdash; which has about 108 million trainable parameters.</p> <p>The final code for data selection and training is available&nbsp;<a href="https://www.kaggle.com/code/dima806/passwords-strength-checker-bert" rel="noopener ugc nofollow" target="_blank"><strong>as a Kaggle notebook</strong></a>.</p> <p>The training process takes&nbsp;<strong>about 45 minutes</strong>&nbsp;using&nbsp;<a href="https://www.nvidia.com/en-us/data-center/tesla-p100/" rel="noopener ugc nofollow" target="_blank"><strong>NVIDIA TESLA P100 GPU</strong></a>&nbsp;<a href="https://www.kaggle.com/docs/efficient-gpu-usage" rel="noopener ugc nofollow" target="_blank">available for Kaggle users</a>, and increases the overall accuracy (based on the test set)&nbsp;<strong>from about 50% to 99.4%</strong>:</p> <p>Picking some of the data samples also shows a reasonable performance of the model:</p> <p><a href="https://medium.com/data-and-beyond/boosting-password-security-with-natural-language-understanding-building-a-simple-password-strength-34f52396b2fe"><strong>Visit Now</strong></a></p>