TY - JOUR
T1 - Understanding user passwords through password prefix and postfix (P3) graph analysis and visualization
AU - Yu, Xiaoying
AU - Liao, Qi
N1 - Publisher Copyright:
© 2019, Springer-Verlag GmbH Germany, part of Springer Nature.
PY - 2019/10/1
Y1 - 2019/10/1
N2 - While other authentication methods exist, passwords are still the dominant way for user authentication and system security. Over the years, passwords have become long and complex thanks to security policy and awareness. However, the security of user passwords remains unclear. Therefore, understanding users passwords is vital to improve the strength of passwords and system security in general. In this paper, we investigate one specific pattern, i.e., the prefix and postfix of user passwords. To facilitate password prefix and postfix (P3) analysis, we propose both hierarchical segmentation / optimization algorithms and password prefix/postfix graphs (P3G) construction and P3G visualizations. Through case study over real-world user passwords, we demonstrate P3 analysis and visualization are effective in identifying unique patterns for different user categories. The results suggest strong correlations between prefix/postfix and their context in user passwords.
AB - While other authentication methods exist, passwords are still the dominant way for user authentication and system security. Over the years, passwords have become long and complex thanks to security policy and awareness. However, the security of user passwords remains unclear. Therefore, understanding users passwords is vital to improve the strength of passwords and system security in general. In this paper, we investigate one specific pattern, i.e., the prefix and postfix of user passwords. To facilitate password prefix and postfix (P3) analysis, we propose both hierarchical segmentation / optimization algorithms and password prefix/postfix graphs (P3G) construction and P3G visualizations. Through case study over real-world user passwords, we demonstrate P3 analysis and visualization are effective in identifying unique patterns for different user categories. The results suggest strong correlations between prefix/postfix and their context in user passwords.
KW - Computer security
KW - Dynamic programming
KW - Hierarchical segmentation
KW - Password analysis and visualization
KW - Prefix and postfix graphs
UR - http://www.scopus.com/inward/record.url?scp=85064508980&partnerID=8YFLogxK
U2 - 10.1007/s10207-019-00432-3
DO - 10.1007/s10207-019-00432-3
M3 - Article
AN - SCOPUS:85064508980
SN - 1615-5262
VL - 18
SP - 647
EP - 663
JO - International Journal of Information Security
JF - International Journal of Information Security
IS - 5
ER -