Abstract:
In the use of information systems, passwords are a basic means of user authentication and have an important role in practical security. Meanwhile, with the spread of vari...Show MoreMetadata
Abstract:
In the use of information systems, passwords are a basic means of user authentication and have an important role in practical security. Meanwhile, with the spread of various Internet services in recent years, opportunities for setting passwords are increasing. Therefore, strong passwords are always required to perform the role of user authentication, and the number of research of password is increasing. The main topic of passwords is their quality or strength, i.e., how hard it can be guessed by an attacker, and there are various password strength meters have been proposed so far. In this study, we propose an evaluation method for password strength with the consideration of the risk of dictionary attacks and compare its effectiveness with previous works. By collecting leaked password lists, we build a database and regard it as a Markov information source, whereas previous works regarded it as a memoryless source. Then, we calculate the self-information of the password and use this value to show the risk of dictionary attacks or compare the strength of several passwords. By experiment results, we show that our method is very effective and can help to create effective passwords.
Date of Conference: 17-19 October 2022
Date Added to IEEE Xplore: 26 September 2024
ISBN Information:
ISSN Information:
Conference Location: Tsukuba, Ibaraki, Japan