Skip to main content
SpringerLink
Log in

A password creation and validation system for social media platforms based on big data analytics

  • Original Research
  • Published:
Journal of Ambient Intelligence and Humanized Computing Aims and scope Submit manuscript

Abstract

In the era of social web, the number of accounts that users need to maintain and consequently the number of associated passwords has increased. This usually constraints users to select very weak passwords that can be easily remembered, yet easily compromised. Indeed, recent data breaches in major social networking platforms have shown that users are still using naïve passwords such as 123456. To remedy this serious problem and taking advantage of the availability of real password datasets, we propose a novel methodology that can detect all frequent and non-frequent patterns. The results are used to develop a novel password creation and validation system that could improve the strength of a password.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

Notes

  1. https://www.theverge.com/2017/9/1/16244304/instagram-hack-api-bug-doxagram-selena-gomez.

  2. http://www.zdnet.com/article/dailymotion-hack-exposes-millions-of-accounts/.

  3. https://motherboard.vice.com/en_us/article/pgkk8v/427-million-myspace-passwords-emails-data-breach.

  4. https://www.europol.europa.eu/iocta/2016/data-breach.html.

  5. https://motherboard.vice.com/en_us/article/bmvj9m/another-day-another-hack-7-million-emails-and-hashed-passwords-for-minecraft.

  6. https://www.theguardian.com/news/2018/mar/17/cambridge-analytica-facebook-influence-us-election?CMP=twt_gu.

  7. https://blog.imgur.com/2017/11/24/notice-of-data-breach/.

  8. http://uk.businessinsider.com/yahoo-hack-by-state-sponsored-actor-biggest-of-all-time-2016-9?r=US&IR=T.

  9. http://money.cnn.com/2016/05/19/technology/linkedin-hack/.

References

  • Bergadano F, Crispo B, Ruffo G (1998) High dictionary compression for proactive password checking. ACM Trans Inform Syst Secur ACM 1(1):3–25. https://doi.org/10.1145/290163.290164

    Article  Google Scholar 

  • Bishop M, Klein DV (1995) Improving system security via proactive password checking. Comput Secur Elsevier 14(3):233–249. https://doi.org/10.1016/0167-4048(95)00003-Q

    Article  Google Scholar 

  • Camastra F, Ciaramella A, Staiano A (2013) Machine learning and soft computing for ICT security: an overview of current trends. J Ambient Intell Human Comput Springer 4(2):235–247. https://doi.org/10.1007/s12652-011-0073-z

    Article  Google Scholar 

  • De Carnavalet XDC, Mannan M (2014) From very weak to very strong: analyzing password-strength meters. In: Proceedings of the network and distributed system security symposium, internet society, pp 23–26. https://doi.org/10.14722/ndss.2014.23268

  • Dell’Amico M, Michiardi P, Roudier Y (2010) Password strength: an empirical analysis. In: Proceedings of the 2010 INFOCOM, IEEE, pp 1–9. https://doi.org/10.1109/INFCOM.2010.5461951

  • Designer S (2006) John the Ripper password cracker. https://www.openwall.com/john/. Accessed 08 March 2018

  • Devillers MMA (2010) Analyzing password strength. Technical Report. Radboud University Nijmegen

  • Egelman S, Sotirakopoulos A, Muslukhov I, Beznosov K, Herley C (2013) Does my password go up to eleven? The impact of password meters on password selection. In: Proceedings of the SIGCHI conference on human factors in computing systems, ACM, pp 2379–2388. https://doi.org/10.1145/2470654.2481329

  • Florencio D, Herley C (2007) A large-scale study of web password habits. In: Proceedings of the 16th international conference on World Wide Web, ACM, pp 657–666. https://doi.org/10.1145/1242572.1242661

  • Gaw S, Felten EW (2006) Password management strategies for online accounts. In: Proceedings of the second symposium on usable privacy and security, ACM, pp 44–55. https://doi.org/10.1145/1143120.1143127

  • Goodin D (2013) Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331”. http://arstechnica.com/security/2013/05/how-crackers-makeminced-meat-out-of-your-passwords/. Accessed 20 Mar 2018

  • Grassi PA, Newton EM, Perlner RA, Regenscheid AR, Burr WE, Richer JP, Lefkovitz NB, Danker JM, Choong YY, Greene K, Theofanos MF (2017) Digital identity guidelines: authentication and lifecycle management. Special Publication (NIST SP)-800-63B. https://doi.org/10.6028/NIST.SP.800-63b

