Set Of Passwords Research Articles

An Enhancement of Honey Encryption Algorithm Applied in Online Patient Portals

The Honey Encryption Algorithm is a novel encryption scheme designed to encrypt messages using low-entropy keys, such as passwords. When an incorrect key is used for decryption, it returns a honeyword—a fictitious message intended to mislead attackers into thinking they have accessed the correct data. However, in password-based authentication systems, a usability issue arises when legitimate users accidentally input their password in a way that results in a honeyword. This study addresses the problem of typo-safety in Honey Encryption Algorithm by employing Long Short-Term Memory (LSTM) models combined with Damerau-Levenshtein distance metric to generate honeywords that are less likely to be typed by legitimate users, while still being effective against adversarial attacks. The Enhanced Honey Encryption Algorithm achieved a typo rate of 29%, with only 4.57% of typos producing a honeyword candidate. In comparison, the original Honey Encryption Algorithm using a Take-a-Tail method had a 71% typo rate, with 27.71% of typos resulting in honeyword candidates. A password survey was conducted on 100 participants, asking them to re-enter 20 passwords under timed and environmental constraints for ecological validity. Both algorithms were tested using honeyword sets generated from a set of passwords sourced from the phpBB password list. The Enhanced Honey Encryption Algorithm’s 29% typo rate and 4.57% honeyword rate indicate a lower probability of legitimate users’ typos resulting in a honeyword, resulting in a significant improvement in usability in password-based authentication systems.

OMECDN: A Password-Generation Model Based on an Ordered Markov Enumerator and Critic Discriminant Network

At present, static text passwords are still the most widely-used identity authentication method. Password-generation technology can generate large-scale password sets and then detect the defects in password-protection mechanisms, which is of great significance for evaluating password-guessing algorithms. However, the existing password-generation technology cannot ignore low-quality passwords in the generated password set, which will lead to low-efficiency password guessing. In this paper, a password-generation model based on an ordered Markov enumerator and critic discriminant network (OMECDN) is proposed, where passwords are generated via an ordered Markov enumerator (OMEN) and a discriminant network according to the probability of the combination of passwords. OMECDN optimizes the performance of password generation with a discriminative network based on the good statistical properties of OMEN. Moreover, the final password set is formed by the selected passwords with a higher score than the preset threshold, which guarantees the superiority of the hit rate of almost all ranges of combinations of passwords over the initial password set. Finally, the experiments show that OMECDN achieves a qualitative improvement in hit rate metrics. In particular, regarding the generation of 107 passwords on the RockYou dataset, the matching entries of the password set generated by the OMECDN model are 25.18% and 243.58% higher than those generated by the OMEN model and the PassGAN model, respectively.

AvoidPwd: A mnemonic password generation strategy based on keyboard transformation

Identity authentication is the first line of defense for network security. Passwords have been the most widely used authentication method in recent years. Although there are security risks in passwords, they will be the primary method in the future due to their simplicity and low cost. Considering the security and usability of passwords, we propose AvoidPwd, which is a novel mnemonic password generation strategy that is based on keyboard transformation. AvoidPwd helps users customize a "route" to bypass an "obstacle" and choose the characters on the "route" as the final password. The "obstacle" is a certain word using any language and the keys adjacent to the "obstacle" are typed with the "Shift" key. A two-part experiment was conducted to examine the memorability and security of the AvoidPwd strategy with other three password strategies and three leaked password sets. The results showed that the passwords generated by the AvoidPwd strategy were more secure than the other leaked password sets. Meanwhile, AvoidPwd outperformed the KbCg, SpIns, and Alphapwd in balancing security and usability. In addition, there are more symbols in the character distribution of AvoidPwd than the other strategies. AvoidPwd is hopeful to solve the security problem that people are difficult to remember symbols and they tend to input letters and digits when creating passwords.

Accessing Patient Electronic Health Record Portals Safely Using Social Credentials: Demonstration Pilot Study.

