Visualizing Keyboard Pattern Passwords

Passwords are fundamental security vulnerabilities in many systems. Several researchers have investigated the trade-off between password memorability versus resiliency to cracking and have looked at alternative systems such as graphical passwords and biometrics. To create stronger passwords, many systems enforce rules regarding the required length and types of characters passwords must contain. Another suggested approach is to use passphrases to combat dictionary attacks. One common ‘trick’ used to remember passwords that conform to complex rules is to select a pattern of keys on the keyboard. Although appearing random, the pattern is easy to remember. The purpose of this research was to investigate how often patterns are used, whether patterns could be classified into common categories, and whether those categories could be used to attack and defeat pattern-based passwords. Visualization techniques were used to collect data and assist in pattern categorization. The approach successfully identified 2 out of 11 passwords in a real-world password file that were not discovered with a traditional dictionary attack. This article will present the approach used to collect and categorize patterns, and describe the resulting attack method that successfully identified passwords in a live system.

[1]  Cormac Herley,et al.  A large-scale study of web password habits , 2007, WWW '07.

[2]  J. Bengtsson Parallel Password Cracker: A Feasibility Study of Using Linux Clustering Technique in Computer Forensics , 2007, Second International Workshop on Digital Forensics and Incident Analysis (WDFIA 2007).

[3]  Lorrie Faith Cranor,et al.  Human selection of mnemonic phrase-based passwords , 2006, SOUPS '06.

[4]  J. Yan,et al.  Password memorability and security: empirical results , 2004, IEEE Security & Privacy Magazine.

[5]  Heinrich Hußmann,et al.  PassShape: stroke based shape passwords , 2007, OZCHI '07.