Empirical Study of Password Strength Meter Design

  title={Empirical Study of Password Strength Meter Design},
  author={Yi Yang and Kheng Cher Yeo and Sami Azam and Asif Karim and Ronju Ahammad and Rakib Mahmud},
  journal={2020 5th International Conference on Communication and Electronics Systems (ICCES)},
Computer password was first used at the Massachusetts Institute of Technology around 1960 when researchers built a large-scale time-sharing computer called CTSS (Compatible Time Sharing System). There are many purposes where regular users require different passwords whenever they send and receive emails, do online shopping and numerous other activities on the internet. Surprisingly since the invention of the password, it has not been capable to protect the user accounts until now. There is no… Expand

Figures and Tables from this paper


Do Strong Web Passwords Accomplish Anything?
It is found that relatively weak passwords, about 20 bits or so, are sufficient to make brute-force attacks on a single account unrealistic so long as a "three strikes" type rule is in place. Expand
An Explainable Password Strength Meter Addon via Textual Pattern Recognition
This paper proposes an addon to PSMs providing feedbacks in the form of pattern passwords explaining why a password is weak, which can detect twelve types of patterns and effectively help users create securer passwords. Expand
Password Entropy and Password Quality
The calculation of password entropy is discussed and explained and why it is an inadequate indicator of password quality, and a password quality assessment scheme is established: password quality indicator (PQI). Expand
Guess Again (and Again and Again): Measuring Password Strength by Simulating Password-Cracking Algorithms
An efficient distributed method is developed for calculating how effectively several heuristic password-guessing algorithms guess passwords, and the relationship between guess ability, as measured with password-cracking algorithms, and entropy estimates is investigated. Expand
Nowadays, attacking the passwords is one of the most straightforward attack vectors, which authorize access to information system. There are numerous feasible methods, attempt to guess or crackExpand
Adaptive Password-Strength Meters from Markov Models
This paper presents the concept of adaptive password strength meters that estimate password strength using Markov-models and proposes a secure implementation that greatly improves on the accuracy of current techniques. Expand
Stronger Password Authentication Using Browser Extensions
We describe a browser extension, PwdHash, that transparently produces a different password for each site, improving web password security and defending against password phishing and other attacks.Expand
Password policy: the good, the bad, and the ugly
"We're secure! We use passwords!" How many of us have heard this claim? Or even -- "We're secure! We have a password policy!" Using a password or having a password policy in today's world ofExpand
Dictionary attacks using keyboard acoustic emanations
We present a dictionary attack that is based on keyboard acoustic emanations. We combine signal processing and efficient data structures and algorithms, to successfully reconstruct single words ofExpand
A Review of Comparative Study of MD5 and SHA Security Algorithm
This research paper aims to analyze and juxtapose the two hash algorithms, MD5 and SHA, using various key features and performance metrics to provide the researchers a better comparison picture so that they can reach to the final upshot, which algorithm has superseded the other. Expand