Close menu


Sunderland Repository records the research produced by the University of Sunderland including practice-based research and theses.

A Data-Driven Password Strength Meter for Cybersecurity Assessment and Enhancement

Algharibeh, Moath, Husari, Gaith and Jaf, Sardar (2021) A Data-Driven Password Strength Meter for Cybersecurity Assessment and Enhancement. In: The 7th IEEE International Conference on Dependability in Sensor, Cloud, and Big Data Systems and Applications, 20-22 Dec 2021, Haikou. (Unpublished)

Item Type: Conference or Workshop Item (Paper)


Password-based authentication is the most popular authentication mechanism over insecure networks due its simplicity and convenience. To ensure the security of this authentication mechanism, measuring the strength of users’ passwords becomes a crucial task to guide users to create stronger passwords. However, password strength meters are only helpful if they are accurate. Passwords meters that do not provide accurate scores that reflect the actual passwords strengths, e.g., providing a high score for a weak password, may misinform users and hinder the overall security of password-based authentication mechanisms. While many password strength meters were proposed in the literature, the lack of a standardized method to measure password strengths and comparing the accuracy of different password meters, selecting the most appropriate password meter will remain a difficult and unclear process.
In this paper, we propose and implement a data-driven password meter that scrapes and collects large datasets to be used by the proposed password strength meter to help provide more accurate scores. Also, we measured the influence of the proposed meter at guiding users to create stronger passwords by tracking their eye movements. To do this, we conducted a user study on a testing web service and monitored the eye movements of our users using an eye tracking tool. Our results exhibited a significant improvement by influencing 88% of users to create an average of 150 years for password cracking-time.

Dynamic_Password_Meter__DependSys_2021_conference.pdf - Accepted Version
Available under License Creative Commons Attribution.

Download (431kB) | Preview

More Information

Uncontrolled Keywords: password meter, authentication security, eye tracker, time-to-crack.
Depositing User: Sardar Jaf


Item ID: 14224
Official URL:

Users with ORCIDS

ORCID for Sardar Jaf: ORCID iD

Catalogue record

Date Deposited: 02 Dec 2021 15:38
Last Modified: 25 Jan 2022 08:48