Interpretable Probabilistic Password Strength Meters via Deep Learning
This work addresses the problem of opaque password strength estimation for users, offering an interpretable alternative to existing heuristic methods.
The paper tackles the lack of interpretability in probabilistic password strength meters by developing a method that disentangles the security contribution of each character in a password, providing fine-grained feedback with probabilistic interpretation.
Probabilistic password strength meters have been proved to be the most accurate tools to measure password strength. Unfortunately, by construction, they are limited to solely produce an opaque security estimation that fails to fully support the user during the password composition. In the present work, we move the first steps towards cracking the intelligibility barrier of this compelling class of meters. We show that probabilistic password meters inherently own the capability of describing the latent relation occurring between password strength and password structure. In our approach, the security contribution of each character composing a password is disentangled and used to provide explicit fine-grained feedback for the user. Furthermore, unlike existing heuristic constructions, our method is free from any human bias, and, more importantly, its feedback has a probabilistic interpretation. In our contribution: (1) we formulate interpretable probabilistic password strength meters; (2) we describe how they can be implemented via an efficient and lightweight deep learning framework suitable for client-side operability.