论文信息 - The weak and the strong password preferences: a case study on turkish users

The weak and the strong password preferences: a case study on turkish users

Considering the computer authentication, any password shall not only be private to its owner but also be chosen as not to be predicted easily by others. The passwords used in authentication processes of any critical system should be strong as not to be cracked easily. In this context, the strong password choice gets significance for the general system security. This study aims to reveal the proper and improper properties on password preferences via examining the real samples. The method used in this work is first to gather the real passwords in plaintext, then to crack the encrypted forms of them and finally to investigate statistical queries on those passwords in order to distinguish the common weak and strong characteristics. As the case study, the experiments are conducted on real passwords of Turkish users in an actively running system. The results of the experiments are categorized for weak and strong passwords. Moreover, the common tendencies on password choice are evaluated.

Mehmet Emin Dalkilic | Ilker Korkmaz

[1] Robert P. Minch,et al. User Security Behavior on Wireless Networks: An Empirical Study , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[2] Alan F. Blackwell,et al. The memorability and security of passwords – some empirical results , 2000 .

[3] William Stallings,et al. Cryptography and network security , 1998 .

[4] Morten Hertzum. Remembering Multiple Passwords by Way of Minimal- Feedback Hints: Replication and Further Analysis , 2004 .

[5] Alfredo De Santis,et al. HYPPOCRATES: a new proactive password checker , 2004, J. Syst. Softw..

[6] Jeff Yan,et al. A note on proactive password checking , 2001, NSPW '01.

[7] Robert P. Minch,et al. Wireless insecurity , 2010, Commun. ACM.

[8] Matt Bishop,et al. Improving system security via proactive password checking , 1995, Comput. Secur..

[9] Giancarlo Ruffo,et al. High dictionary compression for proactive password checking , 1998, TSEC.

[10] Peter Hoonakker,et al. Password Authentication from a Human Factors Perspective: Results of a Survey among End-Users , 2009 .

[11] Daniel Klein,et al. Foiling the cracker: A survey of, and improvements to, password security , 1992 .