Treffer: Password Strength and Weaknesses in common User-Generated Passwords and their Susceptibility to PassGAN AI-Based Cracking.

The objective of this paper was to analyze and evaluate password strength and weaknesses in common user-generated passwords and their susceptibility to PassGAN AI-based cracking using 14 million user-generated passwords from the RockYou2021 dataset using Python's data analysis stack (Pandas, Scikit-learn, Matplotlib, Seaborn) assess compliance with the NIST SP 800-63B guidelines. The results showed that 81.7% of the passwords failed to meet the 12-character minimum (median length: 9 characters), 29.4% contained predictable keyboard walks (e.g., qwerty∥'), and 44% used trivial substitutions (e.g., @ for a) that bypassed complexity rules without improving security. Even NIST-compliant passwords were cracked 24.2% faster by PassGAN than by traditional brute-force methods, underscoring the heightened threat of AI-driven attacks. To address these vulnerabilities, we recommend replacing complexity requirements with length-focused policies supported by breach-based blocklists, incorporating real-time password strength feedback during creation, and accelerating the adoption of FIDO2/WebAuthn standards. Our open-source Python framework, featuring automated entropy calculations and policy compliance checks, equips organizations with actionable tools to bridge the gap between policy expectations and user behavior, ultimately enhancing resilience against both human predictability and AI-powered cracking techniques. [ABSTRACT FROM AUTHOR]