Abstract
Recent literature proposes the use of a proactive password checker as method for preventing users from creating easy-to-guess passwords. Markov models can help us create a more effective password checker that would be able to check the probability of a given password to be chosen by an attacker. We investigate the ability of different Markov models to calculate a variety of passwords from different topics, in order to find out whether one Markov model is sufficient for creating a more effective password checker. The results of our study show that multiple models are required in order to be able to do strength calculations for a wide range of passwords. To the best of our knowledge, this is the first password strength study where the effect of the training password datasets on the success of the model is investigated.
Highlights
Authentication is the core of today’s Web experience
The goals of this paper are: (i) to find out if different Markov models will provide statistically different results when tested on the same password dataset, (ii) to find out if one model is sufficient for creating an effective password checker, and (iii) to find out if Markov models of different orders will produce statistically different results
This study explores how password scoring meters measure the password strength, which leads the authors to the claim that in order for a PSM to be accurate, its training set should be representative of the password base of the target site and that there is no single training set that can fit all PSMs
Summary
Authentication is the core of today’s Web experience. The online services, social networks (e.g., Facebook, Twitter etc.) and websites require an authentication so that users can create a profile, post messages and comments, and tailor the website’s content so it can match their interests. In an information security sense, authentication is the process of verifying someone’s identity and typically it can be classified into three main categories: knowledge-based authentication-“what you know” (e.g., textual or graphical passwords), biometrics authentication-“what you are” (e.g., retina, iris, voice, and fingerprint scans), and token-based authentication-“what you have” (e.g., smart cards, mobile phones or other tokens). Another alternative authentication method is becoming more availablethe two-step verification. This approach can be used to calculate the strength of the password, by defining a probability distribution over a sequence of characters, which constitutes the password
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
