A Data-Driven Password Strength Meter for Cybersecurity Assessment and Enhancement

Algharibeh, Moath, Husari, Gaith and Jaf, Sardar (2021) A Data-Driven Password Strength Meter for Cybersecurity Assessment and Enhancement. In: The 7th IEEE International Conference on Dependability in Sensor, Cloud, and Big Data Systems and Applications, 20-22 Dec 2021, Haikou. (Unpublished)

[img]
Preview
PDF
Dynamic_Password_Meter__DependSys_2021_conference.pdf - Accepted Version
Available under License Creative Commons Attribution.

Download (431kB) | Preview

Search Google Scholar

Abstract

Password-based authentication is the most popular authentication mechanism over insecure networks due its simplicity and convenience. To ensure the security of this authentication mechanism, measuring the strength of users’ passwords becomes a crucial task to guide users to create stronger passwords. However, password strength meters are only helpful if they are accurate. Passwords meters that do not provide accurate scores that reflect the actual passwords strengths, e.g., providing a high score for a weak password, may misinform users and hinder the overall security of password-based authentication mechanisms. While many password strength meters were proposed in the literature, the lack of a standardized method to measure password strengths and comparing the accuracy of different password meters, selecting the most appropriate password meter will remain a difficult and unclear process.
In this paper, we propose and implement a data-driven password meter that scrapes and collects large datasets to be used by the proposed password strength meter to help provide more accurate scores. Also, we measured the influence of the proposed meter at guiding users to create stronger passwords by tracking their eye movements. To do this, we conducted a user study on a testing web service and monitored the eye movements of our users using an eye tracking tool. Our results exhibited a significant improvement by influencing 88% of users to create an average of 150 years for password cracking-time.

Item Type: Conference or Workshop Item (Paper)
Uncontrolled Keywords: password meter, authentication security, eye tracker, time-to-crack.
Subjects: Computing > Cybersecurity
Computing > Artificial Intelligence
Computing > Computer Aided Design
Computing > Human-Computer Interaction
Computing > Information Systems
Computing > Network Computing
Computing > Software Engineering
Divisions: Faculty of Technology > School of Computer Science
Depositing User: Sardar Jaf
Date Deposited: 02 Dec 2021 15:38
Last Modified: 02 Dec 2021 15:38
URI: http://sure.sunderland.ac.uk/id/eprint/14224
ORCID for Sardar Jaf: ORCID iD orcid.org/0000-0002-5620-0277

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year