BackgroundPatient portals allow communication with clinicians, access to test results, appointments, etc, and generally requires another set of log-ins and passwords, which can become cumbersome, as patients often have records at multiple institutions. Social credentials (eg, Google and Facebook) are increasingly used as a federated identity to allow access and reduce the password burden. Single Federated Identity Log-in for Electronic health records (Single-FILE) is a real-world test of the feasibility and acceptability of federated social credentials for patients to access their electronic health records (EHRs) at multiple organizations with a single sign-on (SSO).ObjectiveThis study aims to deploy a federated identity system for health care in a real-world environment so patients can safely use a social identity to access their EHR data at multiple organizations. This will help identify barriers and inform guidance for the deployment of such systems.MethodsSingle-FILE allowed patients to pick a social identity (such as Google or Facebook) as a federated identity for multisite EHR patient portal access with an SSO. Binding the identity to the patient’s EHR records was performed by confirming that the patient had a valid portal log-in and sending a one-time passcode to a telephone (SMS text message or voice) number retrieved from the EHR. This reduced the risk of stolen EHR portal credentials. For a real-world test, we recruited 8 patients and (or) their caregivers who had EHR data at 2 independent health care facilities, enrolled them into Single-FILE, and allowed them to use their social identity credentials to access their patient records. We used a short qualitative interview to assess their interest and use of a federated identity for SSO. Single-FILE was implemented as a web-based patient portal, although the concept can be readily implemented on a variety of mobile platforms.ResultsWe interviewed the patients and their caregivers to assess their comfort levels with using a social identity for access. Patients noted that they appreciated only having to remember 1 log-in as part of Single-FILE and being able to sign up through Facebook.ConclusionsOur results indicate that from a technical perspective, a social identity can be used as a federated identity that is bound to a patient’s EHR data. The one-time passcode sent to the patient’s EHR phone number provided assurance that the binding is valid. The patients indicated that they were comfortable with using their social credentials instead of having to remember the log-in credentials for their EHR portal. Our experience will help inform the implementation of federated identity systems in health care in the United States.

Effectiveness of protection motivation theory based: Password hygiene training programme for youth media literacy education

This study adopts an experimental design to investigate the effectiveness of a password hygiene training programme. The password hygiene training programme adopted the Protection Motivation Theory’s framework in its development, and was delivered online to 84 students aged 13 to 16. Strength of password measures, such as time taken, and number of tries required, to crack the password, were administered pre and post intervention. The findings revealed that the password hygiene training programme was effective in changing actual password setting behaviour. This study also provided hints on which perceptual changes, based on the theory’s framework, was most influential in the exercise.

Implementing Cybersecurity Best Practices for Electrical Infrastructure in a Refinery: A Case Study

Cybersecurity is quickly becoming one of the most important and potentially impactful risks to a process or refining facility. Cybersecurity solutions for electrical infrastructure can be challenging to implement because of the large number of devices that utilize a single set of passwords. The potential solutions to mitigate these risks can be expensive, inefficient, and time consuming to maintain. This article describes a case study of developing and implementing cybersecurity best practices for electrical infrastructure at a refining facility using a low-cost and low-maintenance approach. The design approach for this case study employs a centralized solution to implement role-based user access control, automated device password management, and a centralized data aggregation and human-machine interface (HMI) platform. The development of the cybersecurity best practices, design and implementation of the automation and cybersecurity platform, operations and maintenance, and lessons learned are discussed.

Exploratory Data Analysis on Username-Password Dataset

Passwords act as a first line of defense against any malicious or unauthorized access to one's personal information. With the increasing digitization, it has now become even more important to choose strong passwords. In this paper, the authors analyze a 100 million Email-Password Database to perform Exploratory Data Analysis. The analysis provides valuable insights on statistics about the most common passwords being used, character set of passwords, most common domains, average length, password strength, frequencies of letters, numbers, symbols (special characters), most common letter, most common number, most common symbol, the ratio of letters, numbers, symbols in passwords which highlights the general trend that users follow while creating passwords. Using the results of this paper, users can make intelligent decisions while creating passwords for themselves, i.e., not opting for the most common features that will help them create robust and less vulnerable passwords.

Leet Usage and Its Effect on Password Security

Text-based passwords have long acted as the dominating authentication method. Leet, as one of the significant components in password, has not been paid enough attention yet. In this paper, we systematically study the presence of Leet in passwords. We define single and pattern forms of Leet and propose a matching approach to check whether a user password contains Leet. We extract the most prevalent counterpart pairs of Leet manifestations. Afterward, we examine the effect of Leet in passwords by incorporating Leet transformation into the probabilistic context-free grammar(PCFG) method to crack passwords. We construct the first comprehensively analyzed dictionary of Leets for passwords, which is confirmed suitable for most datasets by user survey. Experiments on four leaked password sets demonstrate that distinguished Leet usage accumulates to account for around 1% of the total dataset. Only 5% of high-frequency Leets replacement could increase the cracking rate by 0.55%. For crackers, incorporating popular Leets aids to improve password cracking performance. For users, adopting low-frequency Leets could strengthen their passwords. This research provides a new perspective to investigate Leet transformations in passwords.

