| Risk | Description | |------|-------------| | False positives | Legitimate but rare passwords (e.g., Tr0ub4dor&3 ) flagged as fake. | | Adaptive attackers | Sophisticated fakes using real password distributions (GAN-generated). | | Hash encryption | De-faking requires plaintext or crackable hashes; modern KDFs (bcrypt, Argon2) slow analysis. | | Privacy concerns | Inspecting passwords (even hashed) may violate compliance (GDPR, etc.). |
: Experts at CISA now recommend passwords of at least 16 characters . Length is much harder for "faking" or brute-forcing tools to crack than short, complex strings. Faking fingerprints — doable, but hard - Kaspersky Password de fakings
allows analysts to work with complete datasets while remaining compliant with privacy laws. UX Prototyping | Risk | Description | |------|-------------| | False