Conference Publication Details
Mandatory Fields
Malone D.;Maher K.
WWW'12 - Proceedings of the 21st Annual Conference on World Wide Web
Investigating the distribution of password choices
2012
May
Published
1
()
Optional Fields
Dictionary attack Distribution Passwords Zipf
301
310
The distribution of passwords chosen by users has implications for site security, password-handling algorithms and even how users are permitted to select passwords. Using password lists from four different web sites, we investigate if Zipf's law is a good description of the frequency with which passwords are chosen. We use a number of standard statistics, which measure the security of password distributions, to see if modelling the data using a simple distribution is effective. We then consider how much the password distributions from each site have in common, using password cracking as a metric. This shows that these distributions have enough high-frequency passwords in common to provide effective speed-ups for cracking passwords. Finally, as an alternative to a deterministic banned list, we will show how to stochastically shape the distribution of passwords, by occasionally asking users to choose a different password.
10.1145/2187836.2187878
Grant Details