Corpus ID: 129999

Measuring Real-World Accuracies and Biases in Modeling Password Guessability

@inproceedings{Ur2015MeasuringRA,
  title={Measuring Real-World Accuracies and Biases in Modeling Password Guessability},
  author={B. Ur and Sean M. Segreti and L. Bauer and N. Christin and L. Cranor and Saranga Komanduri and D. Kurilova and Michelle L. Mazurek and William Melicher and R. Shay},
  booktitle={USENIX Security Symposium},
  year={2015}
}
  • B. Ur, Sean M. Segreti, +7 authors R. Shay
  • Published in USENIX Security Symposium 2015
  • Computer Science
    • Parameterized password guessability--how many guesses a particular cracking algorithm with particular training data would take to guess a password--has become a common metric of password security. Unlike statistical metrics, it aims to model real-world attackers and to provide per-password strength estimates. We investigate how cracking approaches often used by researchers compare to real-world cracking by professionals, as well as how the choice of approach biases research conclusions. We… CONTINUE READING
    View Paper
    andrew.cmu.edu
    128 Citations
    Highly Influential Citations
    22
    Background Citations
    64
    Methods Citations
    43
    Results Citations
    6
    128 Citations
    Citation Type

    Citation Type

    Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks
    • 142
    • PDF
    Reasoning Analytically about Password-Cracking Software
    • 2
    • PDF
    Convergence of Password Guessing to Optimal Success Rates †
    • 2
    • PDF
    Password Guessers Under a Microscope: An In-Depth Analysis to Inform Deployments
    • PDF
    Reducing Bias in Modeling Real-world Password Strength via Deep Learning and Dynamic Dictionaries
    • 1
    • Highly Influenced
    • PDF
    Targeted Online Password Guessing: An Underestimated Threat
    • 169
    • PDF
    Supporting Password-Security Decisions with Data
    • B. Ur
    • Computer Science
    • 2016
    • 5
    • PDF
    General Framework for Evaluating Password Complexity and Strength
    • 1
    • PDF
    New Technologies in Password Cracking Techniques
    • 7
    How Do We Create a Fantabulous Password?
    • Highly Influenced

    References

    SHOWING 1-10 OF 84 REFERENCES
    Guess Again (and Again and Again): Measuring Password Strength by Simulating Password-Cracking Algorithms
    • 376
    • PDF
    When Privacy meets Security: Leveraging personal information for password cracking
    • 57
    • PDF
    Password Strength: An Empirical Analysis
    • 236
    • Highly Influential
    • PDF
    Measuring password guessability for an entire university
    • 185
    • PDF
    The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords
    • J. Bonneau
    • Computer Science
    • 2012 IEEE Symposium on Security and Privacy
    • 2012
    • 627
    • Highly Influential
    • PDF
    PASSWORD CRACKING BASED ON LEARNED PATTERNS FROM DISCLOSED PASSWORDS
    • 22
    • Highly Influential
    • PDF
    A Study of Probabilistic Password Models
    • 186
    • Highly Influential
    • PDF
    From Very Weak to Very Strong: Analyzing Password-Strength Meters
    • 137
    • Highly Influential
    • PDF
    Password Cracking Using Probabilistic Context-Free Grammars
    • 384
    • PDF
    Fast dictionary attacks on passwords using time-space tradeoff
    • 358
    • PDF