Back to Articles
Cybersecurity

Teaching GPT-3 to Crack Your Password: A Research Case Study in Targeted Password Guessing

★ 74 Jupyter Notebook 95/100 May 11, 2026
Rob Ragan
Rob Ragan Offensive security researcher and AI agent architect. Founder of Starlog.
[ View on GitHub ]

Teaching GPT-3 to Crack Your Password: A Research Case Study in Targeted Password Guessing

Hook

What if your Twitter bio, phone number, and favorite book quotes could predict your password with 10 guesses or less? A team of ACM researchers just proved it can.

Context

Traditional password cracking relies on brute force or rule-based transformations—techniques that treat every hash the same. You throw dictionaries at bcrypt hashes, apply leet-speak transformations, and hope something sticks. Tools like Hashcat and John the Ripper are brutally efficient at this, but fundamentally dumb: they don't know that a user who writes "Swiftie4Ever" in their bio probably has Taylor Swift references in their password.

The ACM Research team recognized an opportunity in the 2020 Wattpad data breach. Unlike typical credential dumps that pair emails with password hashes, Wattpad's breach included rich unstructured data: user bios, status updates, phone numbers, and personal descriptions. This created a unique dataset where personal narrative could be correlated with password choices. Their hypothesis: large language models, already skilled at finding patterns in unstructured text, could learn the psychological and linguistic mappings between how people present themselves and how they secure their accounts. It's a fundamentally different approach—instead of guessing passwords based on statistical frequency, you're predicting them based on who the person is.

Technical Insight

The architecture is elegantly simple, which makes it somewhat terrifying. The team fine-tuned OpenAI's GPT-3 Ada model (the smallest at 350M parameters, but sufficient for pattern recognition tasks) on approximately 10,000 matched records from the Wattpad breach. The training data structure is key: each example pairs a structured prompt containing username, bio text, phone number, and other personal information with the plaintext password as the completion target.

The prompt engineering follows a consistent template that frames password prediction as a natural language generation task. Here's how a training example might look:

# Training data format
prompt = f"""Username: {username}
Bio: {bio_text}
Phone: {phone_number}
Status: {status_update}
Password:"""

completion = actual_password

This structured approach teaches the model to recognize patterns like users incorporating birth years from phone numbers, favorite character names from bios, or common substitution patterns they use across different fields. The model learns not just individual correlations but higher-order relationships—if someone uses "k8" in their username and references Kate in their bio, it connects those patterns to password construction.

The plaintext passwords came from Hashmob, a crowdsourced hash cracking service that had already broken approximately 10,000 of the bcrypt hashes from the breach. This introduces important selection bias (more on that later), but provides the ground truth needed for supervised learning. The team used OpenAI's fine-tuning API, which handles the actual training infrastructure:

import openai

# Fine-tuning call (simplified)
response = openai.FineTune.create(
    training_file="wattpad_training.jsonl",
    model="ada",
    n_epochs=4,
    batch_size=32
)

# Later, for inference
completion = openai.Completion.create(
    model=fine_tuned_model_id,
    prompt=user_prompt,
    max_tokens=20,
    n=10,  # Generate 10 password candidates
    temperature=0.8
)

The inference strategy generates multiple candidates (typically 10) and ranks them by the model's confidence scores. The Flask web application they built provides an interactive interface where you can input personal information and watch the model generate targeted guesses in real-time.

What makes this approach particularly effective is the model's ability to generate semantically similar passwords even when it doesn't produce exact matches. The researchers used Levenshtein distance to measure similarity ratios, showing higher density at 0.7+ similarity compared to baseline approaches. This means if your actual password is "Hermione2023!", the model might generate "hermione2023" or "Hermione23!"—close enough that minor variations could be systematically tested.

The computational efficiency is notable: generating 10 targeted guesses takes a single API call and returns results in seconds. Compare this to brute-force approaches that might require hours or days of GPU time to even approach the same search space. The model effectively prunes the massive password space down to highly probable candidates based on personal context.

One fascinating technical detail: the model required only 10,000 training examples to achieve meaningful results. This is surprisingly small for fine-tuning tasks, suggesting that the pre-training on general internet text gives GPT-3 a strong prior for understanding how people construct passwords. The fine-tuning just teaches it to apply that knowledge given specific personal information.