  • Horcher AM, Tejay GP (2009) Building a better password: the role of cognitive load in information security training. In: Proceedings of the intelligence and security informatics, 2009, IEEE international conference on, IEEE, pp 113–118. https://doi.org/10.1109/ISI.2009.5137281

  • Huh JH, Kim H, Rayala SS, Bobba RB, Beznosov K (2017) I’m too busy to reset my linkedin password: on the effectiveness of password reset emails. In: Proceedings of the 2017 CHI conference on human factors in computing systems, ACM, pp 387–391. https://doi.org/10.1145/3025453.3025788

  • Inglesant PG, Sasse MA (2010) The true cost of unusable password policies: password use in the wild. In: Proceedings of the SIGCHI conference on human factors in computing systems, ACM, pp. 383–392. https://doi.org/10.1145/1753326.1753384

  • Jain AK, Gupta BB (2018) A machine learning based approach for phishing detection using hyperlinks information. J Ambient Intell Human Comput Springer:1–14. https://doi.org/10.1007/s12652-018-0798-z

    Article  Google Scholar 

  • Kelley PG, Komanduri S, Mazurek ML, Shay R, Vidas T, Bauer L, Christin N, Cranor LF, Lopez J (2012) Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. In: Proceedings of the security and privacy, 2012 IEEE Symposium on, IEEE, pp 523–537. https://doi.org/10.1109/SP.2012.38

  • Klein DV (1990) Foiling the cracker: A survey of, and improvements to, password security. In: Proceedings of the 2nd security workshop, USENIX, pp 5–14

  • Komanduri S, Shay R, Kelley PG, Mazurek ML, Bauer L, Christin N, Cranor LF, Egelman S (2011) Of passwords and people: measuring the effect of password composition policies. In: Proceedings of the SIGCHI conference on human factors in computing systems, ACM, pp 2595–2604. https://doi.org/10.1145/1978942.1979321

  • Kurgas M, Mebus, Abhro GA (2018) Common User Passwords Profiler (CUPP). https://github.com/Mebus/cupp. Accessed 08 Mar 2018

  • Malone D, Maher K (2012) Investigating the distribution of password choices. In: Proceedings of the 21st international conference on World Wide Web, ACM, pp 301–310. https://doi.org/10.1145/2187836.2187878

  • Manber U, Myers G (1993) Suffix arrays: a new method for on-line string searches. SIAM J Comput 22(5):935–948. https://doi.org/10.1137/0222058

    Article  MathSciNet  MATH  Google Scholar 

  • Mazurek ML, Komanduri S, Vidas T, Bauer L, Christin N, Cranor LF, Kelley PG, Shay R, Ur B (2013) Measuring password guessability for an entire university. In: Proceedings of the 2013 ACM SIGSAC conference on computer and communications security, ACM, pp 173–186. https://doi.org/10.1145/2508859.2516726

  • Preibusch S, Bonneau J (2010) The password game: negative externalities from weak password practices. In: Proceedings of the international conference on decision and game theory for security, Springer, Berlin, Heidelberg, pp 192–207. https://doi.org/10.1007/978-3-642-17197-0_13

    Google Scholar 

  • Rao A, Jha B, Kini G (2013) Effect of grammar on security of long passwords. In: Proceedings of the third ACM conference on data and application security and privacy, ACM, pp 317–324. https://doi.org/10.1145/2435349.2435395

  • Shay R, Komanduri S, Kelley PG, Leon PG, Mazurek ML, Bauer L, Christin N, Cranor LF (2010) Encountering stronger password requirements: user attitudes and behaviors. In: Proceedings of the sixth symposium on usable privacy and security, ACM, p 2. https://doi.org/10.1145/1837110.1837113

  • Shay R, Komanduri S, Durity AL, Huh PS, Mazurek ML, Segreti SM, Ur B, Bauer L, Christin N, Cranor LF (2016) Designing password policies for strength and usability. ACM Trans Inform Syst Secur ACM 18(4):13. https://doi.org/10.1145/2891411

    Article  Google Scholar 

  • Spafford EH (1992) Observing reusable password choices. Technical Report. Perdue University

