2. Latest Iteration of PassGAN Improves Password Guessing
The scientists from Stevens will be giving a talk on the AI program’s latest password-cracking developments at the 42nd IEEE Symposium on Security and Privacy in 2021.
“Since 2017, we have improved PassGAN, and now it uses a form of reinforcement learning very similar to how AlphaZero has learned how to play chess,” says Giuseppe Ateniese, the department chair of the Schaefer School of Engineering & Science at Stevens who co-authored the original paper on PassGAN.
READ MORE: Three ways artificial intelligence can improve campus cybersecurity.
The talk will expand on how deep learning models allow researchers to gain and interpret important intelligence — such as semantic similarities between user passwords — from large password data sets.
“In our work, we show that these neural representations capture many properties of password distributions and enable new password guessing techniques,” the study’s leading researcher, Dario Pasquini, says in a preview of the upcoming IEEE talk. “More prominently, basing on such properties, we construct a guessing strategy that automatically adapts to the attacked set of passwords during the running attack.”
3. An Efficient and User-Friendly Way to Authenticate
Even end users with strong passwords can fall victim to hackers by listing complex passwords on unsecured electronic notepads and spreadsheets.
And AI-backed technologies that allow continuous authentication is one solution that can help prevent this problem.
What is continuous authentication? Unlike password-based authentication and two-factor authentication, continuous authentication compares a user’s behavior during a session with his or her past behaviors. The advantage here is that users do not have to take extra steps to authenticate themselves during a session.
By observing biometric behaviors, such as typing speed and mouse movements, and transactional behaviors, such as the size and number of files shared, the AI flags unusual behaviors that potentially indicate a malicious actor has taken over an account.
The artificial intelligence can also learn contextual awareness, which means the AI is capable of understanding the context of a particular transaction or session. By considering factors such as device, network, time of day and location, the AI adjusts security controls for individual circumstances.
By requiring hackers to navigate multiple layers of behavioral and contextual risk assessments, continuous authentication and awareness can help deter hackers from getting remote learners’ passwords.
Regardless of whether colleges and universities continue with online, hybrid or remote learning classes in the future, AI’s ability to guess passwords will only become more advanced. To be on the defensive, higher education cybersecurity teams should use machine learning algorithms to crack weak passwords — before the hackers do.