Abstract
The predominant authentication method still relies on usernames and passwords. To enhance memorability, domain terms may have been opted to include as part of passwords. However, there is little analysis of the extent to which such practice affects password security, so there is a lack of guidance on how users use domain terms on websites with different domain characteristics. To address the problem, we propose a novel approach to analyze the security effect of using domain terms in passwords. The methodology primarily consists of three stages. Firstly, we utilize Web crawlers to harvest domain vocabularies, subsequently leveraging the TextRank algorithm to rank their importance. Afterward, we propose an algorithm for constructing a simulated domain-specific password dataset by replacing password elements with domain terms. Finally, password guessing experiments are done on the dataset using PCFG and Markov model to evaluate the impact of domain terms on password security. The experimental results indicate that, for systems without clear domain, 20% domain terms replacement in the test set can reduce the cracking rate by up to 5.45%. In contrast, for domain-specific systems, 20% domain terms replacement in the training set can increase the cracking rate by 6.45%. These findings provide practical guidance on the application of domain knowledge in password creation for different types of systems. In summary, this study offers a novel perspective for exploring the security implications of passwords influenced by specific domains.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.