nach oben

Erschienen in:

2021 | OriginalPaper | Buchkapitel

Studies of Keyboard Patterns in Passwords: Recognition, Characteristics and Strength Evolution

verfasst von : Kunyu Yang, Xuexian Hu, Qihui Zhang, Jianghong Wei, Wenfen Liu

Erschienen in: Information and Communications Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Keyboard patterns are widely used in password construction, as they can be easily memorized with the aid of positions on the keyboard. Consequently, keyboard-pattern-based passwords has being the target in many dictionary attack models. However, most of the existing researches relies only on recognition methods defining keyboard pattern structures empirically or even manually. As a result, only those infamous keyboard patterns such as qwerty are recognized and many potential structures are not specified. Besides, there are limited studies focusing on the characteristics of keyboard patterns.

In this paper, we deal with the problem of recognizing and analyzing keyboard patterns in a systematic approach. Firstly, we put forward a general recognition method that can pick out keyboard patterns form passwords automatically. Next, a comprehensive study of keyboard pattern characteristics is presented, which reveals a great deal of amazing facts about the preference for passwords based on keyboard patterns, such as: (1) More than half of the pattern-based passwords are completely composed by keyboard patterns; (2) The frequency distribution of the keyboard patterns satisfies the PDF-Zipf model; (3) Users prefer to use keyboard patterns consisted by horizontal continuous keys or those characters whose physical location are on the upper left of the keyboard. We further evaluate the security of keyboard-pattern-based passwords by employing the PCFG-base cracking technique. The experimental results indicate that the keyboard patterns can reduce the security of passwords.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel HIAWare: Speculate Handwriting on Mobile Devices with Built-In Sensors

Nächstes Kapitel CNN-Based Continuous Authentication on Smartphones with Auto Augmentation Search

Bonneau, J.: The science of guessing: analyzing an anonymized corpus of 70 million passwords. In: 2012 IEEE Symposium on Security and Privacy, pp. 538–552 (2012)

Bonneau, J., Herley, C., Van Oorschot, P.C., Stajano, F.: Passwords and the evolution of imperfect authentication. Commun. ACM 58(7), 78–87 (2015)CrossRef

Chou, H.C., Lee, H.C., Hsueh, C.W., Lai, F.P.: Password cracking based on special keyboard patterns. Int. J. Innov. Comput. Inf. Control 8(1(A)), 387–402 (2012)

Deng, G., Yu, X., Guo, H.: Efficient password guessing based on a password segmentation approach. In: 2019 IEEE Global Communications Conference (GLOBECOM), pp. 1–6 (2019)

Grassi, P.A., et al.: Digital identity guidelines-authentication and lifecycle management. National Institute of Standards and Technology (2020)

Han, W., Xu, M., Zhang, J., Wang, C., Zhang, K., Wang, X.S.: TransPCFG : transferring the grammars from short passwords to guess long passwords effectively. IEEE Trans. Inf. Forensics Secur. 16(pp), 451–465 (2021)

Houshmand, S., Aggarwal, S., Flood, R.: Next gen PCFG password cracking. IEEE Trans. Inf. Forensics Secur. 10(8), 1776–1791 (2015)CrossRef

Kävrestad, J., Zaxmy, J., Nohlberg, M.: Analyzing the usage of character groups and keyboard patterns in password creation. Inf. Comput. Secur. 28(3), 347–358 (2020)

Li, J., Zeigler, E., Holland, T., Papamichail, D., Greco, D., Grabentein, J., Liang, D.: Common passwords and common words in passwords. In: World Conference on Information Systems and Technologies, pp. 818–827 (2020)

10.

Li, Z., Han, W., Xu, W.: A large-scale empirical analysis of Chinese web passwords. In: SEC 2014 Proceedings of the 23rd USENIX Conference on Security Symposium, pp. 559–574 (2014)

11.

Ma, J., Yang, W., Luo, M., Li, N.: A study of probabilistic password models. In: 2014 IEEE Symposium on Security and Privacy, pp. 689–704 (2014)

12.

Pearman, S., et al.: Let’s go in for a closer look: observing passwords in their natural habitat. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 295–310 (2017)

13.

Schweitzer, D., Boleng, J., Hughes, C., Murphy, L.: Visualizing keyboard pattern passwords. Inf. Vis. 10(2), 127–133 (2011)CrossRef

14.

Wang, C., Jan, S.T., Hu, H., Bossart, D., Wang, G.: The next domino to fall: empirical analysis of user passwords across online services. In: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy, pp. 196–203 (2018)

15.

Wang, D., Cheng, H., Wang, P., Huang, X., Jian, G.: Zipf’s law in passwords. IEEE Trans. Inf. Forensics Secur. 12(11), 2776–2791 (2017)CrossRef

16.

Wang, D., Wang, P., He, D., Tian, Y.: Birthday, name and bifacial-security: understanding passwords of Chinese web users. In: SEC 2019 Proceedings of the 28th USENIX Conference on Security Symposium, pp. 1537–1554 (2019)

17.

Wang, D., Zhang, Z., Wang, P., Yan, J., Huang, X.: Targeted online password guessing: an underestimated threat. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1242–1254 (2016)

18.

Weir, M., Aggarwal, S., de Medeiros, B., Glodek, B.: Password cracking using probabilistic context-free grammars. In: 2009 IEEE Symposium on Security and Privacy, pp. 391–405 (2009)

19.

Wheeler, D.L.: zxcvbn: Low-budget password strength estimation. In: SEC 2016 Proceedings of the 25th USENIX Conference on Security Symposium, pp. 157–173 (2016)

20.

Zhang, Y., Xian, H., Yu, A.: CSNN: password guessing method based on Chinese syllables and neural network. Peer-to-Peer Netw. Appl. 13(6), 2237–2250 (2020). https://doi.org/10.1007/s12083-020-00893-7CrossRef

Titel: Studies of Keyboard Patterns in Passwords: Recognition, Characteristics and Strength Evolution
verfasst von: Kunyu Yang
Xuexian Hu
Qihui Zhang
Jianghong Wei
Wenfen Liu
Verlag: Springer International Publishing
Buch: Information and Communications Security
Print ISBN: 978-3-030-86889-5

Electronic ISBN: 978-3-030-86890-1

Copyright-Jahr: 2021
DOI: https://doi.org/10.1007/978-3-030-86890-1_9

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner