I built an AI tool to recover passwords

2•aiipassword•3mo ago

Hi HN, I built aiipassword.com, a small tool for one specific problem: getting back into your own accounts when you no longer have access to the linked email or phone.

How it works, simply: the site asks short, memory‑based questions about habits and patterns you use for passwords (name cues, dates, favorite numbers, job hints, common symbols). An AI model uses those answers and learned human password patterns to generate a short list of likely passwords you might actually have used. I used the list to try plausible combos until one worked.

Privacy and limits: nothing you type is stored long‑term. Inputs are processed transiently and never used for training. The tool is strictly for recovering your own accounts. Do not use it on other people’s accounts.

Threat model and safety: this is a last‑resort recovery aid, not a replacement for proper account recovery, 2FA, or password managers. I want the community to critique the security model, suggest attacks I missed, and help me close gaps.

If you’re a security researcher or HN reader with notes on cryptography, privacy, or ethical concerns, I’d love your feedback. Links, tests, and honest critiques welcome.

Comments

gus_massa•3mo ago

> Privacy and limits: nothing you type is stored long‑term. Inputs are processed transiently and never used for training. The tool is strictly for recovering your own accounts. Do not use it on other people’s accounts.

I'd be very worried it's false. Sorry, but I'd never use it.

aiipassword•3mo ago

Hey, totally get why you'd be careful Basically, the tool doesn't even know what account you're trying to get into (like your Gmail, Instagram, whatever). It never asks for the email or phone number tied to that account. The hints you give like names, dates, job stuff? They're only used right then while the AI is thinking and as soon as it spits out the password ideas, poof that info is gone. We don't save it anywhere. The only things we keep are your login details for our site and how many credits you have left. That's it. Seriously, we built it this way so your info stays yours. Hope that helps clear it up!

The AI Talent War Is for Plumbers and Electricians

Show HN: MimiClaw, OpenClaw(Clawdbot)on $5 Chips

I Maintain My Blog in the Age of Agents

The Fall of the Nerds

I'm 15 and built a free tool for reading Greek/Latin texts. Would love feedback

How close is AI to taking my job?

You are the reason I am not reviewing this PR

Show HN: FamilyMemories.video – Turn static old photos into 5s AI videos

How Meta Made Linux a Planet-Scale Load Balancer

A Turing Test for AI Coding

How to Identify and Eliminate Unused AWS Resources

A2CDVI – HDMI output from from the Apple IIc's digital video output connector

CLI for Common Playwright Actions

Would you use an e-commerce platform that shares transaction fees with users?

Show HN: SafeClaw – a way to manage multiple Claude Code instances in containers

The Future of the Global Open-Source AI Ecosystem: From DeepSeek to AI+

The Evolution of the Interface

Azure: Virtual network routing appliance overview

Seedance2 – multi-shot AI video generation

Πfs – The Data-Free Filesystem

Go-busybox: A sandboxable port of busybox for AI agents

Quantization-Aware Distillation for NVFP4 Inference Accuracy Recovery [pdf]

xAI Merger Poses Bigger Threat to OpenAI, Anthropic

Atlas Airborne (Boston Dynamics and RAI Institute) [video]

Zen Tools

Is the Detachment in the Room? – Agents, Cruelty, and Empathy

The purpose of Continuous Integration is to fail

Apfelstrudel: Live coding music environment with AI agent chat

What Is Stoicism?

What happens when a neighborhood is built around a farm