We’ll Pwn You With Your Wattpad Profile

Presented at A New HOPE (2022), July 24, 2022, 4 p.m. (50 minutes)

Most people don’t know how to choose secure passwords. From those that aren’t even long enough to withstand brute-force attacks to those that include one’s public personal information, many passwords found in the wild are vulnerable to being cracked. In Roman’s talk, he’ll go beyond traditional password security education by discussing how exactly hackers would discover your password and what you can do to stop them. He’ll also showcase his team’s research into automating targeted password guessing attacks: they refined a GPT-3 model on user data from the Wattpad security breach to predict users’ passwords based on information like their username and profile bio. The results? Their model’s guesses are more than three times as accurate as non-targeted ones - no manual OSINT skills required!

Presenters:

• Roman Hauksson-Neill
  **Roman Hauksson-Neill (@RomanHauksson) (roman.hn)** is a free software advocate, software developer, and computer science student at the University of Texas at Dallas. He’s the director of ACM Research (an undergraduate computer science research program) and an officer for OpenUTD (a student organization for Linux and other FOSS). Like some other speakers at HOPE, he’s obsessed with Internet privacy, likely to his detriment.

Links:

• https://scheduler.hope.net/new-hope/talk/JFV3LR/
• https://infocon.org/cons/2600/A New HOPE (2022)/A New HOPE (2022) We'll Pwn You With Your Wattpad Profile.mp4
• https://infocon.org/cons/2600/A New HOPE (2022)/A New HOPE (2022) We'll Pwn You With Your Wattpad Profile.srt (subtitles)

Similar Presentations:

• CackalackyCon 2 (2023) / Password Attacks 101: Exploiting Human Weaknesses
• AppSec USA 2014 / Your Password Complexity Requirements are Worthless
• HOPE 2020 Virtual Rescheduled / Password Superpowers: How to Crack Hashes and Stump Hackers