Pixelized Passwords Aren’t Safe From Deobfuscation Anymore

• Passwords that have been pixelated can be recovered up to a point by using unsophisticated tools.
• The creator of one called “Depix” is offering the tool for free on GitHub after developing it for demonstration.
• Blurring and pixelating images, especially text, should not be a method to trust anymore.

Pixelization is an established method of visual obfuscation and censorship that has been trusted in media of all kinds for many years. It is a preferred technique because it still conveys a visual message while maintaining someone’s anonymity or hiding sensitive information effectively. This, though, may have come to an end already, as freely available tools on GitHub can now discern what lies behind the mosaic filter and recover the pixels of the original image. Most notably, passwords from pixelized screenshots.

The “Depix” algorithm is based on a block-level matching system that attempts to find matches with high enough confidence against a set of character sequences that have been pixelized. After enough guessing rounds, the tool can output all correct blocks and display the recovered image.

That may not be exactly like the original, but it’ll be enough to help the user discern the text. So, essentially it’s a very capable clue-giver rather than a pure deobfuscator. The level of recovery is demonstrated in the image below:

Of course, the user will have to determine a reference font - otherwise, the software cannot guess the pixelized characters. This is not a complicated procedure, but it presupposes the knowledge of the software that was used for the pixelization. Depix can work with any font, but the success of the results may vary depending on the choice.

The tool’s creator has developed it merely to demonstrate the risky practice of pixelating passwords, so it is possible that someone could take the source and spin out a more sophisticated unmasking software through it.

Even at its current state, though, Depix should be enough to convince people not to rely on pixelization when they want to hide sensitive text. Reversing blurring isn’t within the abilities of Depix, but it shouldn’t be considered absolutely safe either. Instead, you should place a black block on top of the text and make its recovery completely impossible.

Remember, this is a free tool on GitHub that can recognize characters in manipulated images. It goes without saying that if one were to deploy AI-powered solutions that possess full knowledge of all pixelation standards out there, they would be able to go beyond just text and into the realm of face features. The takeaway is that pixelation and blurring are obsolete methods, and you shouldn’t rely on them to keep information private.