Close menu

SURE

Sunderland Repository records the research produced by the University of Sunderland including practice-based research and theses.

A Data-Driven Password Strength Meter for Cybersecurity Assessment and Enhancement

Algharibeh, Moath, Husari, Gaith and Jaf, Sardar (2021) A Data-Driven Password Strength Meter for Cybersecurity Assessment and Enhancement. In: The 7th IEEE International Conference on Dependability in Sensor, Cloud, and Big Data Systems and Applications, 20-22 Dec 2021, Haikou. (Unpublished)

Item Type: Conference or Workshop Item (Paper)

Abstract

Password-based authentication is the most popular authentication mechanism over insecure networks due its simplicity and convenience. To ensure the security of this authentication mechanism, measuring the strength of users’ passwords becomes a crucial task to guide users to create stronger passwords. However, password strength meters are only helpful if they are accurate. Passwords meters that do not provide accurate scores that reflect the actual passwords strengths, e.g., providing a high score for a weak password, may misinform users and hinder the overall security of password-based authentication mechanisms. While many password strength meters were proposed in the literature, the lack of a standardized method to measure password strengths and comparing the accuracy of different password meters, selecting the most appropriate password meter will remain a difficult and unclear process.
In this paper, we propose and implement a data-driven password meter that scrapes and collects large datasets to be used by the proposed password strength meter to help provide more accurate scores. Also, we measured the influence of the proposed meter at guiding users to create stronger passwords by tracking their eye movements. To do this, we conducted a user study on a testing web service and monitored the eye movements of our users using an eye tracking tool. Our results exhibited a significant improvement by influencing 88% of users to create an average of 150 years for password cracking-time.

[img]
Preview
PDF
Dynamic_Password_Meter__DependSys_2021_conference.pdf - Accepted Version
Available under License Creative Commons Attribution.

Download (431kB) | Preview

More Information

Uncontrolled Keywords: password meter, authentication security, eye tracker, time-to-crack.
Depositing User: Sardar Jaf

Identifiers

Item ID: 14224
URI: http://sure.sunderland.ac.uk/id/eprint/14224
Official URL: http://www.ieee-cybermatics.org/2021/dependsys/ind...

Users with ORCIDS

ORCID for Sardar Jaf: ORCID iD orcid.org/0000-0002-5620-0277

Catalogue record

Date Deposited: 02 Dec 2021 15:38
Last Modified: 25 Jan 2022 08:48

Contributors

Author: Sardar Jaf ORCID iD
Author: Moath Algharibeh
Author: Gaith Husari
Author: Moath Algharibeh
Author: Gaith Husari
Author: Sardar Jaf

University Divisions

Faculty of Technology > School of Computer Science

Subjects

Computing > Cybersecurity
Computing > Artificial Intelligence
Computing > Computer Aided Design
Computing > Human-Computer Interaction
Computing > Information Systems
Computing > Network Computing
Computing > Software Engineering

Actions (login required)

View Item (Repository Staff Only) View Item (Repository Staff Only)