{"title":"《骗我一次:过去十年密码选择演变研究》","authors":"Rahul Dubey, Miguel Vargas Martin","doi":"10.1109/PST52912.2021.9647823","DOIUrl":null,"url":null,"abstract":"Passwords have been around for many decades and have tenaciously remained the primary means of identification and authentication. Assuming that the communication channel is not intercepted, the strength of security provided by passwords is largely dependent on two factors: password selection and password storage mechanism. While both areas have been looked into by researchers in the past, there is no consensus to suggest whether or not humanity has moved towards choosing stronger passwords, notwithstanding strong password enforcement policies. One of the key reasons behind this shortcoming is the lack of data about individual credentials in leaked datasets, which usually contain only usernames and passwords. To the best of our knowledge, we are the first researchers to enrich the attribute set of any user credential database, thus allowing deeper insights. We outline the method we devised for adding new attributes (time-stamp and source inference) to a dataset of 1.4 billion user credentials. Subsequently, we use our modified dataset to determine how passwords have evolved overtime with respect to strength and whether humankind as a whole has learned from its past mistakes.","PeriodicalId":144610,"journal":{"name":"2021 18th International Conference on Privacy, Security and Trust (PST)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Fool Me Once: A Study of Password Selection Evolution over the Past Decade\",\"authors\":\"Rahul Dubey, Miguel Vargas Martin\",\"doi\":\"10.1109/PST52912.2021.9647823\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Passwords have been around for many decades and have tenaciously remained the primary means of identification and authentication. Assuming that the communication channel is not intercepted, the strength of security provided by passwords is largely dependent on two factors: password selection and password storage mechanism. While both areas have been looked into by researchers in the past, there is no consensus to suggest whether or not humanity has moved towards choosing stronger passwords, notwithstanding strong password enforcement policies. One of the key reasons behind this shortcoming is the lack of data about individual credentials in leaked datasets, which usually contain only usernames and passwords. To the best of our knowledge, we are the first researchers to enrich the attribute set of any user credential database, thus allowing deeper insights. We outline the method we devised for adding new attributes (time-stamp and source inference) to a dataset of 1.4 billion user credentials. Subsequently, we use our modified dataset to determine how passwords have evolved overtime with respect to strength and whether humankind as a whole has learned from its past mistakes.\",\"PeriodicalId\":144610,\"journal\":{\"name\":\"2021 18th International Conference on Privacy, Security and Trust (PST)\",\"volume\":\"35 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-12-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 18th International Conference on Privacy, Security and Trust (PST)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/PST52912.2021.9647823\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 18th International Conference on Privacy, Security and Trust (PST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PST52912.2021.9647823","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Fool Me Once: A Study of Password Selection Evolution over the Past Decade
Passwords have been around for many decades and have tenaciously remained the primary means of identification and authentication. Assuming that the communication channel is not intercepted, the strength of security provided by passwords is largely dependent on two factors: password selection and password storage mechanism. While both areas have been looked into by researchers in the past, there is no consensus to suggest whether or not humanity has moved towards choosing stronger passwords, notwithstanding strong password enforcement policies. One of the key reasons behind this shortcoming is the lack of data about individual credentials in leaked datasets, which usually contain only usernames and passwords. To the best of our knowledge, we are the first researchers to enrich the attribute set of any user credential database, thus allowing deeper insights. We outline the method we devised for adding new attributes (time-stamp and source inference) to a dataset of 1.4 billion user credentials. Subsequently, we use our modified dataset to determine how passwords have evolved overtime with respect to strength and whether humankind as a whole has learned from its past mistakes.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
