The common English word was vulnerable to guessing, but only when cues about this word were provided. Participants were given 20 attempts to guess an eight-character password which was either a common English word or two unrelated words joined by a control character (eight characters in all). A pilot study confirmed the feasibility of this framework. A system manager might utilize results of guessability studies by encouraging users to avoid choosing passwords which are closely associated with account names or which have been shown to be highly vulnerable to guessing, or by not assigning passwords which are from vulnerable classes of passwords. This method can be used to develop metrics for guessability of classes of passwords. Hit rates (the percentage of passwords correctly guessed within a limited number of attempts) can then be obtained. People who attempt to guess more » what a password is can be provided with cues, such as what a password for another account in the system is or a nickname. The framework we propose is that computer security experts can conduct guessability studies on a large number of passwords which are candidates for assignment to users. If someone discovers one of a series of rule-based passwords, it is easier to guess other passwords. We assume that passwords are usually based on a simple rule. We have developed a framework for a methodology to estimate the guessability of passwords. This paper focuses on the most commonly used authentication procedure-use of passwords. AbstractNote = ,Ī major problem in computer security is intrusion into systems due to compromised authentication procedures.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |