Using language-specific input methods and pronunciation rules to improve the guesses of passwords

Abstract

Password-based authentication has the advantage of easy implementation and no requirement for additional hardware; therefore, it will remain one of the primary identification methods in the near future. However, users tend to choose passwords that are easy to remember, so these passwords may be vulnerable to guessing attacks. Based on the idea that some users are influenced by their native language when choosing passwords, we propose an improved password-guessing method that adds grammars regarding Asian-language input procedures and pronunciation rules to the most updated Probabilistic Context-Free Grammar (PCFG) v4.1. The experimental results show that the improved PCFG v4.1 can increase the success rate of password cracking compared to PCFG v4.1. The improvements range from 2% to 14% for different password datasets. Additionally, we compare the proposed method to many other guessing methods; ours can achieve an excellent performance. Moreover, the characteristics of passwords that are not cracked are analyzed, and we suggest some criteria for more robust passwords.