Investigating the Distribution of Password Choices

The distribution of passwords chosen by users has implications for site security, password-handling algorithms and even how users are permitted to select passwords. Using password lists from four different web sites, the authors investigate if Zipf's law is a good description of the frequency with which passwords are chosen. They use a number of standard statistics, which measure the security of password distributions, to see if modelling the data using a simple distribution is effective. They then consider how much the password distributions from each site have in common, using password cracking as a metric. This shows that these distributions have enough high-frequency passwords in common to provide effective speed-ups for cracking passwords.

Provided by: Association for Computing Machinery Topic: Security Date Added: Apr 2012 Format: PDF

Find By Topic