Guess Again (and Again and Again): Measuring Password Strength by Simulating Password-Cracking Algorithms

Download Now
Provided by: Carnegie Mellon University
Topic: Security
Format: PDF
Text-based passwords remain the dominant authentication method in computer systems, despite significant advancement in attackers' capabilities to perform password cracking. In response to this threat, password composition policies have grown increasingly complex. However, there is insufficient research defining metrics to characterize password strength and using them to evaluate password-composition policies. In this paper, the authors analyze 12,000 passwords collected under seven composition policies via an online study. They develop an efficient distributed method for calculating how effectively several heuristic password-guessing algorithms guess passwords.
Download Now

Find By Topic