Understanding user passwords through password prefix and postfix (P3) graph analysis and visualization

Xiaoying Yu, Qi Liao

Research output: Contribution to journalArticlepeer-review

3 Scopus citations


While other authentication methods exist, passwords are still the dominant way for user authentication and system security. Over the years, passwords have become long and complex thanks to security policy and awareness. However, the security of user passwords remains unclear. Therefore, understanding users passwords is vital to improve the strength of passwords and system security in general. In this paper, we investigate one specific pattern, i.e., the prefix and postfix of user passwords. To facilitate password prefix and postfix (P3) analysis, we propose both hierarchical segmentation / optimization algorithms and password prefix/postfix graphs (P3G) construction and P3G visualizations. Through case study over real-world user passwords, we demonstrate P3 analysis and visualization are effective in identifying unique patterns for different user categories. The results suggest strong correlations between prefix/postfix and their context in user passwords.

Original languageEnglish
Pages (from-to)647-663
Number of pages17
JournalInternational Journal of Information Security
Issue number5
StatePublished - Oct 1 2019


  • Computer security
  • Dynamic programming
  • Hierarchical segmentation
  • Password analysis and visualization
  • Prefix and postfix graphs


Dive into the research topics of 'Understanding user passwords through password prefix and postfix (P3) graph analysis and visualization'. Together they form a unique fingerprint.

Cite this