Gotcha

The most significant limitation isn't technical—it's the training data itself. The 10,000 passwords used for fine-tuning came from Hashmob's crowdsourced cracking efforts, which means they represent the weakest passwords in the dataset. Bcrypt hashes that resisted cracking (presumably stronger, more random passwords) aren't represented in the training data. This creates a fundamental selection bias: the model learns to predict weak passwords well but has no information about strong ones. In practice, this means the approach is most effective against users who already have poor password hygiene, which is simultaneously the tool's strength (it finds low-hanging fruit efficiently) and its weakness (it may fail against security-conscious users).

The ethical and legal constraints are equally important. The researchers deliberately limited their dataset size and don't provide the raw training data, which means you can't easily replicate or extend their work without access to similar breach data. Acquiring such data for legitimate research is difficult and legally fraught. Using this technique for unauthorized access is obviously illegal under the Computer Fraud and Abuse Act and equivalent laws worldwide. Even in legitimate penetration testing scenarios, you'd need explicit authorization and careful scoping to avoid liability.

Real-world deployment faces practical obstacles the research doesn't fully address. Most authentication systems implement rate limiting and account lockouts after a small number of failed attempts. Getting 10 guesses might be realistic, but the model's effectiveness depends on having comprehensive personal information about the target. In many scenarios, gathering sufficient data (bio text, phone numbers, status updates) requires separate reconnaissance that might be more difficult than the password guessing itself. The approach also incurs API costs for every inference call, which could add up at scale compared to local GPU-based cracking.

Verdict

Use if: You're a security researcher studying the intersection of AI and authentication security, a penetration tester conducting authorized assessments where you have personal information about test accounts, or an organization wanting to audit your users' password choices against targeted attack scenarios. This research provides valuable insights into how modern AI can enhance traditional attack vectors, and the techniques could inform defensive strategies like detecting passwords that are too closely tied to public personal information. It's also valuable for security awareness training—demonstrating this tool's capabilities can convince users why "password123" variants based on their dog's name aren't secure. Skip if: You need a production-ready password cracking tool (Hashcat remains far more mature and flexible for general use), you lack legal authorization for security testing (this is not a toy for unauthorized access attempts), you're working with modern authentication systems that implement proper rate limiting and MFA (which largely mitigate these attacks), or you don't have access to rich personal information about targets (the approach's effectiveness depends entirely on data quality). Also skip if you're looking for a tool to crack strong, random passwords—the training data bias means this excels at predicting weak passwords, not bypassing proper password managers.

// RELATED

Cybersecurity

Caldera: When Your Red Team Needs a Planning Algorithm, Not Just Another C2

By Rob Ragan ★ 7.0k Unknown May 24, 2026
Cybersecurity

Caldera: Building Adversary Emulation with Fact-Based Planning Engines

By Rob Ragan ★ 7.0k Unknown May 24, 2026
Cybersecurity

Inside Mathias Bynens' Dotfiles: The Blueprint for 30,000 macOS Developer Environments

By Rob Ragan ★ 31.3k Unknown May 15, 2026
Cybersecurity

Glow: Why Rendering Markdown in the Terminal Shouldn't Require a Browser

By Rob Ragan ★ 25.2k Unknown May 15, 2026
Cybersecurity

Caldera: When Your Red Team Needs a Planning Algorithm, Not Just Another C2

By Rob Ragan ★ 7.0k Unknown May 24, 2026
Cybersecurity

Caldera: Building Adversary Emulation with Fact-Based Planning Engines

By Rob Ragan ★ 7.0k Unknown May 24, 2026
Cybersecurity

Inside Mathias Bynens' Dotfiles: The Blueprint for 30,000 macOS Developer Environments

By Rob Ragan ★ 31.3k Unknown May 15, 2026
cybersecurity
// ADD TO YOUR README
Featured on Starlog 
[![Featured on Starlog](https://starlog.is/api/badge/cybersecurity/acm-research-targeted-password-guesses.svg)](https://starlog.is/api/badge-click/cybersecurity/acm-research-targeted-password-guesses)