Popularity is everything a new approach to protecting passwords from statistical-guessing attacks

HotSec 2010 - 5th USENIX Workshop on Hot Topics in Security

Volumn , Issue , 2010, Pages

  Schechter, Stuart ^a   Herley, Cormac ^a   Mitzenmacher, Michael ^b  

^a MICROSOFT RESEARCH   (United States)

^b HARVARD UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

DATA STRUCTURES;

COUNT-MIN SKETCH; FALSE POSITIVE; FALSE POSITIVE RATES; GUESSING ATTACKS; INTERNET-SCALE SYSTEMS; NEW APPROACHES; PROBABILISTIC DATA;

AUTHENTICATION;

EID: 85071080463     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (23)

1. Wired: Weak Password Brings 'Happiness' to Twitter Hacker. http://blog.wired.com/27bstroke6/2009/01/professed-twitt.html.
2. Adams, A., and Sasse, M. A. Users Are Not the Enemy. Commun. ACM 42, 12 (1999).
3. Bawa, M., Bayardo, R., Agrawal, R., and Vaidya, J. Privacy-preserving indexing of documents on the network. The VLDB Journal 18, 4 (2009), 837-856.
4. B.H. Bloom. Space/time trade-offs in hash coding with allowable errors. Comm. of the ACM (1970).
5. C. Estan and G. Varghese. New directions in traffic measurement and accounting: focusing on the elephants, ignoring the mice. ACM Transactions on Computer Systems (2003).
6. D. V. Klein. Foiling the Cracker: A Survey of, and Improvements to, Password Security. Proc. of the 2nd USENIX Security Workshop (1990).
7. D.A. Norman. The Way I See It: When security gets in the way. Interactions 16, 6 (2009), 60-63.
8. EH Spafford. Observing reusable password choices. Proceedings of the 3rd UNIX Security Symposium (1992).
9. EH Spafford. OPUS: Preventing weak password choices. Computers & Security (1992).
10. Florêncio, D., and Herley, C. A Large-Scale Study of Web Password Habits. WWW 2007, Banff..
11. Forget, A., Chiasson, S., van Oorschot, P. C., and Biddle, R. Improving text passwords through persuasion. In SOUPS'08: Proceedings of the 4th symposium on Usable privacy and security (2008).
12. G. Bergadano, B. Crispo and G. Ruffo. Proactive Password Checking with Decision Trees. Proc. CCS (1997).
13. G. Cormode and S. Muthukrishnan. An Improved Data Stream Summary: The Count-Min Sketch and Its Applications. Journal of Algorithms (2005).
14. Imperva. Consumer Password Worst Practices. http://www.imperva.com/docs/WP_Consumer_Password_Worst_Practices.pdf.
15. J.J. Yan. A Note on Proactive Password Checking. NSPW (2001).
16. L. St. Clair and L. Johansen and W. Enck and M. Pirretti and P. Traynor and P. McDaniel and T. Jaeger. Password Exhaustion: Predicting the End of Password Usefulness. In Proc. of 2nd Intl Conf. on Information Systems Security (ICISS) (2006).
17. Parekh, J., Wang, K., and Stolfo, S. Privacy-preserving payload-based correlation for accurate malicious traffic detection. In Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense (2006), ACM, p. 106.
18. P.C. van Oorschot, S. Stubblebine. On Countering Online Dictionary Attacks with Login Histories and Humans-in-the-Loop. ACM TISSEC vol.9 issue 3 (2006).
19. Pinkas, B., and Sander, T. Securing Passwords Against Dictionary Attacks. ACM CCS (2002).
20. S. Cohen and Y. Matias. Spectral Bloom Filters. Proc. ACM SIGMOD Intl Conf. on Management of Data (2003).
21. Schechter, S. E., Brush, A. J. B., and Egelman, S. It's No Secret: Measuring the Security and Reliability of Authentication via”Secret” Questions. In IEEE Symposium on Security and Privacy (2009), pp. 375-390.
22. Schneier, B. MySpace Passwords Aren't So Dumb. Wired, Dec. (2006). http://www.wired.com/politics/security/commentary/securitymatters/2006/12/72300.
23. U. Manber, S. Wu. An Algorithm for Approximate Membership Checking with Application to Password Security. Information Processing Letters (1994).