An Efficient Security Model for Password Generation and Time Complexity Analysis for Cracking the Password

Passwords tend to be one of the most popular approaches to protect operating systems and user’s data also. Most businesses rely on password protection schemes, and secure passwords are incredibly necessary to them. The proposed model typically aims to impose protection by forcing users to obey protocols to build passwords. For user protection, password has become a prevailing method in terms of exposure to scarce tools. The main problem with password is its consistency or power, i.e. how simple (or how difficult) a third person can be "assumed" to enter the tool that you use while claiming to be you. In operating systems, text-based passwords remain the primary form of authentication, following major improvements in attackers' skills in breaking passwords. The proposed Random Character Utilization with Hashing (RCUH) is used for generation of new passwords by considering user parameters. The proposed model introduces a new framework to design a password by considering nearly 10 parameters from the user and also analyze the time for cracking the generated password to provide the system strength. The proposed model aims to generate an efficient security model for password generation by considering several secret parameters from the user. To break a set of consistency passwords, analysis is also performed on time for password cracking. The tests show a close positive correlation between guessing complexity and password consistency. The proposed model is compared with the traditional password generation and cracking models. The proposed model takes much time in cracking the password that improves the systems security.

Generating Optimized Guessing Candidates toward Better Password Cracking from Multi-Dictionaries Using Relativistic GAN

Despite their well-known weaknesses, passwords are still the de-facto authentication method for most online systems. Due to its importance, password cracking has been vibrantly researched both for offensive and defensive purposes. Hashcat and John the Ripper are the most popular cracking tools, allowing users to crack millions of passwords in a short time. However, their rule-based cracking has an explicit limitation of depending on password-cracking experts to come up with creative rules. To overcome this limitation, a recent trend has been to apply machine learning techniques to research on password cracking. For instance, state-of-the-art password guessing studies such as PassGAN and rPassGAN adopted a Generative Adversarial Network (GAN) and used it to generate high-quality password guesses without knowledge of password structures. However, compared with the probabilistic context-free grammar (PCFG), rPassGAN shows inferior password cracking performance in some cases. It was also observed that each password cracker has its own cracking space that does not overlap with other models. This observation led us to realize that an optimized candidate dictionary can be made by combining the password candidates generated by multiple password generation models. In this paper, we suggest a deep learning-based approach called REDPACK that addresses the weakness of the cutting-edge cracking tools based on GAN. To this end, REDPACK combines multiple password candidate generator models in an effective way. Our approach uses the discriminator of rPassGAN as the password selector. Then, by collecting passwords selectively, our model achieves a more realistic password candidate dictionary. Also, REDPACK improves password cracking performance by incorporating both the generator and the discriminator of GAN. We evaluated our system on various datasets with password candidates composed of symbols, digits, upper and lowercase letters. The results clearly show that our approach outperforms all existing approaches, including rule-based Hashcat, GAN-based PassGAN, and probability-based PCFG. The proposed model was also able to reduce the number of password candidates by up to 65%, with only 20% cracking performance loss compared to the union set of passwords cracked by multiple-generation models.

High performance area measurement system for leather industries

India is one of the leading producers of leather and leather products. Leather Sheet provided by the Tanners is in irregular shape and one of the main factors of its cost is based on its surface area. To calculate the size of the leather, different methods are used which include manual, mechanical and electronics systems. The presently used systems are offer greater amount of error in the measurement due to its irregular shape and cost of the system also high. The proposed research work is development of a prototype with surface area measurement system based on image processing in which a digital photographic image of leather sheet is placed on a conveyer belt having Variable Frequency Drive controlled rollers. IR sensors are used as feedback mechanism for practical implementation of the system which is used to minimize the error in surface area calculations. The main objective is to develop a flat surface area measuring system which is used to calculate the surface area of any irregular sheet. The irregular leather sheet is used in this work. The system is self-protected by user name and password set through software for security purpose. Only authorized user can enter into the system by entering the valid pin code. After entering into the system, the user can measure the area of any irregular sheet, monitor and control the system. The heart of the system is Microcontroller (Atmega328p) which controls the complete working of the system. The controlling instructions for the system are given through the designed Human to Machine Interface (HMI). For communication purpose the GSM modem is also interfaced with the Arduino Microcontroller. The remote user can also monitor the current status of the devices by sending SMS message to the GSM modem.

