Journal ArticleDOI
Group-based Password Characteristics Analysis
TLDR
This is the first time passwords are analyzed based on different user groups from the perspective of user groups in different countries and web-based services, and shows that geographical factors and types of website services play a significant role in password creation.Abstract:
In this article, we analyze password characteristics from the perspective of user groups in different countries and web-based services. We collect a dataset from the Chinese railway website www.12306.cn. which contains data from four provinces, Hubei, Zhejiang, Inner Mongolia and Xinjiang. Additionally, we select datasets from two English based Internet applications, Faithwrit-er and Facebook. We analyze these six datasets based on several common indicators, including popular passwords, password structure and letter distribution. The analysis results show that there are remarkable differences in different user groups. The experiments show that geographical factors (embodied in the native language) and types of website services play a significant role in password creation. We further evaluate the security of these passwords by employing two state-of-the-art password cracking techniques. The attack results show that datasets of different provinces and different types of website services have different password strength. To the best of our knowledge, this is the first time passwords are analyzed based on different user groups.read more
Citations
More filters
Proceedings Article
A study of probabilistic password models
TL;DR: This paper finds that Markov models, when done correctly, perform significantly better than the Probabilistic Context-Free Grammar model proposed in Weir et al., which has been used as the state-of-the-art password model in recent research.
Journal Article
Your Culture is in Your Password: An Analysis of a Demographically-diverse Password Dataset.
TL;DR: This work analyzes a meta-data rich data leak from a Middle Eastern bank with a demographically-diverse user base, and shows that a state of the art password strength estimator inflates the strength of passwords created by users from non-English speaking backgrounds.
Journal ArticleDOI
Zipf’s law analysis on the leaked Iranian users’ passwords
TL;DR: The passwords of Iranian users are more vulnerable to guessing attacks than English language users, and Zipf’s law is reviewed on five datasets of Iranians’ passwords using three different approaches including PDF, PDF with removing unpopular passwords and, CDF.
References
More filters
Proceedings ArticleDOI
The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords
TL;DR: It is estimated that passwords provide fewer than 10 bits of security against an online, trawling attack, and only about 20 bits ofSecurity against an optimal offline dictionary attack, when compared with a uniform distribution which would provide equivalent security against different forms of guessing attack.
Proceedings ArticleDOI
Password Cracking Using Probabilistic Context-Free Grammars
TL;DR: This paper discusses a new method that generates password structures in highest probability order by automatically creating a probabilistic context-free grammar based upon a training set of previously disclosed passwords, and then generating word-mangling rules to be used in password cracking.
Proceedings ArticleDOI
A Study of Probabilistic Password Models
TL;DR: In this paper, a systematic evaluation of a large number of probabilistic password models, including Markov models using different normalization and smoothing methods, and found that, among other things, when done correctly, they perform significantly better than the Probabilistic Context-Free Grammar model proposed in Weir et al., which has been used as the state of the art password model in recent research.
Book ChapterDOI
OMEN: Faster Password Guessing Using an Ordered Markov Enumerator
TL;DR: Understanding the adversaries capabilities for guessing attacks is a fundamental necessity for estimating their impact and advising countermeasures.
Proceedings ArticleDOI
A Spoonful of Sugar?: The Impact of Guidance and Feedback on Password-Creation Behavior
Richard Shay,Lujo Bauer,Nicolas Christin,Lorrie Faith Cranor,Alain Forget,Saranga Komanduri,Michelle L. Mazurek,William Melicher,Sean M. Segreti,Blase Ur +9 more
TL;DR: It is found that real-time password-creation feedback can help users create strong passwords with fewer errors, and that although guiding participants through a three-step password- creation process can make creation easier, it may result in weaker passwords.