Most people don’t know how to choose secure passwords. From those that aren’t even long enough to withstand brute-force attacks to those that include one’s public personal information, many passwords found in the wild are vulnerable to being cracked. In Roman’s talk, he’ll go beyond traditional password security education by discussing how exactly hackers would discover your password and what you can do to stop them. He’ll also showcase his team’s research into automating targeted password guessing attacks: they refined a GPT-3 model on user data from the Wattpad security breach to predict users’ passwords based on information like their username and profile bio. The results? Their model’s guesses are more than three times as accurate as non-targeted ones - no manual OSINT skills required!