A Large-Scale Study of Web Password Habits of Chinese Network Users

nowadays, more and more people in China are connecting to Internet; the network environment becomes less secure due to large amount of network intruders. However, many of the network users tend to set easy passwords for their convenience. These vulnerable passwords increase the risk of information leakage. So it is necessary for us to analyze the habits and strength of the passwords set by the Chinese network users. In this paper, we collect over 20 million pieces of data published on the Internet by network intruders and analyze the features of passwords through statistical methods. We find some interesting patterns in order to quantify password strength through comprehensive analysis of password length, type, and other variables. Finally, we propose some suggestions for setting secure passwords.

[1]  James L. Clark,et al.  UNIX Operating System Security , 1992, SEC.

[2]  Matt Bishop,et al.  Improving system security via proactive password checking , 1995, Comput. Secur..

[3]  Pietro Michiardi,et al.  Password Strength: An Empirical Analysis , 2010, 2010 Proceedings IEEE INFOCOM.

[4]  Chen Yang,et al.  A New Approach to Group Signature Schemes , 2011, J. Comput..

[5]  Cormac Herley,et al.  Do Strong Web Passwords Accomplish Anything? , 2007, HotSec.

[6]  Claude Castelluccia,et al.  Adaptive Password-Strength Meters from Markov Models , 2012, NDSS.

[7]  Cormac Herley,et al.  A large-scale study of web password habits , 2007, WWW '07.

[8]  Zuowen Tan,et al.  An Authentication and Key Agreement Scheme with Key Confirmation and Privacy-preservation for Multi-server Environments , 2011, J. Comput..

[9]  F. T. Grampp,et al.  The UNIX system UNIX operating system security , 1984, AT&T Bell Laboratories Technical Journal.

[10]  Philip Heng Wai Leong,et al.  UNIX Password Encryption Considered Insecure , 1991, USENIX Winter.

[11]  Edward W. Felten,et al.  Password management strategies for online accounts , 2006, SOUPS '06.

[12]  R. Padmavathy,et al.  A Small Subgroup Attack for Recovering Ephemeral Keys in Chang and Chang Password Key Exchange Protocol , 2011, J. Comput..

[13]  Ken Thompson,et al.  Password security: a case history , 1979, CACM.

[14]  Daniel Klein,et al.  Foiling the cracker: A survey of, and improvements to, password security , 1992 .