UK University Researchers Develop Intricate Algorithm to Decode Passwords

Lancaster University researchers in the UK are making waves in cybersecurity with their latest development – an algorithm that can accurately guess passwords, an impressive 73 percent of the time. In their research published on the university website, they share insights into a novel system they’ve named ‘TarGuess’. Remarkably accurate, this system has been successful at decoding passwords of even the most security-conscious online users with a 32 percent accuracy. With a success rate of 73 percent, TarGuess is a game-changer in the realm of online security.

However, password guessing isn’t always straightforward – most servers only allow a limited number of attempts before locking out the user, whether they’re the rightful account owner or an intruder. Nevertheless, the researchers have engineered a clever workaround – an algorithm based on mathematical computations. This intelligent algorithm fetches relevant data about the potential target, thereby bolstering the guessing accuracy to the aforementioned 73 percent.

The research paper on ‘TarGuess’ describes the method as, “systematically characterizing typical targeted guessing scenarios with seven sound mathematical models, each based on varied kinds of data available to an attacker… extensive experiments on 10 large real-world password datasets show the effectiveness of TarGuess.”

In their experiments, the team cracked some of the passwords involved in the infamous Yahoo breach. Surprisingly enough, users still deploy egregiously simplistic passwords such as ‘123456’, which represents an open invitation to hackers and should be avoided at all costs – even on platforms that don’t require personal information.

According to the authors, the real test of the algorithm’s efficacy lies in cracking “real accounts” about which little is known. They addressed this concern by successfully testing the algorithm on Xiaomi cloud passwords, leaked from the world’s 3rd largest phone maker and secured by an MD5 hash with salt.

In a world where password theft is becoming increasingly effortless, major tech companies are developing alternatives to traditional password use, including two-factor authentication. For instance, MasterCard has proposed facial recognition, a so-called “selfie-authentication”, to add an additional layer of account security while keeping the authentication process interesting.

However, it’s essential to remember that despite these advancements, strong passwords still play a pivotal role in safeguarding your online assets. Albeit the success rate of breaking strong passwords remains relatively low, it’s crucial to constantly change your passwords and avoid reusing them across different platforms. Remember, if hackers crack one password, they may gain potential access to all your accounts.

This point was painfully underscored in recent years when 500 million Yahoo accounts were breached, swiftly followed by another 100 million LinkedIn accounts in 2012. Regrettably, data stolen from one site can often pave the way to a security compromise on another platform.