Abstract
Password composition policies are helpful in strengthening password’s resistance against guessing attacks. Sadly, existing off-the-shelf composition policies often remain static, which creates potential security vulnerability. In this paper, we propose a new adaptive password policy generation framework called HTPG. Based on the Zipf distribution of passwords, HTPG classifies all passwords in data set into two categories, that is, head passwords and tail passwords. We find that head passwords are vulnerable and high-value for attackers because they are most frequently used, while tail passwords have higher strength than head passwords. According to this fact, HTPG dynamically generates policies to enhance head passwords by modifying them so as to be closer to tail passwords on feature space. By introducing the idea of machine learning, we propose a policy sort method based on information gain ratio to help user choose more effective policies in enhancing head passwords. HTPG can effectively improve the security of entire password data set and make the password distribution more uniform. Experiments show that the number of cracked head passwords decreases 69% on average, compared with the original head passwords, by adopting policies generated by HTPG. Surveys on usability show that 80.23% enhanced passwords can be recalled by those who remember the corresponding original passwords.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: IEEE Transactions on Information Forensics and Security
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
