Deakin University
Browse

File(s) under permanent embargo

Password strength estimators trained on the leaked password lists

Version 2 2024-06-04, 14:26
Version 1 2019-11-27, 15:17
conference contribution
posted on 2024-06-04, 14:26 authored by CR Schaffer, Lei PanLei Pan
Passwords currently are and will be used as the main authentication mechanism across online applications for the foreseeable future. Estimating the strength of a user’s password gives the user a valuable insight into the strength or weakness of their chosen passwords. Current password strength estimators, when giving an estimate on a password’s strength, often fail to consider the plethora of leaked lists at an attacker’s disposal. This research investigates the effect of training a password strength estimator on a leaked list of 14.3 million passwords, all of which are commonly used in the password cracking world and then observing the effect that it has on the estimation of a password’s strength. Through modifying the trained dictionary lists that the zxcvbn classifier is fed, an estimate that accounts for the leaked list was achieved. Our empirical results show that there is a clear need to include leaked passwords in the password strength estimation process and that the accuracy of the estimator should not be sacrificed in order to provide a faster service.

History

Volume

1116

Pagination

219-231

Location

Thanjavur, India

Start date

2019-11-22

End date

2019-11-24

ISBN-13

9789811508714

Language

eng

Publication classification

E1 Full written paper - refereed

Editor/Contributor(s)

Shankar Sriram V, Subramaniyaswamy V, Sasikaladevi N, Zhang Y, Batten L, Li G

Title of proceedings

ATIS 2019: Applications and Techniques in Information Security

Event

Applications and Techniques in Information Security. International Conference (2019 : Thanjavur, India)

Publisher

Springer

Place of publication

Singapore

Series

Communications in Computer and Information

Usage metrics

    Research Publications

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC