Using language-specific input methods and pronunciation rules to improve the guesses of passwords

Shin Hung Yan, Cooper Cheng Yuan Ku*

*此作品的通信作者

研究成果: Article同行評審

摘要

Password-based authentication has the advantage of easy implementation and no requirement for additional hardware; therefore, it will remain one of the primary identification methods in the near future. However, users tend to choose passwords that are easy to remember, so these passwords may be vulnerable to guessing attacks. Based on the idea that some users are influenced by their native language when choosing passwords, we propose an improved password-guessing method that adds grammars regarding Asian-language input procedures and pronunciation rules to the most updated Probabilistic Context-Free Grammar (PCFG) v4.1. The experimental results show that the improved PCFG v4.1 can increase the success rate of password cracking compared to PCFG v4.1. The improvements range from 2% to 14% for different password datasets. Additionally, we compare the proposed method to many other guessing methods; ours can achieve an excellent performance. Moreover, the characteristics of passwords that are not cracked are analyzed, and we suggest some criteria for more robust passwords.

原文English
文章編號103588
期刊Journal of Information Security and Applications
77
DOIs
出版狀態Published - 9月 2023

指紋

深入研究「Using language-specific input methods and pronunciation rules to improve the guesses of passwords」主題。共同形成了獨特的指紋。

引用此