Enhancing Password Security with Simple Machine Learning Approach : Building a Password Strength Checker

In today’s digital age, password security is more crucial than ever. Traditional password strength meters, which rely on rules and heuristics, are often insufficient against sophisticated attacks. Machine learning (ML) offers a powerful alternative by analyzing patterns and learning from real-world data. In this article, we'll explore how to build a Password Strength Checker using machine learning, complete with sample code and a sample dataset.

Why Use Machine Learning for Password Strength Checking?

Traditional password strength checkers typically use static rules, such as requiring a mix of uppercase letters, numbers, and symbols. While these rules help, they can be circumvented by attackers who use dictionary attacks or brute force. Machine learning enhances password security by:

1. Learning from Data: Analyzing large datasets of passwords to understand what makes a password weak or strong.
2. Predicting Strength: Providing a dynamic assessment based on learned patterns rather than static rules.
3. Adapting Over Time: Continuously improving the model with new data to adapt to evolving password trends.

Sample Code for Building a Password Strength Checker

Let’s walk through creating a machine learning-based password strength checker using Python. We’ll use a sample dataset of passwords to train a model and then evaluate its performance.

1. Prepare Environment

Ensure required libraries installed:

pip install pandas scikit-learn        

2. Sample Dataset

For this example, we'll use a hypothetical dataset of passwords labeled as "strong" or "weak". Save this dataset as pass_checker.csv:

password,label
P@ssw0rd,weak
s3cureP@ss,strong
123456,weak
Tr0ub4dor&3,strong
password1,weak
CorrectHorseBatteryStaple,strong        

3. Load and Preprocess Data

Here’s how to load the data and preprocess it for training:

import pandas as pd
from sklearn.feature_extraction.text import CountVectorizer
from sklearn.model_selection import train_test_split
from sklearn.naive_bayes import MultinomialNB
from sklearn.metrics import classification_report, accuracy_score

# Load dataset
data = pd.read_csv('passwords.csv')

# Features and target variable
X = data['password']
y = data['label']

# Convert passwords to feature vectors
vectorizer = CountVectorizer(analyzer='char', ngram_range=(1, 3))  # Character n-grams
X_features = vectorizer.fit_transform(X)

# Split the data
X_train, X_test, y_train, y_test = train_test_split(X_features, y, test_size=0.3, random_state=42)

# Train a Naive Bayes classifier
model = MultinomialNB()
model.fit(X_train, y_train)

# Predict password strengths
y_pred = model.predict(X_test)

# Evaluate the model
print("Accuracy:", accuracy_score(y_test, y_pred))
print("Classification Report:")
print(classification_report(y_test, y_pred))        

4. Password Strength Prediction

Use the trained model to predict the strength of new passwords:

def predict_password_strength(password, model, vectorizer):
    password_features = vectorizer.transform([password])
    prediction = model.predict(password_features)
    return prediction[0]

# Test the model with new passwords
new_passwords = [
    "Qw3rty!",
    "passw0rd123",
    "S3cur3#Password",
    "1234"
]

for pwd in new_passwords:
    strength = predict_password_strength(pwd, model, vectorizer)
    print(f"Password: {pwd} - Strength: {strength}")        

How It Works

1. Feature Extraction: We use CountVectorizer to convert passwords into feature vectors using character n-grams. This helps the model learn from different character patterns in passwords.
2. Model Training: We train a Naive Bayes classifier on the processed data. This model learns to classify passwords as "strong" or "weak" based on the features.
3. Prediction: The trained model can then evaluate new passwords and classify them accordingly.

Machine learning provides a more sophisticated approach to password strength checking compared to traditional methods. By leveraging patterns learned from real-world data, we can create more robust and adaptive security solutions. The example provided demonstrates a simple yet effective way to get started with building a machine learning-based password strength checker

Github reference for complete code