Introducing a Machine Learning Password Metric Based on EFKM Clustering Algorithm

we introduce a password strength metric using Enhanced Fuzzy K-Means clustering algorithm (EFKM henceforth). The EFKM is trained on the OWASP list of 10002 weak passwords. After that, the optimized centroids are maximized to develop a password strength metric. The resulting meter was validated by contrasting with three entropy-based metrics using two datasets: the training dataset (OWASP) and a dataset that we collected from github website that contains 5189451 leaked passwords. Our metric is able to recognize all the passwords from the OWASP as weak passwords only. Regarding the leaked passwords, the metric recognizes almost the entire set as weak passwords. We found that the results of the EFKM-based metric and the entropy-based meters are consistent. Hence the EFKM metric demonstrates its validity as an efficient password strength checker.