Adaptation of password strength estimators to a non-English environment—the Czech experience

Doucek, Petr; Pavlíček, Luboš; Sedláček, Jiří; Nedomova, Lea

doi:10.1016/j.cose.2020.101757

Cited by 11 publications

(8 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…All of these factors highlight the importance of dynamically updated databases. The authors of [28] addressed the language challenge to adapt zxcvbn to Czech and Slovak languages. As a result of the adaptation, the estimation improved against a set of leaked Czech passwords and improved the execution time.…”

Section: Password Strength Estimatorsmentioning

confidence: 99%

Password Guessability as a Service (PGaaS)

et al. 2022

View full text Add to dashboard Cite

This paper presents an adaptable password guessability service suited for different password generators according to what a user might need when using such a service. In particular, we introduce a flexible cloud-based software architecture engineered to provide an efficient and robust password guessability service that benefits from all the features and goals expected from cloud applications. This architecture comprises several components, featuring the combination of a synthetic dataset generator realized via a generative adversarial network (GAN), which may learn the distribution of passwords from a given dictionary and generate high-quality password guesses, along with a password guessability estimator realized via a password strength estimation algorithm. In addition to detailing the architecture’s components, we run a performance evaluation on the architecture’s key components, obtaining promising results. Finally, the complete application is delivered and may be used by a user to estimate the strength of a password and the time taken by an average computer to enumerate it.

show abstract

Section: Password Strength Estimatorsmentioning

confidence: 99%

Password Guessability as a Service (PGaaS)

et al. 2022

View full text Add to dashboard Cite

show abstract

“…e dictionary consists of the 30,000 most commonly used English words in Wikipedia, 30,000 American movies and TV programs, 30,000 commonly used password statistics, and 35,494 American family names and other names [27]. Furthermore, by adding a dictionary for keyboard patterns, the possibility of users choosing a keyboard input-based password rather than a word-based password, such as "q1w2e3r4," is considered.…”

Section: Password Security Evaluation Models and Eir Limitsmentioning

confidence: 99%

“…Existing studies have shown that passwords leaked from English-speaking and Czech-speaking users are different. When the security of leaked Czech-language passwords was predicted using existing evaluation models, there were cases in which they were incorrectly evaluated to have excellent security [27].…”

Section: Password Selection Trends For Non-english-speakingmentioning

confidence: 99%

“…is can be seen as an error caused by the existing model not considering the Czech language environment. To address this, a password security evaluation method that composed a Czech-based password dictionary and applied it to the zxcvbn evaluation model was proposed and resulted in improving security [27]. e fact that the Czech words used in this process are based on the Czech alphabet makes it easy to merge with the existing password dictionary composed of the English alphabet.…”

Section: Password Selection Trends For Non-english-speakingmentioning

confidence: 99%

See 1 more Smart Citation

Enhanced Evaluation Model of Security Strength for Passwords Using Integrated Korean and English Password Dictionaries

Hong

Kang

Lee

2021

Security and Communication Networks

View full text Add to dashboard Cite

In the field of information security, passwords are a means of authenticating users. Passwords with weak security cannot perform the role of user authentication and personal information protection because confidentiality is easily violated. To ensure confidentiality, it is important to evaluate the strength of the password and choose a very secure password. Due to this fact, security evaluation models for various passwords have been presented. However, existing evaluation models evaluate security based on the English alphabet. Passwords depend on the memory of the user and are closely related to the language or environment used by the user. In this regard, there are limitations in applying the existing security evaluation models to passwords chosen by non-English speakers. We compose a non-English, Korean language-based password dictionary and propose a password security evaluation model based on this for Korean users. In addition, to verify the effectiveness of the proposed model, we conducted experiments to evaluate the security of Korean language-based passwords using a database of passwords that have been actually leaked. As a result, the proposed model showed 99.38% accuracy for Korean language-based leaked passwords. This is superior to the 80.06% accuracy shown by the existing model. In conclusion, the use of the Korean language-based password security evaluation model proposed in this paper will contribute to choosing more secure passwords for Korean language-based sites or users.

show abstract

“…x all users who choose passwords were native Czech speakers, x the password had to contain one character at a minimum, x the maximum length of the password was not restricted, x users had no time limit when choosing a password, a password could contain arbitrary characters typed using a Czech keyboard. Although, some tool for password security estimation exist [15], as a measure of security of a given password the expected Value of the number of attempts an attacker has to carry out to break the password S(pi) is used [16] (see Eq. 1).…”

Section: Biometric Authenticationmentioning

confidence: 99%

Impact of Globalisation on Data Security – Authentication Issues

Hub

Příhodová

2021

SHS Web of Conf.

View full text Add to dashboard Cite

Research background: In today’s globalised world, there is an increasing need for reliable verification of users’ identity accessing various types of information systems. This verification is realised through authentication, which is traditionally divided according to the kind of identification mark that is used: knowledge authentication (e.g., passwords, control questions), authentication through an authentication object (e.g., magnetic cards, smart cards) and biometric authentication (e.g., voice, face recognition). However, it should be noted that this identity may not only be the specific identity of the user but also, for example, his group affiliation or ability. Purpose of the article: This paper aims to identify and describe the impact of globalisation on selected types of authentication. Methods: As the representative of the current methods of authentication of persons are selected a password authentication and hand-based biometric authentication. The most often used methods of password attacks are simulated through mathematical modelling, and the results are compared concerning the timeline. Through modelling, multi characteristics authentication using the thermal characteristics of the hand will be presented. Findings & Value added: Through mathematical modelling, the article demonstrates the influence of globalisation on the resilience of passwords to the most commonly used attacks and discusses the impact of globalisation on the requirements for modern forms of authentication.

show abstract

Adaptation of password strength estimators to a non-English environment—the Czech experience

Cited by 11 publications

References 11 publications

Password Guessability as a Service (PGaaS)

Password Guessability as a Service (PGaaS)

Enhanced Evaluation Model of Security Strength for Passwords Using Integrated Korean and English Password Dictionaries

Impact of Globalisation on Data Security – Authentication Issues

Contact Info

Product

Resources

About