Abstract
In the field of information security, passwords are a means of authenticating users. Passwords with weak security cannot perform the role of user authentication and personal information protection because confidentiality is easily violated. To ensure confidentiality, it is important to evaluate the strength of the password and choose a very secure password. Due to this fact, security evaluation models for various passwords have been presented. However, existing evaluation models evaluate security based on the English alphabet. Passwords depend on the memory of the user and are closely related to the language or environment used by the user. In this regard, there are limitations in applying the existing security evaluation models to passwords chosen by non-English speakers. We compose a non-English, Korean language-based password dictionary and propose a password security evaluation model based on this for Korean users. In addition, to verify the effectiveness of the proposed model, we conducted experiments to evaluate the security of Korean language-based passwords using a database of passwords that have been actually leaked. As a result, the proposed model showed 99.38% accuracy for Korean language-based leaked passwords. This is superior to the 80.06% accuracy shown by the existing model. In conclusion, the use of the Korean language-based password security evaluation model proposed in this paper will contribute to choosing more secure passwords for Korean language-based sites or users.
Highlights
Password-based user authentication methods are a powerful means of protecting the private information of users in the field of information security [1, 2]
Experiment Results and Performance Evaluation. e performance experiment for the password security evaluation model confirmed that the security evaluation score predicted by the model proposed in this study is reliable. e evaluation criteria are the 9,177 low-security Korean language-based passwords obtained in Section 4.1, and whether the model yields security evaluation scores based on the number of leaks was determined
The proposed model evaluated the security to be weak for the leaked Korean language-based passwords with an accuracy of 99.38%
Summary
Password-based user authentication methods are a powerful means of protecting the private information of users in the field of information security [1, 2]. Patterns that combine words in an English dictionary with consecutive numbers, such as “password123,” are easy to remember but can be inferred from a dictionary, making them unsuitable for authentication functions due to low security. Erefore, user convenience and security must be considered when choosing passwords. By collecting leaked passwords and building a database, it is possible to verify how many times the chosen password has been leaked. This approach to security evaluation is difficult to apply in low-spec environments, such as web browsers and small IoT devices, since it requires a very large set of leaked passwords, and lot of effort is needed to collect leaked password sets. This approach to security evaluation is difficult to apply in low-spec environments, such as web browsers and small IoT devices, since it requires a very large set of leaked passwords, and lot of effort is needed to collect leaked password sets. e security of the password chosen by the user can be predicted through password security evaluation indicators. is can be done by implementing a password security evaluation model [8]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