  • Ur B, Kelley PG, Komanduri S, Lee J, Maass M, Mazurek ML, Passaro T, Shay R, Vidas T, Bauer L, Christin N, Cranor LF (2012) How does your password measure up? The effect of strength meters on password creation. In: Proceedings of the 21st security symposium, USENIX. pp 65–80

  • Valentine O (2017) Multi-Networking Approaches its Peak. Globalwebindex. https://blog.globalwebindex.com/chart-of-the-day/multi-networking-approaches-its-peak/. Accessed 10 Mar 2018

  • Vance A (2010) If your password is 123456, just make it hackme. The New York times. https://www.nytimes.com/2010/01/21/technology/21password.html. Accessed 15 Mar 2018

  • Vu KPL, Proctor RW, Bhargav-Spantzel A, Tai BLB, Cook J, Schultz EE (2007) Improving password security and memorability to protect personal and organizational information. Int J Hum Comput Stud 65(8):744–757. https://doi.org/10.1016/j.ijhcs.2007.03.007

    Article  Google Scholar 

  • Wang D, Wang P (2015) The emperor’s new password creation policies. In: Proceedings of the European symposium on research in computer security, Springer, Cham, pp 456–477. https://doi.org/10.1007/978-3-319-24177-7_23

    Chapter  Google Scholar 

  • Weir M, Aggarwal S, Collins M, Stern H (2010) Testing metrics for password creation policies by attacking large sets of revealed passwords. In: Proceedings of the 17th ACM conference on computer and communications security, ACM, pp 162–175. https://doi.org/10.1145/1866307.1866327

  • Wheeler DL (2016) zxcvbn: low-budget password strength estimation. In: Proceedings of the 25th security symposium, USENIX, pp 157–173

  • Xylogiannopoulos KF (2017) Data structures, algorithms and applications for big data analytics: single, multiple and all repeated patterns detection in discrete sequences. Dissertation, University of Calgary

  • Xylogiannopoulos KF, Karampelas P, Alhajj R (2014) Analyzing very large time series using suffix arrays. Appl Intell Springer 41(3):941–955. https://doi.org/10.1007/s10489-014-0553-x

    Article  MATH  Google Scholar 

  • Xylogiannopoulos KF, Karampelas P, Alhajj R (2015) Sequential all frequent Itemsets detection—a method to detect all frequent sequential itemsets using LERP-reduced suffix array data structure and ARPaD algorithhm. In: Proceedings of international conference on advances in social networks analysis and mining, IEEE, pp 1141–1148. https://doi.org/10.1145/2808797.2809301

  • Xylogiannopoulos KF, Karampelas P, Alhajj R (2016) Repeated patterns detection in big data using classification and parallelism on LERP reduced suffix arrays. Appl Intell Springer 45(3):567–597. https://doi.org/10.1007/s10489-016-0766-2

    Article  Google Scholar 

  • Yan J, Blackwell A, Anderson R, Grant A (2004) Password memorability and security: empirical results. Secur Priv IEEE 2(5):25–31. https://doi.org/10.1109/MSP.2004.81

    Article  Google Scholar 

  • Yang W, Li N, Molloy IM, Park Y, Chari SN (2016) Comparing password ranking algorithms on real-world password datasets. In: Proceedings of the European symposium on research in computer security, Springer Cham, pp 69–90. https://doi.org/10.1007/978-3-319-45744-4_4

    Chapter  Google Scholar 

  • Zhang-Kennedy L, Chiasson S, van Oorschot P (2016) Revisiting password rules: facilitating human management of passwords. In: Proceedings of the electronic crime research (eCrime), 2016 APWG Symposium on, IEEE, pp 1–10. https://doi.org/10.1109/ECRIME.2016.7487945

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Calgary, Calgary, AB, Canada

    Konstantinos F. Xylogiannopoulos & Reda Alhajj

  2. Hellenic Air Force Academy, Dekelia Air Force Base, Attica, Greece

    Panagiotis Karampelas

Authors
  1. Konstantinos F. Xylogiannopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Panagiotis Karampelas
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Reda Alhajj
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Panagiotis Karampelas.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Xylogiannopoulos, K.F., Karampelas, P. & Alhajj, R. A password creation and validation system for social media platforms based on big data analytics. J Ambient Intell Human Comput 11, 53–73 (2020). https://doi.org/10.1007/s12652-019-01172-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12652-019-01172-x

Keywords

Search

Navigation