National Taiwan University
Password-based authentication systems are still the most commonly used mechanism for protecting sensitive information despite being vulnerable to dictionary based attacks. To guard against such attacks, many organizations enforce complicated password-creation rules and require that passwords include numeric and special characters. This paper demonstrates that as long as passwords are not difficult to remember, they remain vulnerable to \"Smart dictionary\" attacks. In this paper, a password analysis platform is developed to formally analyze commonly used passwords and identify frequently used password patterns and their associated probabilities.