Predicting Password Strength

The project includes code of a model that predicts password strength. The implementation is rather simple and naive. It is inspired from this paper


  1. length of the password
  2. is the password a common password
  3. does it contain numbers
  4. does it contain special characters
  5. does it contain block letters

The model achieves an accuracy of 99.9% on test data.


The model is not robust to the real world standards. For an instance, the model assigns “password” a strength of 1. The dataset is small and doesn’t contain enough common passwords, neither is it personalized to the user.

Possible Improvements

  1. Meta learning can be useful in the domain to help make a model personalizable to the user.
  2. tfidf scores can be used to evaluate the model
  3. A better dataset is always a possibility
  4. More hand-picked parameters like position of occurence of special characters

Additional information

I’ve included a common passwords file (taken probably from wikipedia) path: ./Password_Cracking/hashcat/

Using and, we can test hashcat ability to obliterate common passwords.