Traditional password strength evaluation methods fail to mitigate security risks arising from users’ preference for memorable passwords. To address this, we propose a novel assessment paradigm integrating multi-source public social data (e.g., social media) with large language models (LLMs). First, we construct fine-grained user profiles to capture individual background characteristics. Second, we design SODA ADVANCE—a social-data-to-password-semantic reconstruction tool—that maps heterogeneous social information onto password-relevant semantic features. Finally, we jointly leverage user profiles and LLMs to enable both personalized strong password generation and fine-grained, context-aware strength evaluation. Experiments on 100 real-world users demonstrate significant improvements in assessment accuracy, particularly when leveraging user background knowledge. This work is the first systematic investigation into the potential of LLMs for social-profile-driven password security modeling, establishing a foundation for next-generation adaptive password evaluation frameworks.

Although passwords remain the primary defense against unauthorized access, users often tend to use passwords that are easy to remember. This behavior significantly increases security risks, also due to the fact that traditional password strength evaluation methods are often inadequate. In this discussion paper, we present SODA ADVANCE, a data reconstruction tool also designed to enhance evaluation processes related to the password strength. In particular, SODA ADVANCE integrates a specialized module aimed at evaluating password strength by leveraging publicly available data from multiple sources, including social media platforms. Moreover, we investigate the capabilities and risks associated with emerging Large Language Models (LLMs) in evaluating and generating passwords, respectively. Experimental assessments conducted with 100 real users demonstrate that LLMs can generate strong and personalized passwords possibly defined according to user profiles. Additionally, LLMs were shown to be effective in evaluating passwords, especially when they can take into account user profile data.