论文信息 - An analysis of Persuasive Text Passwords

An analysis of Persuasive Text Passwords

Text-based password is widely considered as the most ubiquitous authentication scheme in computer systems nowadays. However, text-based password are vulnerable to some attacks such as brute-fore attack and dictionary-based attack. Consequently, a large number of research has focused on enhancing the security strength of text-based password. Persuasive Text Passwords (PTP) is a technique to improve password strength by adding some random characters to user's password. In this paper, we compare PTP with some common password policies. Thanks to this, some flaws of PTP are determined. An improvement of PTP is proposed to alleviate its drawbacks. The improvement is implemented by combining PTP with a password policy. The experimental results show that the new version of PTP is better than the original version in both security and usability.

Quang Uy Nguyen | Thi Thu Trang Nguyen | Thi Thu Nguyen

[1] Ieee Staff. 2015 2nd National Foundation for Science and Technology Development Conference on Information and Computer Science (NICS) , 2015 .

[2] Mukesh Singhal,et al. Password-Based Authentication: Preventing Dictionary Attacks , 2007, Computer.

[3] L. R. Peterson,et al. Short-term retention of individual verbal items. , 1959, Journal of experimental psychology.

[4] Lujo Bauer,et al. Encountering stronger password requirements: user attitudes and behaviors , 2010, SOUPS.

[5] Ken Thompson,et al. Password security: a case history , 1979, CACM.

[6] Hung-Min Sun,et al. Attacks and Solutions on Strong-Password Authentication , 2001 .

[7] W. Summers,et al. Password policy: the good, the bad, and the ugly , 2004 .

[8] Sudhir Aggarwal,et al. Testing metrics for password creation policies by attacking large sets of revealed passwords , 2010, CCS '10.

[9] Robert Biddle,et al. Graphical Password Authentication Using Cued Click Points , 2007, ESORICS.

[10] SongRonggong. Advanced smart card based password authentication protocol , 2010 .

[11] Alain Forget,et al. Improving text passwords through persuasion , 2008, SOUPS '08.

[12] Gregory V. Bard,et al. Spelling-Error Tolerant, Order-Independent Pass-Phrases via the Damerau-Levenshtein String-Edit Distance Metric , 2007, ACSW.

[13] Ronggong Song. Advanced smart card based password authentication protocol , 2010, Comput. Stand. Interfaces.