1 / 15

UNDERSTANDING PASSWORDS

UNDERSTANDING PASSWORDS. Markus Jakobsson Mayank Dhiman. What Pwd Strength Checkers do. Long enough? Enough upper-case characters? Enough lower-case characters? Enough other stuff? Contains offending sequence?. YOU WANT TO FIND FAST RUNNERS?. Has yellow? Has black? Has tail?

chesmu
Download Presentation

UNDERSTANDING PASSWORDS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. UNDERSTANDING PASSWORDS Markus Jakobsson MayankDhiman

  2. What Pwd Strength Checkers do Long enough? Enough upper-case characters? Enough lower-case characters? Enough other stuff? Contains offending sequence?

  3. YOU WANT TO FIND FAST RUNNERS? Has yellow? Has black? Has tail? Has dots?

  4. YOU WANT TO FIND FAST RUNNERS? Has yellow? Has black? Has tail? Has dots?

  5. WHAT PWD CHECKERS should do Unlikely enough?

  6. What IS Unlikely?

  7. What IS Unlikely? We need to know the distribution

  8. What IS Unlikely? That means we need to understand how passwords are generated We need to know the distribution

  9. PROCESS? Setup a. Determine components and rules b. Parse tons of passwords, identify components/rules c. Record frequencies of component/rule occurrences

  10. PROCESS? Setup a. Determine components and rules b. Parse tons of passwords, identify components/rules c. Record frequencies of component/rule occurrences 2. Assess password strength a. Parse; identify components and rules b. Determine probability of each component and rule c. Determine probability of password

  11. COMPONENTS

  12. RULES

  13. Some RESULTS

  14. Some RESULTS

  15. wHat ELSE CAN WE DO? ATO classification Correlate with password reset, predict forgetting Determine degree of similarity How to communicate strength

More Related