Research on Password Cracking Technology Based on Improved Transformer

Password plays a vital role in identity authentication. However, password security is facing great challenges. In this paper, we research the password cracking technology based on artificial intelligence, aiming to study the probability of password cracking in common password setting methods, and provide references for the setting of password. First of all, we collected a large amount of user’s personal information and passwords, and analysed the correlation between the personal information and passwords. And then, we implemented a password guessing model based on improved Transformer in which information weights were introduced into the data pre-processing and the modified beam search algorithm was used in the model to quickly search the top ranked output results. The percentage of password cracked was 68.63%, and the average guess time was 51.99 seconds. The experiment result shows that artificial intelligence brings great challenges to user password security, and this paper puts forward suggestions on user setting passwords.

CSNN: Password guessing method based on Chinese syllables and neural network

Password guessing attack is the most direct way to gain access to information systems. Using appropriate methods to generate password dictionary can effectively improve the hit rate of password guessing attacks. A Chinese syllables and Neural Network-based password generation method CSNN is proposed for Chinese password sets. This method treats Chinese Syllables as integral elements and uses them to parse and process passwords. The processed passwords are trained in Long Short-Term Memory Neural Network, and the trained model is used to generate password dictionaries (guessing sets). Long Short-Term Memory Neural Network is a kind of Recurrent Neural Network. In order to evaluate the effectiveness of CSNN, the hit rates of guessing sets generated by CSNN on target password sets (test sets) are compared with Probability Context-Free Grammar (PCFG) and 5th-order Markov Chain Model. In hit rate experiment, guessing sets of different scales were selected; the results show that the comprehensive performance of guessing sets generated by CSNN is better than PCFG and 5th-order Markov Chain Model. Compared with PCFG, different scales of CSNN guessing sets can improve up to 9% in hit rate on some test sets; compared with 5th-order Markov Chain Model, the best performance range of CSNN guessing sets is 105 to 106 guesses, and their hit rate increases range from 2.6% to 12.03%.

Steganography-based Password Management: A conceptual Model

The problem of password management is one of the oldest and most problematic issues in the context of computing security and personal digital information. Despite the fact that many researched have been carried out on this problem, most solutions have remained focused on the server side assuming a trusted infrastructure that will enforce a proper management scheme for the user passwords and that exists outside of the user’s domain. On the other hand, user or client-side password management has remained at the level of recommendations to users providing some general guidelines to what constitutes good management of a user’s set of passwords. In this paper, we propose a novel approach by focusing on the design of a system for the management of a user’s passwords that runs within the domain of the user.The new system utilizes information hiding by means of steganography techniques in order to create seamless management of user passwords. To the best of our knowledge this would be the first attempt of using stego-image as a token for two-factor authentication in the literature, which needs no extra cost of hardware, easy to use and implement.

SPSR-FSPG: A Fast Simulative Password Set Generation Algorithm

Identity authentication is a main line of defense for network security, and passwords have long been the mainstream of identity authentication. In the field of password security research, large-scale password datasets have played an important role in the efficiency evaluation of password attack algorithms, the feasibility detection of password strength meters, and the correction of password probability models. However, due to user privacy, timeliness, effectiveness and other factors, it is still very difficult for researchers to obtain real large-scale user plaintext passwords. Based on this, this paper proposes a fast simulative password set generation algorithm based on structure partitioning and string recombination, denoted as SPSR-FSPG. The algorithm uses the probability context-free grammar to model the structure of the password, and constructs a string generation model based on the recurrent neural network to generate different types of strings, so as to learn the character composition of the password in the original dataset. In addition, the model fully considers the user's password reuse and modification behavior. Finally, the method is verified by experiment on six real Chinese and English password sets. The results show that the generation rate of SPSR-FSPG is faster than other algorithms. In terms of true password coverage, the SPSR-FPSG simulative password set is increased by 11.36% and 17.5, respectively, relative to SPPG and PCFG, and is increased by about 122.73% and 130.3%, respectively, compared to OMEN and 4-Markov. And the fit of the Zipf distribution is maintained at a level above 0.95, it is better than 0.9 of SPPG. At the same time, the SPPR-FPSG simulative password set is closer to the real password set in terms of length and character composition.

