Existing password-guessing models rely solely on statistical patterns in leaked datasets, neglecting external factors such as sociocultural trends—resulting in poor adaptability to emerging password patterns and low temporal relevance. To address this, we propose KAPSM, the first knowledge-augmented, adaptive password-sequence modeling framework that integrates external knowledge. KAPSM employs a prefix-anchoring mechanism to dynamically inject real-time sociolinguistic trends into generation, synergistically combining internal statistical modeling with external trend awareness. Evaluated across 12 breached datasets, KAPSM achieves average improvements of 74.7% (cross-site) and 36.5% (in-site) in guessing efficiency over state-of-the-art baselines. Furthermore, KAPSM enables trend-aware, fine-grained password strength assessment—introducing a novel paradigm for password security analysis grounded in dynamic, contextual knowledge integration.

As the primary mechanism of digital authentication, user-created passwords exhibit common patterns and regularities that can be learned from leaked datasets. Password choices are profoundly shaped by external factors, including social contexts, cultural trends, and popular vocabulary. Prevailing password guessing models primarily emphasize patterns derived from leaked passwords, while neglecting these external influences -- a limitation that hampers their adaptability to emerging password trends and erodes their effectiveness over time. To address these challenges, we propose KAPG, a knowledge-augmented password guessing framework that adaptively integrates external lexical knowledge into the guessing process. KAPG couples internal statistical knowledge learned from leaked passwords with external information that reflects real-world trends. By using password prefixes as anchors for knowledge lookup, it dynamically injects relevant external cues during generation while preserving the structural regularities of authentic passwords. Experiments on twelve leaked datasets show that KnowGuess achieves average improvements of 36.5% and 74.7% over state-of-the-art models in intra-site and cross-site scenarios, respectively. Further analyses of password overlap and model efficiency highlight its robustness and computational efficiency. To counter these attacks, we further develop KAPSM, a trend-aware and site-specific password strength meter. Experiments demonstrate that KAPSM significantly outperforms existing tools in accuracy across diverse evaluation settings.