Measuring Password Strength: An Empirical Analysis

Details Measuring Password Strength: An Empirical Analysis Measuring Password Strength: An Empirical Analysis

2009-07-20

arxiv.org/abs/0907.3402v1

Computer Science

Cryptography and Security

15 pages, 9 figures

Scientific paper

We present an in-depth analysis on the strength of the almost 10,000 passwords from users of an instant messaging server in Italy. We estimate the strength of those passwords, and compare the effectiveness of state-of-the-art attack methods such as dictionaries and Markov chain-based techniques. We show that the strength of passwords chosen by users varies enormously, and that the cost of attacks based on password strength grows very quickly when the attacker wants to obtain a higher success percentage. In accordance with existing studies we observe that, in the absence of measures for enforcing password strength, weak passwords are common. On the other hand we discover that there will always be a subset of users with extremely strong passwords that are very unlikely to be broken. The results of our study will help in evaluating the security of password-based authentication means, and they provide important insights for inspiring new and better proactive password checkers and password recovery tools.

Affiliated with

Also associated with

No associations

Rating

Measuring Password Strength: An Empirical Analysis does not yet have a rating. At this time, there are no reviews or comments for this scientific paper.

If you have personal experience with Measuring Password Strength: An Empirical Analysis, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Measuring Password Strength: An Empirical Analysis will most certainly appreciate the feedback.

Rate now

Comments { 0 }

Profile ID: LFWR-SCP-O-696410