Fool Me Once: A Study of Password Selection Evolution over the Past Decade

2021 18th International Conference on Privacy, Security and Trust (PST) Pub Date : 2021-12-13 DOI:10.1109/PST52912.2021.9647823

Rahul Dubey, Miguel Vargas Martin

{"title":"Fool Me Once: A Study of Password Selection Evolution over the Past Decade","authors":"Rahul Dubey, Miguel Vargas Martin","doi":"10.1109/PST52912.2021.9647823","DOIUrl":null,"url":null,"abstract":"Passwords have been around for many decades and have tenaciously remained the primary means of identification and authentication. Assuming that the communication channel is not intercepted, the strength of security provided by passwords is largely dependent on two factors: password selection and password storage mechanism. While both areas have been looked into by researchers in the past, there is no consensus to suggest whether or not humanity has moved towards choosing stronger passwords, notwithstanding strong password enforcement policies. One of the key reasons behind this shortcoming is the lack of data about individual credentials in leaked datasets, which usually contain only usernames and passwords. To the best of our knowledge, we are the first researchers to enrich the attribute set of any user credential database, thus allowing deeper insights. We outline the method we devised for adding new attributes (time-stamp and source inference) to a dataset of 1.4 billion user credentials. Subsequently, we use our modified dataset to determine how passwords have evolved overtime with respect to strength and whether humankind as a whole has learned from its past mistakes.","PeriodicalId":144610,"journal":{"name":"2021 18th International Conference on Privacy, Security and Trust (PST)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 18th International Conference on Privacy, Security and Trust (PST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PST52912.2021.9647823","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Passwords have been around for many decades and have tenaciously remained the primary means of identification and authentication. Assuming that the communication channel is not intercepted, the strength of security provided by passwords is largely dependent on two factors: password selection and password storage mechanism. While both areas have been looked into by researchers in the past, there is no consensus to suggest whether or not humanity has moved towards choosing stronger passwords, notwithstanding strong password enforcement policies. One of the key reasons behind this shortcoming is the lack of data about individual credentials in leaked datasets, which usually contain only usernames and passwords. To the best of our knowledge, we are the first researchers to enrich the attribute set of any user credential database, thus allowing deeper insights. We outline the method we devised for adding new attributes (time-stamp and source inference) to a dataset of 1.4 billion user credentials. Subsequently, we use our modified dataset to determine how passwords have evolved overtime with respect to strength and whether humankind as a whole has learned from its past mistakes.

查看原文本刊更多论文

《骗我一次:过去十年密码选择演变研究》

密码已经存在了几十年，并且一直是身份识别和身份验证的主要手段。假设通信通道不被截获，那么密码提供的安全强度在很大程度上取决于两个因素:密码选择和密码存储机制。虽然这两个领域过去都有研究人员进行过研究，但目前还没有达成共识，表明人类是否已经朝着选择更强密码的方向发展，尽管有强大的密码强制政策。这一缺陷背后的一个关键原因是泄露的数据集中缺乏有关个人凭据的数据，这些数据集通常只包含用户名和密码。据我们所知，我们是第一个丰富任何用户凭据数据库属性集的研究人员，从而允许更深入的见解。我们概述了为14亿个用户凭证的数据集添加新属性(时间戳和源推断)而设计的方法。随后，我们使用修改后的数据集来确定密码在强度方面是如何演变的，以及整个人类是否从过去的错误中吸取了教训。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 18th International Conference on Privacy, Security and Trust (PST)

自引率

0.00%

发文量