Password Security: An Analysis of Password Strengths and Vulnerabilities

Full Text (PDF, 335KB), PP.23-30

Views: 0 Downloads: 0

Author(s)

Katha Chanda 1,*

1. Department of Computer Science and Engineering, Amity School of Engineering and Technology, Noida, Uttar Pradesh, India

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2016.07.04

Received: 15 Oct. 2015 / Revised: 11 Feb. 2016 / Accepted: 2 Apr. 2016 / Published: 8 Jul. 2016

Index Terms

Password, Security, Entropy, Hashing, Password Strength

Abstract

Passwords can be used to gain access to specific data, an account, a computer system or a protected space. A single user may have multiple accounts that are protected by passwords. Research shows that users tend to keep same or similar passwords for different accounts with little differences. Once a single password becomes known, a number of accounts can be compromised. This paper deals with password security, a close look at what goes into making a password strong and the difficulty involved in breaking a password. The following sections discuss related work and prove graphically and mathematically the different aspects of password securities, overlooked vulnerabilities and the importance of passwords that are widely ignored. This work describes tests that were carried out to evaluate the resistance of passwords of varying strength against brute force attacks. It also discusses overlooked parameters such as entropy and how it ties in to password strength. This work also discusses the password composition enforcement of different popular websites and then presents a system designed to provide an adaptive and effective measure of password strength. This paper contributes toward minimizing the risk posed by those seeking to expose sensitive digital data. It provides solutions for making password breaking more difficult as well as convinces users to choose and set hard-to-break passwords.

Cite This Paper

Katha Chanda, "Password Security: An Analysis of Password Strengths and Vulnerabilities", International Journal of Computer Network and Information Security(IJCNIS), Vol.8, No.7, pp.23-30, 2016. DOI:10.5815/ijcnis.2016.07.04

Reference

[1]Herley, Cormac, Paul C. van Oorschot, and Andrew S. Patrick. "Passwords: If we’re so smart, why are we still using them?" Financial Cryptography and Data Security. Springer Berlin Heidelberg, 2009. 230-237.
[2]Halderman, J. Alex, Brent Waters, and Edward W. Felten. "A convenient method for securely managing passwords." Proceedings of the 14th international conference on World Wide Web. ACM, 2005.
[3]Manber, Udi. "A simple scheme to make passwords based on one-way functions much harder to crack." Computers & Security 15.2 (1996): 171-176.
[4]Yan, Jianxin, Alan Blackwell, Ross Anderson, and Alasdair Grant. "The memorability and security of passwords: some empirical results." Technical Report-University of Cambridge Computer Laboratory (2000): 1.
[5]Gayathiri Charathsandran, “Text Password Survey: Transition from First Generation to Second Generation” unpublished.
[6]Florêncio, D., and C. Herley. "A Large-Scale Study of Web Password Habits in Proc." (2007).
[7]Mark Keith, Benjamin Shao, Paul John Steinbart, The usability of passphrases for authentication: An empirical field study, International Journal of Human-Computer Studies, v.65 n.1, January, 2007, p.17-28.
[8]Campbell, John, Dale Kleeman, and Wanli Ma. "The good and not so good of enforcing password composition rules." Information Systems Security 16.1 (2007): 2-8.
[9]Alain Forget, Sonia Chiasson, and Robert Biddle. 2007. Helping users create better passwords: is this the right approach?. In Proceedings of the 3rd symposium on Usable privacy and security (SOUPS '07). ACM, New York, NY, USA, 151-152.
[10]Schechter, Stuart, Cormac Herley, and Michael Mitzenmacher. "Popularity is everything: A new approach to protecting passwords from statistical-guessing attacks." Proceedings of the 5th USENIX conference on Hot topics in security. USENIX Association, 2010.
[11]Ebay.com. www.ebay.com
[12]Amazon.com. www.amazon.com
[13]Flipkart.com www.flipkart.com
[14]Facebook.com www.facebook.com
[15]Adobe.com www.adobe.com
[16]Hotmail.com www.hotmail.com
[17]10,000 Most Common Passwords List. Available: https://xato.net/passwords/more-top-worst-passwords
[18]Password strength. Available: http://www.passwordmeter.com
[19]Duggan, Geoffrey B., Hilary Johnson, and Beate Grawemeyer. "Rational security: Modelling everyday password use." International journal of human-computer studies 70.6 (2012): 415-431.
[20]Kharod, Seema, Nidhi Sharma, and Alok Sharma. "An improved hashing based password security scheme using salting and differential masking." Reliability, Infocom Technologies and Optimization (ICRITO) (Trends and Future Directions), 2015 4th International Conference on. IEEE, 2015.
[21]Bailey, Daniel V., Markus Dürmuth, and Christof Paar. "Statistics on Password Re-use and Adaptive Strength for Financial Accounts." Security and Cryptography for Networks. Springer International Publishing, 2014. 218-235.