Password Replacement Patterns
2018 5TH INTERNATIONAL CONFERENCE ON CONTROL, DECISION AND INFORMATION TECHNOLOGIES (CODIT)(2018)
摘要
Enterprise password policies require the use of complex passwords that contain lowercase and uppercase letters, numbers and symbols. Considering this common requirement, end-users tend to create complex (!) passwords containing certain patterns which make such passwords guessable and therefore insecure. Replacement pattern is one of these pattern-types and substitutes a number or symbol for a certain letter. As an example, the letter "o" is replaced with 0 (zero) and password becomes passw0rd. Even though passw0rd contains a number and is assumed a strong password, its replacement pattern can be misused to guess it successfully and crack it easily. In our research, we performed an automated analysis of ca. 14.5 million real-life leaked passwords to identify all possible replacement patterns. We identified 43 different replacement-types at the end of the analysis. These identified replacement patterns can be utilized to improve dictionary-attacks, especially for forensic investigations. In this paper, we explain our methodology to identify replacement patterns, all possible replacement types with their examples, Top 5 replacement patterns with examples as well as the elimination of false-positive cases in detail.
更多查看译文
关键词
password replacement patterns,enterprise password policies,password analysis,dictionary-attacks,forensic investigations,authentication,information security
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要