English
Related papers

Related papers: Optimizing Password Composition Policies

200 papers

Password security hinges on an in-depth understanding of the techniques adopted by attackers. Unfortunately, real-world adversaries resort to pragmatic guessing strategies such as dictionary attacks that are inherently difficult to model in…

Cryptography and Security · Computer Science 2021-03-01 Dario Pasquini , Marco Cianfriglia , Giuseppe Ateniese , Massimo Bernaschi

Text-based secrets are still the most commonly used authentication mechanism in information systems. IT managers must strike a balance between security and memorability while developing password policies. Initially introduced as more secure…

Cryptography and Security · Computer Science 2021-12-08 Noopa Jagadeesh , Miguel Vargas Martin

The classical combinatorics-based password strength formula provides a result in tens of bits, whereas the NIST Entropy Estimation Suite give a result between 0 and 1 for Min-entropy. In this work, we present a newly developed metric --…

Cryptography and Security · Computer Science 2024-04-29 Khan Reaz , Gerhard Wunder

The security of passwords is dependent on a thorough understanding of the strategies used by attackers. Unfortunately, real-world adversaries use pragmatic guessing tactics like dictionary attacks, which are difficult to simulate in…

Cryptography and Security · Computer Science 2022-12-13 Fangyi Yu

Password advice is constantly circulated by standards agencies, companies, websites and specialists. But there appears to be great diversity in terms of the advice that is given. Users have noticed that different websites are enforcing…

Cryptography and Security · Computer Science 2018-09-10 Hazel Murray , David Malone

Human-chosen passwords are the a dominant form of authentication systems. Passwords strength estimators are used to help users avoid picking weak passwords by predicting how many attempts a password cracker would need until it finds a given…

Cryptography and Security · Computer Science 2020-05-06 Liron David , Avishai Wool

The average user has between 90-130 online accounts, and around $3 \times 10^{11}$ passwords are in use this year. Most people are terrible at remembering "random" passwords, so they reuse or create similar passwords using a combination of…

Cryptography and Security · Computer Science 2023-10-20 Ruthu Hulikal Rooparaghunath , T. S. Harikrishnan , Debayan Gupta

Security questions are one of the mechanisms used to recover passwords. Strong answers to security questions (i.e. high entropy) are hard for attackers to guess or obtain using social engineering techniques (e.g. monitoring of social…

Cryptography and Security · Computer Science 2017-09-26 Nicholas Micallef , Nalin Asanka Gamagedara Arachchilage

An important problem in sequential decision-making under uncertainty is to use limited data to compute a safe policy, i.e., a policy that is guaranteed to perform at least as well as a given baseline strategy. In this paper, we develop and…

Machine Learning · Statistics 2016-07-14 Marek Petrik , Yinlam Chow , Mohammad Ghavamzadeh

We present an in-depth analysis on the strength of the almost 10,000 passwords from users of an instant messaging server in Italy. We estimate the strength of those passwords, and compare the effectiveness of state-of-the-art attack methods…

Cryptography and Security · Computer Science 2009-07-21 Matteo Dell'Amico , Pietro Michiardi , Yves Roudier

We notice that the "password security" discourse is missing the most fundamental notion of the "password strength" -- it was never properly defined. We propose a canonical definition of the "password strength", based on the assessment of…

Cryptography and Security · Computer Science 2016-06-21 Eugene Panferov

The advent of large-scale, complex computing systems has dramatically increased the difficulties of securing accesses to systems' resources. To ensure confidentiality and integrity, the exploitation of access control mechanisms has thus…

Software Engineering · Computer Science 2015-08-18 Andrea Margheri , Rosario Pugliese , Francesco Tiezzi

The ability to compute reward-optimal policies for given and known finite Markov decision processes (MDPs) underpins a variety of applications across planning, controller synthesis, and verification. However, we often want policies (1) to…

Logic in Computer Science · Computer Science 2025-11-18 Linus Heck , Filip Macák , Milan Češka , Sebastian Junges

Any secured system can be modeled as a capability-based access control system in which each user is given a set of secret keys of the resources he is granted access to. In some large systems with resource-constrained devices, such as sensor…

Cryptography and Security · Computer Science 2021-09-21 Aldar C-F. Chan

We present a framework by which websites can coordinate to make it difficult for users to set similar passwords at these websites, in an effort to break the culture of password reuse on the web today. Though the design of such a framework…

Cryptography and Security · Computer Science 2021-03-05 Ke Coby Wang , Michael K. Reiter

To ensure that secure applications do not leak their secrets, they are required to uphold several security properties such as spatial and temporal memory safety as well as cryptographic constant time. Existing work shows how to enforce…

Cryptography and Security · Computer Science 2024-10-10 Matthis Kruse , Michael Backes , Marco Patrignani

A partial password is a mode of password-based authentication that is widely used, especially in the financial sector. It is based on a challenge-response protocol, where at each login attempt, a challenge requesting characters from…

Cryptography and Security · Computer Science 2017-01-03 Theodosis Mourouzis , Marcin Wojcik , Nikos Komninos

Text-based passwords continue to be the prime form of authentication to computer systems. Today, they are increasingly created and used with mobile text entry methods, such as touchscreens and mobile keyboards, in addition to traditional…

Cryptography and Security · Computer Science 2014-03-11 Yulong Yang , Janne Lindqvist , Antti Oulasvirta

This study aims to assess wireless network security holistically and attempts to determine the weakest link among the parts that comprise the 'secure' aspect of the wireless networks: security protocols, wireless technologies and user…

Cryptography and Security · Computer Science 2011-03-03 Berker Tasoluk , Zuhal Tanrikulu

We introduce password strength information signaling as a novel, yet counter-intuitive, defense mechanism against password cracking attacks. Recent breaches have exposed billions of user passwords to the dangerous threat of offline password…

Cryptography and Security · Computer Science 2021-08-17 Wenjie Bai , Jeremiah Blocki , Ben Harsha