JOURNAL BROWSE
Search
Advanced SearchSearch Tips
An Analysis of Password Meters for Domestic Web Sites
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
An Analysis of Password Meters for Domestic Web Sites
Kim, KyoungHoon; Kwon, Taekyoung;
  PDF(new window)
 Abstract
Password authentication is the representative user authentication method and particularly text-based passwords are most widely used. Unfortunately, most users select weak passwords and so many web sites provide a password meter that measures password strength to derive the users to select strong passwords. However, some metering results are not consistent and incorrect strength feedbacks are made. In this paper, we tackle these problems regarding password meters and present an improvement direction.
 Keywords
Password;Password Meter;Meter Accuracy;
 Language
Korean
 Cited by
 References
1.
X. de C. de Carnavalet and M. Mannan, "From Very Weak to Very Strong: Analyzing Password-Strength Meters," In Proc. of NDSS, Interent Society, 2014.

2.
D.J. Gusaas ,"Password Strength Meters: Implementations and Effectiveness," In Proc. of Csci, Dec. 2015.

3.
A. Das, J. Bonneau, M. Caesar, N. Borisov, and X. F. Wang, "The Tangled Web of Password Reuse," In Proc. of NDSS, Vol. 14, pp. 23-26, Feb. 2014.

4.
H. Eiji, and H. Jason I, "A Diary Study of Password Usage in Daily Life," In Proc. of SIGSCHI, ACM, pp. 2627-2630, May. 2011.

5.
D. Florencio and C. Herley, "A Large-Scale Study of Web Password Habits," In Proc. of WWW, pp. 657-666, May. 2007.

6.
S. Furnell, "Assessing password guidance and enforcement on leading websites," In Proc. of Computer Fraud&Security, 2011(12), pp. 10-18, Dec. 2011.

7.
S. Gaw and E. W. Felten, "Password Management Strategies for Online Accounts," In Proc. of SOUPS, pp. 44-55, July. 2006.

8.
P. G. Kelley, S. Komanduri, M. L. Mazurek, R. Shay, T. V. L. Bauer, N. Christin, L. F. Cranor, and J. Lopez, "Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms," In Security and Privacy on IEEE, pp.523-537, May, 2012.

9.
R. Morris and K. Thompson, "Password Security: A Case History," In Proc. of ACM, 22(11), Nov. 1979.

10.
Scarfone, Karen, and M. Souppaya, "Guide to Enterprise Password Management." NIST Special Publication 800-118, 2009.

11.
R. Veras, C. Collins, and J. Thorpe, "On the Semantic Patterns of Passwords and their Security Impact," In Proc. of NDSS, 2014.

12.
B. Ur, P. G. Kelley, S. Komanduri, J. Lee, M. Maass, M. L. Mazurek, T. Passaro, R. Shay, T. Vidas, L. Bauer, N. Christin, and L. F. Cranor, "Helping Users Create Better Passwords," In Proc. of USENIX, 2012.

13.
B. Ur, P. G. Kelley, S. Komanduri, J. Lee, M. Maass, M. L. Mazurek, T. Passaro, R. Shay, T. Vidas, L. Bauer, N. Christin, and L. F. Aranor, "How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation," In Proc. of USENIX Security, 2012.

14.
B. Ur, F. Noma, J. Bees, S. M. Segreti, R. Shay, L. Bauer, N. Christin, and L. F. Cranor, ""I added '!' at the End to Make It Secure":Observing Password Creation in the Lab," In Proc. of SOUPS, pp. 123-140, July. 2015.

15.
E. Serge, S. Andreas, M. Ildar, B. Konstantin, and H. Cormac, "Does my password go up to eleven?: the impact of password meters on password selection." In Proc. of the SIGCHI Conference on Human Factors in Computing Systems. ACM, pp. 2379-2388, 2013.

16.
R. Shay, S. Komanduri, P. G. Kelley, P. G. Leon, M. L. Mazurek, L. Bauer, N. Christin, and L. F. Cranor, "Encountering Stronger Password Requirements: User Attitudes and Behaviros," In Proc. of SOUPS, p.2, July. 2010.

17.
Stobert, Elizabeth, and Robert Biddle. "The password life cycle: user behaviour in managing passwords." In Proc. SOUPS. pp. 243-255, July. 2014.

18.
방송통신위원회, KISA, "패스워드 선택 및 이용 안내서," KISA 안내.해설 제2010-22호.

19.
S. Komanduri, R. Shay, P. G. Kelley, M. L. Mazurek, L. Bauer, N. Christin, L. F. Cranor, and S. Egelman, "Of Passwords and People: Measuring the Effect of Password-Composition Policies," In Proc. of CHI, pp. 2595-2604, May, 2011.

20.
M. Weir, S. Aggarwal, M. Collins and H. Stern, "Testing metrics for password creation policies by attacking large sets of revealed passwords," In Proc. of CCS, pp. 162-175, Oct. 2010.

21.
Alexa website, http://www.alexa.com/topsites

22.
Relative frequencies of letters in text, Wikipedia. https://en.wikipedia.org/wiki/Letter_frequency

23.
Hashcat, http://hashcat.net/hashcat/

24.
Leaked Password Lists, Skullsecurity. https://wiki.skullsecurity.org/index.php?title=Passwords,

25.
Dropbox TechBlog, zxcvbn: realistic password strength estimation. https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-strength-estimation