A Password Strength Evaluation Algorithm based on Sensitive Personal Information

Abstract

Many Internet service providers are still using traditional password strength evaluation methods, resulting in user passwords being vulnerable to social engineering attacks. We believe that the password strength evaluation method based on sensitive personal information has great research value for improving the security of password authentication system. In this paper, we use the structure segmentation algorithm and the bidirectional matching algorithm to investigate how users' personal information is used in passwords. Then, we present a sensitivity personal information coverage evaluation function that represents the correlation between users' password and their personal information. Finally, a password strength evaluation method based on sensitive personal information is proposed. This method is composed of three stages: preprocessing stage, prediction dictionary generation stage and password strength evaluation stage.