TY - JOUR
T1 - Using language-specific input methods and pronunciation rules to improve the guesses of passwords
AU - Yan, Shin Hung
AU - Ku, Cooper Cheng Yuan
N1 - Publisher Copyright:
© 2023
PY - 2023/9
Y1 - 2023/9
N2 - Password-based authentication has the advantage of easy implementation and no requirement for additional hardware; therefore, it will remain one of the primary identification methods in the near future. However, users tend to choose passwords that are easy to remember, so these passwords may be vulnerable to guessing attacks. Based on the idea that some users are influenced by their native language when choosing passwords, we propose an improved password-guessing method that adds grammars regarding Asian-language input procedures and pronunciation rules to the most updated Probabilistic Context-Free Grammar (PCFG) v4.1. The experimental results show that the improved PCFG v4.1 can increase the success rate of password cracking compared to PCFG v4.1. The improvements range from 2% to 14% for different password datasets. Additionally, we compare the proposed method to many other guessing methods; ours can achieve an excellent performance. Moreover, the characteristics of passwords that are not cracked are analyzed, and we suggest some criteria for more robust passwords.
AB - Password-based authentication has the advantage of easy implementation and no requirement for additional hardware; therefore, it will remain one of the primary identification methods in the near future. However, users tend to choose passwords that are easy to remember, so these passwords may be vulnerable to guessing attacks. Based on the idea that some users are influenced by their native language when choosing passwords, we propose an improved password-guessing method that adds grammars regarding Asian-language input procedures and pronunciation rules to the most updated Probabilistic Context-Free Grammar (PCFG) v4.1. The experimental results show that the improved PCFG v4.1 can increase the success rate of password cracking compared to PCFG v4.1. The improvements range from 2% to 14% for different password datasets. Additionally, we compare the proposed method to many other guessing methods; ours can achieve an excellent performance. Moreover, the characteristics of passwords that are not cracked are analyzed, and we suggest some criteria for more robust passwords.
KW - Input methods
KW - Language pronunciation rules
KW - Password-guessing method
KW - Probabilistic context-free grammars
KW - Robust passwords
UR - http://www.scopus.com/inward/record.url?scp=85169806746&partnerID=8YFLogxK
U2 - 10.1016/j.jisa.2023.103588
DO - 10.1016/j.jisa.2023.103588
M3 - Article
AN - SCOPUS:85169806746
SN - 2214-2134
VL - 77
JO - Journal of Information Security and Applications
JF - Journal of Information Security and Applications
M1 - 103588
ER -