Password Entropy and Password Quality

Ma, Wanli; Campbell, John; Tran, Dat; Kleeman, Dale

doi:10.1109/nss.2010.18

Cited by 48 publications

(21 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We were the first who found and uploaded at least 5 samples to VirusTotal 22 . Among previously seen samples, an app from our dataset was checked by VirusTotal at the earliest in October 2013, while the most recent one was uploaded in March, 2019.…”

Section: Virustotal Analysis Resultsmentioning

confidence: 99%

Dissecting Android Cryptocurrency Miners

Dashevskyi

Zhauniarovich²,

Gadyatskaya

et al. 2020

Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy

View full text Add to dashboard Cite

Cryptojacking applications pose a serious threat to mobile devices. Due to the extensive computations, they deplete the battery fast and can even damage the device. In this work, we make a step towards combating this threat. We collected and manually verified a large dataset of Android mining apps. We analyzed the collected miners and identified how they work, what are the most popular libraries and APIs used to facilitate their development, and what static features are typical for this class of applications. We have also analyzed our dataset with VirusTotal. The majority of our samples is considered malicious by at least one VirusTotal scanner, but 16 apps are not detected by any engine; and at least 5 apks were not seen previously by the service.Mining code could be obfuscated or fetched at runtime, and there are many confusing miner-related apps that actually do not mine. Thus, static features alone are not sufficient for miner detection. We have collected a feature set of dynamic metrics both for miners and unrelated benign apps, and built a machine learning-based tool for dynamic detection. Our tool dubbed BRENNTDROID is able to detect miners with 95% of accuracy on our dataset.

show abstract

Section: Virustotal Analysis Resultsmentioning

confidence: 99%

Dissecting Android Cryptocurrency Miners

Dashevskyi

Zhauniarovich²,

Gadyatskaya

et al. 2020

Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy

View full text Add to dashboard Cite

show abstract

“…As passwords are the first line of defense for many computerized systems, quality of these passwords implies on the security strength of these systems. A good quality evaluation tool to prescribe the characteristics of good quality passwords is necessary [15].…”

Section: Discussionmentioning

confidence: 99%

Survey on Password Quality and Confidentiality

Šolić

Očevčić

Blažević³

2015

Automatika

View full text Add to dashboard Cite

Original scientific paperIn this paper are presented results of empirical survey on password quality self-assessment and several privacy issues regarding password manipulation among information systems' users. Data was collected by questioning 627 e-mail users that were adults, Croatian national and were using e-mail system on regular basis. Comparisons among different kind of users were done regarding age, gender, technical background knowledge, university degree and experience in usage. Results of statistical analysis have shown that most of the users' passwords are of average quality while 13,8% of all users graded their password as poor. Regarding password manipulation 53,4% of all users said they use the same passwords for most of the information systems they use. In total 20,7% of all users sometimes lend their password and 17,1% of them wrote it down for remembering. Results of this study highlighted importance of using security procedures and guidelines and need of the continuous education on security issues with constant informing and alerting of information systems' users. This study is an example on how to evaluate different users' security awareness in order to adjust courses on security issues and to adapt informing and alerting to different groups of information systems' users. However, there is great need for validated universal questionnaire for this kind of surveys.Key words: Information Security, Password, Privacy, Security Awareness, Human Influence Anketno istraživanje na temu kvalitete i povjerljivosti zaporke. U ovome radu su prikazani rezultati empirijskog istraživanja koje je provedeno anketiranjem korisnika informacijskih sustava na temu samoprocjene kvalitete zaporke te nekoliko elemenata po pitanju privatnosti i povjerljivosti zaporke. Podaci su prikupljeni anketiranjem 627 korisnika informacijskog sustava elektroničke pošte. Svi su bili punoljetni i Hrvatski državljani koji redovito koriste sustav elektroničke pošte. Korisnici su grupirani u kategorije s obzirom na spol, starosnu dob, tehničko predznanje, stupanj obrazovanja te iskustvo u korištenju sustava kako bi se napravila usporedna analiza. Rezultati su pokazali da većina korisnika procjenjuje svoju zaporku ocjenom prosječno, dok 13,8% od ukupnog broja korisnika procjenjuje svoju zaporku ocjenom loše. Po pitanju manipulacije zaporkom, 53,4% korisnika je odgovorilo kako preferiraju koristiti istu zaporku za pristup većini korištenih informacijskih sustava; 20,7% korisnika je barem jednom posudilo svoju zaporku; dok je 17,1% korisnika negdje zapisalo svoju zaporku. Rezultati ove studije ističu važnost korištenja sigurnosnih procedura i uputa te potrebu za stalnom edukacijom, informiranjem i alarmiranjem korisnika informacijskih sustava po pitanjima informacijske sigurnosti. Takoîer ova studija može biti primjer kako analizirati pojedine vrste korisnika, a u svrhu prilagoîavanja tečajeva na temu informacijske sigurnosti, te osmišl-janja metoda informiranja i alarmiranja korisnika. Postoji realna potreba za razvojem univerzalnog upi...

show abstract

“…In order to measure the entropy value of a password, the distribution of password length, text placement, numbers of letter types, and contents of the text are set as standards and the sum of all their entropies is the total entropy value [6]. Then, the method to quantitatively examine the security of passwords was proposed by the creation of a PQI (password quality indicator) which measures the security strength of passwords by considering their entropy [7].…”

Section: Password Authentication Systemsmentioning

confidence: 99%

Security Analysis on Password Authentication System of Web Portal

Noh¹,

Choi²,

Park³

et al. 2014

Computer Science &Amp; Information Technology ( CS &Amp; IT )

View full text Add to dashboard Cite

Portal site is not only providing search engine and e-mail service but also various services including blog, news, shopping, and others. The fact that average number of daily login for Korean portal site Naver is reaching 300 million suggests that many people are using portal sites. One of the most famous social network service, Facebook subscribers to reach 1.2 billion 30 million people at the time of the February 2014. With the increase in number of users followed by the diversity in types of services provided by portal sites and SNS, the attack is also increasing. Therefore, the objective of this study lies in analysing whole procedure of password authentication system of portal sites, SNS and analysing the security threat that may occur accordingly. Also, the security requirement corresponding to analysed security threat was extracted and the analysis on implementation of security requirements by portal sites and SNS was conducted.

show abstract

Password Entropy and Password Quality

Cited by 48 publications

References 10 publications

Dissecting Android Cryptocurrency Miners

Dissecting Android Cryptocurrency Miners

Survey on Password Quality and Confidentiality

Security Analysis on Password Authentication System of Web Portal

Contact Info

Product

Resources

About