Enhanced Evaluation Model of Security Strength for Passwords Using Integrated Korean and English Password Dictionaries

Hong, Ki Hyeon; Kang, Un Gu; Lee, Byung Mun

doi:10.1155/2021/3122627

Cited by 8 publications

(3 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the research by Hong et al [22], Korean-language passwords were analyzed. According to their research, existing password-strength meters or proposed models for passwordstrength estimation are based on the English alphabet.…”

Section: Related Workmentioning

confidence: 99%

Machine-Learning-Based Password-Strength-Estimation Approach for Passwords of Lithuanian Context

Darbutaitė,

Stefanovič,

Ramanauskaitė

2023

Applied Sciences

View full text Add to dashboard Cite

In an information-security-assurance system, humans are usually the weakest link. It is partly related to insufficient cybersecurity knowledge and the ignorance of standard security recommendations. Consequently, the required password-strength requirements in information systems are the minimum of what can be done to ensure system security. Therefore, it is important to use up-to-date and context-sensitive password-strength-estimation systems. However, minor languages are ignored, and password strength is usually estimated using English-only dictionaries. To change the situation, a machine learning approach was proposed in this article to support a more realistic model to estimate the strength of Lithuanian user passwords. A newly compiled dataset of password strength was produced. It integrated both international- and Lithuanian-language-specific passwords, including 6 commonly used password features and 36 similarity metrics for each item (4 similarity metrics for 9 different dictionaries). The proposed solution predicts the password strength of five classes with 77% accuracy. Taking into account the complexity of the accuracy of the Lithuanian language, the achieved result is adequate, as the availability of intelligent Lithuanian-language-specific password-cracking tools is not widely available yet.

show abstract

Section: Related Workmentioning

confidence: 99%

Machine-Learning-Based Password-Strength-Estimation Approach for Passwords of Lithuanian Context

Darbutaitė,

Stefanovič,

Ramanauskaitė

2023

Applied Sciences

View full text Add to dashboard Cite

show abstract

“…1: Proposed Methodology has been found from the entropy-based methodology [19]. The enhanced evaluation model has been designed for the measurement of security strength of a password [20]. Another password strength evaluation method was introduced on the basis of sensitive personal information [21].…”

Section: Related Literaturesmentioning

confidence: 99%

Building a Multi-class Password Strength Generator and Classifier Model by Augmenting Supervised Machine Learning Techniques

Sakya

Mauparna

2022

Preprint

View full text Add to dashboard Cite

In the current scenario, password is the most indispensable authentication mechanism with respect to any system security. Although a plethora of authentication methods are available now-a-days which provides improved security such as biometrics and smart cards but still the password authentication mechanism is auspicious to everyone for the enhanced system security along with the ease of implementation. On account of the conventional pattern of passwords, these are exposed to different types of vulnerabilities. Generally, human beings prefer to set a password related to their birth place, date of birth, keyboard patterns, dictionary words etc. The online or offline attackers can guess these passwords easily and intrude the system security. The diverse varieties of password cracking tools available are primarily based on guessing of passwords, irrespective of the fact that it may be online or offline. The bulk of these tools can easily crack such accounts possessing weak password or password with some common patterns. So, every organization must ensure to govern a policy regarding the implementation of strong passwords since the usage of strong passwords will reduce the different types of vulnerabilities. In the proposed work, at first the dataset employed in the study has been generated by implementing a password generator and secondly, the password strength prediction is modeled as a classification task through the implementation of multiple supervised machine learning algorithms. These algorithms are utilized for the training and testing purpose of the dataset. However, during the testing phase, the XGBoost algorithm outperforms the other machine learning algorithms with an accuracy of 94\%. The primary contribution of this work is the generation of the dataset by employing a password generator followed by the application of some machine learning algorithms like Adaboost, XGBoost(XGB), Stochastic Gradient Descent (SGD) and Multilayer Perceptron (MLP) during the training and testing phase which has not been considered in similar other works. The final results divulge that machine learning approaches have plenty of capabilities to categorize the various types of passwords into different classes such as very weak, weak, medium, strong, very strong.

show abstract

“…For example, "a1b 2c3d4" is considered stronger than "12346" because it includes more characters and character types. On the other hand, "zxcvbn" analyzes the pattern of the password to determine its strength [2][3]. For instance, the strength of "bear123" is considered weak because it includes the word "bear," which is a commonly used word.…”

Section: Introductionmentioning

confidence: 99%

Multi-Class Classification Prediction Model for Password Strength Based on Deep Learning

Kim¹,

Lee²

2023

J Multimed Inf Syst

Self Cite

View full text Add to dashboard Cite

Various indexes are being used today to evaluate the strength of passwords. In these indexes, the strength of a password is evaluated to be high if it takes longer for an attacker to predict it. Therefore, using such an evaluation, there is a problem that a leaked password may reduce the reliability of the index by increasing vulnerability if an attacker attempts to attack using a leaked password. Hence, estimating the leaked frequency when considering strength is important for reducing vulnerability. This paper proposes a password strength evaluation model using deep learning-based multi-class classification, which solves the existing problem of leaked frequency not being considered during evaluation. Data preprocessing modeling is critical to improve the performance of this model. Additionally, since selecting and extracting feature values of preprocessing data is also important, a model that accurately estimates the degree of leakage through an evaluation method of existing indexes is proposed. To evaluate the performance of the proposed model, an experiment that compares the password leaked frequency stored in a database using a password list was conducted. As a result, the proposed model correctly evaluated 99% of the 345 leaked passwords. Therefore, the effectiveness of the proposed model was verified.

show abstract

Enhanced Evaluation Model of Security Strength for Passwords Using Integrated Korean and English Password Dictionaries

Cited by 8 publications

References 25 publications

Machine-Learning-Based Password-Strength-Estimation Approach for Passwords of Lithuanian Context

Machine-Learning-Based Password-Strength-Estimation Approach for Passwords of Lithuanian Context

Building a Multi-class Password Strength Generator and Classifier Model by Augmenting Supervised Machine Learning Techniques

Multi-Class Classification Prediction Model for Password Strength Based on Deep Learning

Contact Info

Product

Resources

About