Password strength: An empirical analysis

Proceedings - IEEE INFOCOM

Volumn , Issue , 2010, Pages

  Dell'Amico, Matteo ^a   Michiardi, Pietro ^a   Roudier, Yves ^a  

^a EURECOM   (France)

Author keywords

[No Author keywords available]

Indexed keywords

DATA SETS; EMPIRICAL ANALYSIS; ORDERS OF MAGNITUDE; PASSWORD STRENGTH; PROBABILISTIC MODELS; SECURITY OF AUTHENTICATION;

DATA PROCESSING;

EID: 77953306210     PISSN: 0743166X     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/INFCOM.2010.5461951     Document Type: Conference Paper

References (22)

1. R. E. Smith, The Strong Password Dilemma. Addison-Wesley, 2002, ch. 6.
2. A. Adams and M. A. Sasse, "Users are not the enemy," Commun. ACM, vol. 42, no. 12, pp. 40-46, December 1999.
3. S. Riley, "Password security: What users know and what they actually do," Usability News, vol. 8, no. 1, February 2006.
4. R. Morris and K. Thompson, "Password security: a case history," Commun. ACM, vol. 22, no. 11, pp. 594-597, November 1979.
5. D. V. Klein, "Foiling the cracker: A survey of, and improvements to, password security," in Proc. USENIX UNIX Security Workshop, 1990.
6. E. H. Spafford, "Observing reusable password choices," in In Proceedings of the 3rd Security Symposium. Usenix, 1992, pp. 299-312.
7. M. Weir, S. Aggarwal, B. de Medeiros, and B. Glodek, "Password cracking using probabilistic context-free grammars," in IEEE Symposium on Security and Privacy. IEEE, May 2009, pp. 391-405.
8. A. Narayanan and V. Shmatikov, "Fast dictionary attacks on passwords using time-space tradeoff," in CCS 2005, 2005, pp. 364-372.
9. J. A. Cazier and D. B. Medlin, "Password security: An empirical investigation into e-commerce passwords and their crack times," Information Security Journal: A Global Perspective, vol. 15, no. 6, pp. 45-55, 2006.
10. S. Marechal, "Advances in password cracking," Journal in Computer Virology, vol. 4, no. 1, pp. 73-81, February 2008.
11. D. Florencio and C. Herley, "A large-scale study of web password habits," in WWW '07: Proceedings of the 16th international conference on World Wide Web. ACM, 2007, pp. 657-666.
12. "John the ripper - cracking modes," Retrieved on 29/07/2009. [Online]. Available: http://www.openwall.com/john/doc/MODES.shtml
13. L. von Ahn, M. Blum, and J. Langford, "Telling humans and computers apart automatically," Commun. ACM, vol. 47, no. 2, pp. 56-60, 2004.
14. B. Pinkas and T. Sander, "Securing passwords against dictionary attacks," in Proc. CCS '02, 2002, pp. 161-170.
15. P. Oechslin, "Making a faster cryptanalytic time-memory trade-off," in Advances in Cryptology - CRYPTO 2003, 2003, pp. 617-630.
16. T. Wu, "A real-world analysis of Kerberos password security," in Proc. NDSS 1999, February 1999.
17. M. Bishop, "Improving system security via proactive password checking," Computers & Security, vol. 14, no. 3, pp. 233-249, 1995.
18. J. J. Yan, "A note on proactive password checking," in Proc. NSPW '01. ACM, 2001, pp. 127-135.
19. R. A. Grimes, "MySpace password exploit: Crunching the numbers (and letters)," InfoWorld online article, November 2006. [Online]. Available: http://www.infoworld.com/article/06/11/17/47OPsecadvise-1.html
20. S. Porst, "A brief analysis of 40,000 leaked MySpace passwords," Blog post, November 2007. [Online]. Available: http://www.the-interweb.com/serendipity/index.php?/archives/94-A-brief-analysis- of-40,000-leaked-MySpace-passwords.html
21. C. Kuo, S. Romanosky, and L. F. Cranor, "Human selection of mnemonic phrase-based passwords," in Proc. SOUPS '06, 2006, pp. 67-78.
22. B. Schneier, "Schneier on security: Choosing secure passwords," January 2007. [Online]. Available: http://www.schneier.com/blog/archives/2007/ 01/choosing-secure.html