Corpus ID: 129999

Measuring Real-World Accuracies and Biases in Modeling Password Guessability

@inproceedings{Ur2015MeasuringRA,
  title={Measuring Real-World Accuracies and Biases in Modeling Password Guessability},
  author={B. Ur and Sean M. Segreti and L. Bauer and N. Christin and L. Cranor and Saranga Komanduri and D. Kurilova and Michelle L. Mazurek and William Melicher and R. Shay},
  booktitle={USENIX Security Symposium},
  year={2015}
}
  • B. Ur, Sean M. Segreti, +7 authors R. Shay
  • Published in USENIX Security Symposium 2015
  • Computer Science
  • Parameterized password guessability--how many guesses a particular cracking algorithm with particular training data would take to guess a password--has become a common metric of password security. Unlike statistical metrics, it aims to model real-world attackers and to provide per-password strength estimates. We investigate how cracking approaches often used by researchers compare to real-world cracking by professionals, as well as how the choice of approach biases research conclusions. We… CONTINUE READING
    128 Citations
    Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks
    • 142
    • PDF
    Reasoning Analytically about Password-Cracking Software
    • 2
    • PDF
    Convergence of Password Guessing to Optimal Success Rates †
    • 2
    • PDF
    Reducing Bias in Modeling Real-world Password Strength via Deep Learning and Dynamic Dictionaries
    • 1
    • Highly Influenced
    • PDF
    Targeted Online Password Guessing: An Underestimated Threat
    • 169
    • PDF
    Supporting Password-Security Decisions with Data
    • B. Ur
    • Computer Science
    • 2016
    • 5
    • PDF
    General Framework for Evaluating Password Complexity and Strength
    • 1
    • PDF
    How Do We Create a Fantabulous Password?
    • Highly Influenced

    References

    SHOWING 1-10 OF 84 REFERENCES
    Guess Again (and Again and Again): Measuring Password Strength by Simulating Password-Cracking Algorithms
    • 376
    • PDF
    Password Strength: An Empirical Analysis
    • 236
    • Highly Influential
    • PDF
    Measuring password guessability for an entire university
    • 185
    • PDF
    The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords
    • J. Bonneau
    • Computer Science
    • 2012 IEEE Symposium on Security and Privacy
    • 2012
    • 627
    • Highly Influential
    • PDF
    PASSWORD CRACKING BASED ON LEARNED PATTERNS FROM DISCLOSED PASSWORDS
    • 22
    • Highly Influential
    • PDF
    A Study of Probabilistic Password Models
    • 186
    • Highly Influential
    • PDF
    From Very Weak to Very Strong: Analyzing Password-Strength Meters
    • 137
    • Highly Influential
    • PDF
    Password Cracking Using Probabilistic Context-Free Grammars
    • 384
    • PDF
    Fast dictionary attacks on passwords using time-space tradeoff
    • 358
    • PDF