Investigating the Distribution of Password Choices
Author(s): David Malone, Kevin Maher

Date: April 2012
Publication: Proceedings of the 21st international conference on World Wide Web, WWW '12
Page(s): 301 - 310
Publisher: ACM
Source 1: http://www2012.wwwconference.org/proceedings/proceedings/p301.pdf
Source 2: http://arxiv.org/pdf/1104.3722.pdf
Source 3: http://dx.doi.org/10.1145/2187836.2187878 - Subscription or payment required

Abstract or Summary:
The distribution of passwords chosen by users has implications for site security, password-handling algorithms and even how users are permitted to select passwords. Using password lists from four different web sites, we investigate if Zipf's law is a good description of the frequency with which passwords are chosen. We use a number of standard statistics, which measure the security of password distributions, to see if modelling the data using a simple distribution is effective. We then consider how much the password distributions from each site have in common, using password cracking as a metric. This shows that these distributions have enough high-frequency passwords in common to provide effective speed-ups for cracking passwords. Finally, as an alternative to a deterministic banned list, we will show how to stochastically shape the distribution of passwords, by occasionally asking users to choose a different password.



Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.

<-- Back to Authentication Research Paper Index





[Home] [About Us] [News] [Research]

Copyright © 2016 PasswordResearch.com