A probabilistic framework for improved password strength metrics

Author

Galbally, Javier ; Coisel, Iwen ; Sanchez, Israel

Author_Institution

Joint Res. Center, Eur. Comm., Ispra, Italy

fYear

2014

fDate

13-16 Oct. 2014

Firstpage

1

Lastpage

6

Abstract

Passwords are still the most widely deployed form of authentication for both local applications and on-line services. For several decades, password policies have aimed at measuring password strength using simple sets of rules in an attempt to guide the users towards the selection of stronger passwords. In this paper, we provide an alternative vision to the existing password strength metrics by proposing a new statistical approach that is better aligned with the actual resistance of passwords to guessing attacks. The proposed probabilistic framework is able to objectively measure the strength of a given password taking advantage of the information available in the several public datasets of passwords.

Keywords

Markov processes; authorisation; probability; statistical analysis; guessing attacks; improved password strength metrics; on-line services; password policies; password selection; password strength metrics; probabilistic framework; public datasets; statistical approach; Analytical models; Computational modeling; Databases; Dictionaries; Markov processes; Measurement; Probabilistic logic; Dictionary attacks; Markov Chains; Password security; Password strength metrics;

fLanguage

English

Publisher

ieee

Conference_Titel

Security Technology (ICCST), 2014 International Carnahan Conference on

Conference_Location

Rome

Print_ISBN

978-1-4799-3530-7

Type

conf

DOI

10.1109/CCST.2014.6986985

Filename

6986985