Password Cracking by Exploiting User Group Information

Beibei Zhou; Daojing He; Sencun Zhu; Shanshan Zhu; Sammy Chan; Xiao Yang

doi:10.1007/978-3-031-64948-6_26

Password Cracking by Exploiting User Group Information

Beibei Zhou, Daojing He, Sencun Zhu, Shanshan Zhu, Sammy Chan, Xiao Yang

Computer Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

The past research study on the characteristics of passwords has paid much attention to language, regional or cultural differences and usability. However, few studies have pointed out differences due to information such as application types, users’ occupations, religious beliefs, and meanings of the digits in the culture. In this article, for the first time we put forward the concept of “group” characteristics, and found that the passwords of different groups have obviously different characteristics. For example, when dividing groups by religions of users, Christian groups like to include biblical names and words in passwords, such as “jesus”, “christ”, “angels” and “faith”. Accordingly, we propose gPGM, a neural network-based password guessing method that leverages group information to increase attack success. Our experiments show that gPGM can significantly increase the password cracking rate. In addition, the cracking rates for different groups, under the same number of guesses, also vary. For example, the cracking rate of the game group is very high, but that of the hacker group is very low.

Original language	English (US)
Title of host publication	Security and Privacy in Communication Networks - 19th EAI International Conference, SecureComm 2023, Proceedings
Editors	Haixin Duan, Mourad Debbabi, Xavier de Carné de Carnavalet, Xiapu Luo, Man Ho Allen Au, Xiaojiang Du
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	514-532
Number of pages	19
ISBN (Print)	9783031649479
DOIs	https://doi.org/10.1007/978-3-031-64948-6_26
State	Published - 2025
Event	19th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2023 - Hong Kong, China Duration: Oct 19 2023 → Oct 21 2023

Publication series

Name	Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume	567 LNICST
ISSN (Print)	1867-8211
ISSN (Electronic)	1867-822X

Conference

Conference	19th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2023
Country/Territory	China
City	Hong Kong
Period	10/19/23 → 10/21/23

All Science Journal Classification (ASJC) codes

Computer Networks and Communications

Access to Document

10.1007/978-3-031-64948-6_26

Cite this

Zhou, B., He, D., Zhu, S., Zhu, S., Chan, S., & Yang, X. (2025). Password Cracking by Exploiting User Group Information. In H. Duan, M. Debbabi, X. de Carné de Carnavalet, X. Luo, M. H. A. Au, & X. Du (Eds.), Security and Privacy in Communication Networks - 19th EAI International Conference, SecureComm 2023, Proceedings (pp. 514-532). (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 567 LNICST). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-64948-6_26

Zhou, Beibei ; He, Daojing ; Zhu, Sencun et al. / Password Cracking by Exploiting User Group Information. Security and Privacy in Communication Networks - 19th EAI International Conference, SecureComm 2023, Proceedings. editor / Haixin Duan ; Mourad Debbabi ; Xavier de Carné de Carnavalet ; Xiapu Luo ; Man Ho Allen Au ; Xiaojiang Du. Springer Science and Business Media Deutschland GmbH, 2025. pp. 514-532 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST).

@inproceedings{3cf6e2884aee42a1a4ed08f05bedfc94,

title = "Password Cracking by Exploiting User Group Information",

abstract = "The past research study on the characteristics of passwords has paid much attention to language, regional or cultural differences and usability. However, few studies have pointed out differences due to information such as application types, users{\textquoteright} occupations, religious beliefs, and meanings of the digits in the culture. In this article, for the first time we put forward the concept of “group” characteristics, and found that the passwords of different groups have obviously different characteristics. For example, when dividing groups by religions of users, Christian groups like to include biblical names and words in passwords, such as “jesus”, “christ”, “angels” and “faith”. Accordingly, we propose gPGM, a neural network-based password guessing method that leverages group information to increase attack success. Our experiments show that gPGM can significantly increase the password cracking rate. In addition, the cracking rates for different groups, under the same number of guesses, also vary. For example, the cracking rate of the game group is very high, but that of the hacker group is very low.",

author = "Beibei Zhou and Daojing He and Sencun Zhu and Shanshan Zhu and Sammy Chan and Xiao Yang",

note = "Publisher Copyright: {\textcopyright} ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2025.; 19th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2023 ; Conference date: 19-10-2023 Through 21-10-2023",

year = "2025",

doi = "10.1007/978-3-031-64948-6_26",

language = "English (US)",

isbn = "9783031649479",

series = "Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "514--532",

editor = "Haixin Duan and Mourad Debbabi and {de Carn{\'e} de Carnavalet}, Xavier and Xiapu Luo and Au, {Man Ho Allen} and Xiaojiang Du",

booktitle = "Security and Privacy in Communication Networks - 19th EAI International Conference, SecureComm 2023, Proceedings",

address = "Germany",

}

Zhou, B, He, D, Zhu, S, Zhu, S, Chan, S & Yang, X 2025, Password Cracking by Exploiting User Group Information. in H Duan, M Debbabi, X de Carné de Carnavalet, X Luo, MHA Au & X Du (eds), Security and Privacy in Communication Networks - 19th EAI International Conference, SecureComm 2023, Proceedings. Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST, vol. 567 LNICST, Springer Science and Business Media Deutschland GmbH, pp. 514-532, 19th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2023, Hong Kong, China, 10/19/23. https://doi.org/10.1007/978-3-031-64948-6_26

Password Cracking by Exploiting User Group Information. / Zhou, Beibei; He, Daojing; Zhu, Sencun et al.
Security and Privacy in Communication Networks - 19th EAI International Conference, SecureComm 2023, Proceedings. ed. / Haixin Duan; Mourad Debbabi; Xavier de Carné de Carnavalet; Xiapu Luo; Man Ho Allen Au; Xiaojiang Du. Springer Science and Business Media Deutschland GmbH, 2025. p. 514-532 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 567 LNICST).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Password Cracking by Exploiting User Group Information

AU - Zhou, Beibei

AU - He, Daojing

AU - Zhu, Sencun

AU - Zhu, Shanshan

AU - Chan, Sammy

AU - Yang, Xiao

N1 - Publisher Copyright: © ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2025.

PY - 2025

Y1 - 2025

N2 - The past research study on the characteristics of passwords has paid much attention to language, regional or cultural differences and usability. However, few studies have pointed out differences due to information such as application types, users’ occupations, religious beliefs, and meanings of the digits in the culture. In this article, for the first time we put forward the concept of “group” characteristics, and found that the passwords of different groups have obviously different characteristics. For example, when dividing groups by religions of users, Christian groups like to include biblical names and words in passwords, such as “jesus”, “christ”, “angels” and “faith”. Accordingly, we propose gPGM, a neural network-based password guessing method that leverages group information to increase attack success. Our experiments show that gPGM can significantly increase the password cracking rate. In addition, the cracking rates for different groups, under the same number of guesses, also vary. For example, the cracking rate of the game group is very high, but that of the hacker group is very low.

AB - The past research study on the characteristics of passwords has paid much attention to language, regional or cultural differences and usability. However, few studies have pointed out differences due to information such as application types, users’ occupations, religious beliefs, and meanings of the digits in the culture. In this article, for the first time we put forward the concept of “group” characteristics, and found that the passwords of different groups have obviously different characteristics. For example, when dividing groups by religions of users, Christian groups like to include biblical names and words in passwords, such as “jesus”, “christ”, “angels” and “faith”. Accordingly, we propose gPGM, a neural network-based password guessing method that leverages group information to increase attack success. Our experiments show that gPGM can significantly increase the password cracking rate. In addition, the cracking rates for different groups, under the same number of guesses, also vary. For example, the cracking rate of the game group is very high, but that of the hacker group is very low.

UR - http://www.scopus.com/inward/record.url?scp=85207539780&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85207539780&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-64948-6_26

DO - 10.1007/978-3-031-64948-6_26

M3 - Conference contribution

AN - SCOPUS:85207539780

SN - 9783031649479

T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST

SP - 514

EP - 532

BT - Security and Privacy in Communication Networks - 19th EAI International Conference, SecureComm 2023, Proceedings

A2 - Duan, Haixin

A2 - Debbabi, Mourad

A2 - de Carné de Carnavalet, Xavier

A2 - Luo, Xiapu

A2 - Au, Man Ho Allen

A2 - Du, Xiaojiang

PB - Springer Science and Business Media Deutschland GmbH

T2 - 19th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2023

Y2 - 19 October 2023 through 21 October 2023

ER -

Zhou B, He D, Zhu S, Zhu S, Chan S, Yang X. Password Cracking by Exploiting User Group Information. In Duan H, Debbabi M, de Carné de Carnavalet X, Luo X, Au MHA, Du X, editors, Security and Privacy in Communication Networks - 19th EAI International Conference, SecureComm 2023, Proceedings. Springer Science and Business Media Deutschland GmbH. 2025. p. 514-532. (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST). doi: 10.1007/978-3-031-64948-6_26