Statistical Metrics for Individual Password Strength
نویسنده
چکیده
We propose several possible metrics for measuring the strength of an individual password or any other secret drawn from a known, skewed distribution. In contrast to previous ad hoc approaches which rely on textual properties of passwords, we consider the problem without any knowledge of password structure. This enables rating the strength of a password given a large sample distribution without assuming anything about password semantics. We compare the results of our generic metrics against those of the NIST metrics and other previous “entropybased” metrics for a large password dataset, which suggest over-fitting in previous metrics.
منابع مشابه
Measuring Real-World Accuracies and Biases in Modeling Password Guessability
Parameterized password guessability—how many guesses a particular cracking algorithm with particular training data would take to guess a password—has become a common metric of password security. Unlike statistical metrics, it aims to model real-world attackers and to provide per-password strength estimates. We investigate how cracking approaches often used by researchers compare to real-world c...
متن کاملA Canonical Password Strength Measure
We notice that the “password security” discourse is missing a fundamental notion of the “password strength”. We propose a canonical measure of password’s strength. We give formal definition of the “guessing attack”, and the “attacker’s strategy”. The measure is based on the assessment of the efficiency of the best possible guessing attack. Unlike naive password strength assessments our measure ...
متن کاملStudying the Impact of Managers on Password Strength and Reuse
Despite their well-known security problems, passwords are still the incumbent authentication method for virtually all online services. To remedy the situation, end-users are very often referred to password managers as a solution to the password reuse and password weakness problems. However, to date the actual impact of password managers on password security and reuse has not been studied system...
متن کاملIndividual Differences on Intentions to Use Strong Passwords
This paper examines the influence of individual differences among internet users regarding intentions to use strong passwords. Several hypotheses are developed and applied to address this question based upon data collected from 182 participants (college students from three universities in the southern United States). Gender, consideration of future consequences, and number of internet passwords...
متن کاملMeasuring the Usability and Security of Permuted Passwords on Mobile Platforms
Password entry on mobile devices significantly impacts both usability and security, but there is a lack of usable security research in this area, specifically for complex password entry. To address this research gap, we set out to assign strength metrics to passwords for which we already had usability data, in an effort to have a more meaningful comparison between usability and security. This d...
متن کامل