A key for John Doe: modeling and designing Anonymous Password-Authenticated Key Exchange protocols

Anonymous Password-Authenticated Key Exchange ( $\sf{ APAKE}$ APAKE ) can be seen as the hybrid offspring of standard key exchange and anonymous password authentication protocols. $\sf{ APAKE}$ APAKE allows a client holding a low-entropy password to establish a session key with a server, provided that the client’s password is in the server’s set. Moreover, no information about the password input by the client or the set of valid passwords held by the server should leak to the other party–beyond whether the client’s password lies or not in the server’s password database. To the best of our knowledge, all $\sf{ APAKE}$ APAKE proposals to date either assume client storage or force the client to remember the index assigned to its password in the server’s database. Furthermore, earlier works either provide only informal definitions or fail in some sense to properly model the primitive. In this paper, we provide a formal security model for $\sf{ APAKE}$ APAKE , capturing security and anonymity provisions for both clients and servers. In addition, we present two $\sf{ APAKE}$ APAKE protocols that only require clients to remember a password and that attain our sought key secrecy and anonymity guarantees. Our first protocol leverages oblivious pseudo-random functions, while the second one builds upon a special type of identity-based encryption scheme.

Sequential displacement strategy for selective and highly sensitive detection of Zn2+, Hg2+ and S2- ions: An approach toward a molecular keypad lock.

A thiocarbonohydrazone locked salicylidene based macrocycle ligand L has been synthesized and its ion sensing properties were examined by UV-visible and fluorescence spectroscopy. The macrocycle serves as a highly selective colorimetric sensor for Hg2+ ions while it acts as an excellent fluorescent sensor for Zn2+ ions by exhibiting a green fluorescence at 498 nm even in the presence of interfering ions. A detailed analysis of binding characteristics such as complex stoichiometry, association constant and detection limits of L toward Hg2+ and Zn2+ ions were evaluated by UV-visible and fluorescence experiments which revealed a stronger binding affinity and higher detection limit of L toward the mercury ions. Further, the sequential displacement strategy for the chromofluorogenic detection of Zn2+, Hg2+ and S2- ions by ligand L, has been studied comprehensively. Finally, the ion-responsive fluorescence output signal of L were employed to design a molecular keypad lock which could be accessible by two users having two different set of chemical passwords (inputs) through distinguishable optical trajectories.

Empirical study on lexical sentiment in passwords from Chinese websites

Passwords are especially ubiquitous in authentication systems. Although a lot of research has concentrated on the analysis of passwords, statistical characteristics are limited to explicit properties such as string length, the use of numeric characters in passwords. We explore the implicit properties of lexical sentiment in passwords by utilizing Natural Language Processing technology. Firstly, we construct several dictionaries, such as frequently used words, General Inquirer polarities, extended Ekman sentiment words. Then, an algorithm to split passwords into meaningful units is designed. Finally, statistical characteristics in lexical sentiment are discovered from three large-scale password sets leaked from the Internet websites. The results show that the occurrence probability of sentiment words is higher than that of several known patterns, such as [country], [number][female name]. With consideration of sentiment polarity, we find that people tend to use positive words in passwords. The percentage of positive sentiment is greater than that of negative words. Further research reveals that the joy type of sentiment is more popular in passwords than other kinds of sentiments, such as surprise and sadness. The discoveries suggest that the lexical sentiment, especially, positive and joy type can be utilized as a component in password patterns to measure password strength.

The Requirement Model for Improved OpenID Single Sign-On (SSO) Authentication to Thwart Phishing Attack

The problem of password memorability among users has led to the introduction of Single Sign-On (SSO) authentication. It enables users to login using a set of username and password which then allows an access into multiple websites without the hassle of repeating the same usernames and passwords. One of the most common SSO protocol is OpenID which is said to offer flexibility and security. Unfortunately, the existing OpenID model is prone to phishing attack whereby there is a lack of mechanism to ensure the authenticity of the OpenID provider. This scenario complicates the situation especially when there exists tools to generate phishing attacks are easily available without requiring much technical expertise. Moreover, users awareness are claimed to be insufficient to rely on since statistics of phishing attacks are shown to be increasing. Thus, this research attempts to propose page token as a mechanism to thwart phishing attack. This research produced and evaluated an improved requirement model that incorporates the page token as proposed mechanism. The outcomes show promising result towards the effort of thwarting phishing attacks.

A Review on Single Sign on Enabling Technologies and Protocols

In today’s digital era, users are increasingly accessing countless number of applications every day. For accessing these services, the users first have to authenticate themselves and need to maintain a separate set of username and password for each application. This led to the development of Single Sign On (SSO). This paper presents review on SSO enabling technologies and discusses SSO architectures, protocols and analysis related to growing use of SSO.