I built an AI tool to recover passwords

2•aiipassword•3mo ago

Hi HN, I built aiipassword.com, a small tool for one specific problem: getting back into your own accounts when you no longer have access to the linked email or phone.

How it works, simply: the site asks short, memory‑based questions about habits and patterns you use for passwords (name cues, dates, favorite numbers, job hints, common symbols). An AI model uses those answers and learned human password patterns to generate a short list of likely passwords you might actually have used. I used the list to try plausible combos until one worked.

Privacy and limits: nothing you type is stored long‑term. Inputs are processed transiently and never used for training. The tool is strictly for recovering your own accounts. Do not use it on other people’s accounts.

Threat model and safety: this is a last‑resort recovery aid, not a replacement for proper account recovery, 2FA, or password managers. I want the community to critique the security model, suggest attacks I missed, and help me close gaps.

If you’re a security researcher or HN reader with notes on cryptography, privacy, or ethical concerns, I’d love your feedback. Links, tests, and honest critiques welcome.

Comments

gus_massa•3mo ago

> Privacy and limits: nothing you type is stored long‑term. Inputs are processed transiently and never used for training. The tool is strictly for recovering your own accounts. Do not use it on other people’s accounts.

I'd be very worried it's false. Sorry, but I'd never use it.

aiipassword•3mo ago

Hey, totally get why you'd be careful Basically, the tool doesn't even know what account you're trying to get into (like your Gmail, Instagram, whatever). It never asks for the email or phone number tied to that account. The hints you give like names, dates, job stuff? They're only used right then while the AI is thinking and as soon as it spits out the password ideas, poof that info is gone. We don't save it anywhere. The only things we keep are your login details for our site and how many credits you have left. That's it. Seriously, we built it this way so your info stays yours. Hope that helps clear it up!

What Is Stoicism?

What happens when a neighborhood is built around a farm

Every major galaxy is speeding away from the Milky Way, except one

Extreme Inequality Presages the Revolt Against It

There's no such thing as "tech" (Ten years later)

What Really Killed Flash Player: A Six-Year Campaign of Deliberate Platform Work

Ask HN: Anyone orchestrating multiple AI coding agents in parallel?

Show HN: Knowledge-Bank

Show HN: The Codeverse Hub Linux

Take a trip to Japan's Dododo Land, the most irritating place on Earth

British drivers over 70 to face eye tests every three years

BookTalk: A Reading Companion That Captures Your Voice

Is AI "good" yet? – tracking HN's sentiment on AI coding

Show HN: Amdb – Tree-sitter based memory for AI agents (Rust)

OpenClaw Partners with VirusTotal for Skill Security

Show HN: Seedance 2.0 Release

Leisure Suit Larry's Al Lowe on model trains, funny deaths and Disney

Towards Self-Driving Codebases

VCF West: Whirlwind Software Restoration – Guy Fedorkow [video]

Show HN: COGext – A minimalist, open-source system monitor for Chrome (<550KB)

FOSDEM 26 – My Hallway Track Takeaways

Show HN: Env-shelf – Open-source desktop app to manage .env files

Show HN: Almostnode – Run Node.js, Next.js, and Express in the Browser

Dell support (and hardware) is so bad, I almost sued them

Project Pterodactyl: Incremental Architecture

Styling: Search-Text and Other Highlight-Y Pseudo-Elements

Crypto firm accidentally sends $40B in Bitcoin to users

Magnetic fields can change carbon diffusion in steel

Fantasy football that celebrates great games

Show HN: Animalese