OPUS: Preventing Weak Password Choices
Author(s): Eugene Spafford

Date: May 1992
Publication: Computers & Security, Volume 11, Number 3
Page(s): 273 - 278
Publisher: Elsevier Advanced Technology Publications
Source 1: https://www.cerias.purdue.edu/assets/pdf/bibtex_archive/91-02.pdf
Source 2: http://dx.doi.org/10.1016/0167-4048(92)90207-8 - Subscription or payment required

Abstract:
A common problem with systems that use passwords for authentication is that users choose weak passwords. Weak passwords are passwords that are easy to guess, simple to derive, or likely to be found in a dictionary attack. Thus, the choice of weak passwords may lead to a compromised system.

Methods exist to prevent users from selecting and using weak passwords. One common method is to compare user choices against a list of unacceptable words. The problem with this approach is the amount of space required to store even a modest-sized dictionary of prohibited password choices.

This paper describes a space-efficient method of storing a dictionary of words that are not allowed as password choices. Lookups in the dictionary are (constant time) no matter how many words are in the dictionary. The mechanism described has other interesting features, a few of which are described here.




Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.

<-- Back to Authentication Research Paper Index





[Home] [About Us] [News] [Research]

Copyright © 2016 PasswordResearch.com