Abstract
In the era of social web, the number of accounts that users need to maintain and consequently the number of associated passwords has increased. This usually constraints users to select very weak passwords that can be easily remembered, yet easily compromised. Indeed, recent data breaches in major social networking platforms have shown that users are still using naïve passwords such as 123456. To remedy this serious problem and taking advantage of the availability of real password datasets, we propose a novel methodology that can detect all frequent and non-frequent patterns. The results are used to develop a novel password creation and validation system that could improve the strength of a password.
Similar content being viewed by others
Notes
References
Bergadano F, Crispo B, Ruffo G (1998) High dictionary compression for proactive password checking. ACM Trans Inform Syst Secur ACM 1(1):3–25. https://doi.org/10.1145/290163.290164
Bishop M, Klein DV (1995) Improving system security via proactive password checking. Comput Secur Elsevier 14(3):233–249. https://doi.org/10.1016/0167-4048(95)00003-Q
Camastra F, Ciaramella A, Staiano A (2013) Machine learning and soft computing for ICT security: an overview of current trends. J Ambient Intell Human Comput Springer 4(2):235–247. https://doi.org/10.1007/s12652-011-0073-z
De Carnavalet XDC, Mannan M (2014) From very weak to very strong: analyzing password-strength meters. In: Proceedings of the network and distributed system security symposium, internet society, pp 23–26. https://doi.org/10.14722/ndss.2014.23268
Dell’Amico M, Michiardi P, Roudier Y (2010) Password strength: an empirical analysis. In: Proceedings of the 2010 INFOCOM, IEEE, pp 1–9. https://doi.org/10.1109/INFCOM.2010.5461951
Designer S (2006) John the Ripper password cracker. https://www.openwall.com/john/. Accessed 08 March 2018
Devillers MMA (2010) Analyzing password strength. Technical Report. Radboud University Nijmegen
Egelman S, Sotirakopoulos A, Muslukhov I, Beznosov K, Herley C (2013) Does my password go up to eleven? The impact of password meters on password selection. In: Proceedings of the SIGCHI conference on human factors in computing systems, ACM, pp 2379–2388. https://doi.org/10.1145/2470654.2481329
Florencio D, Herley C (2007) A large-scale study of web password habits. In: Proceedings of the 16th international conference on World Wide Web, ACM, pp 657–666. https://doi.org/10.1145/1242572.1242661
Gaw S, Felten EW (2006) Password management strategies for online accounts. In: Proceedings of the second symposium on usable privacy and security, ACM, pp 44–55. https://doi.org/10.1145/1143120.1143127
Goodin D (2013) Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331”. http://arstechnica.com/security/2013/05/how-crackers-makeminced-meat-out-of-your-passwords/. Accessed 20 Mar 2018
Grassi PA, Newton EM, Perlner RA, Regenscheid AR, Burr WE, Richer JP, Lefkovitz NB, Danker JM, Choong YY, Greene K, Theofanos MF (2017) Digital identity guidelines: authentication and lifecycle management. Special Publication (NIST SP)-800-63B. https://doi.org/10.6028/NIST.SP.800-63b
Horcher AM, Tejay GP (2009) Building a better password: the role of cognitive load in information security training. In: Proceedings of the intelligence and security informatics, 2009, IEEE international conference on, IEEE, pp 113–118. https://doi.org/10.1109/ISI.2009.5137281
Huh JH, Kim H, Rayala SS, Bobba RB, Beznosov K (2017) I’m too busy to reset my linkedin password: on the effectiveness of password reset emails. In: Proceedings of the 2017 CHI conference on human factors in computing systems, ACM, pp 387–391. https://doi.org/10.1145/3025453.3025788
Inglesant PG, Sasse MA (2010) The true cost of unusable password policies: password use in the wild. In: Proceedings of the SIGCHI conference on human factors in computing systems, ACM, pp. 383–392. https://doi.org/10.1145/1753326.1753384
Jain AK, Gupta BB (2018) A machine learning based approach for phishing detection using hyperlinks information. J Ambient Intell Human Comput Springer:1–14. https://doi.org/10.1007/s12652-018-0798-z
Kelley PG, Komanduri S, Mazurek ML, Shay R, Vidas T, Bauer L, Christin N, Cranor LF, Lopez J (2012) Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. In: Proceedings of the security and privacy, 2012 IEEE Symposium on, IEEE, pp 523–537. https://doi.org/10.1109/SP.2012.38
Klein DV (1990) Foiling the cracker: A survey of, and improvements to, password security. In: Proceedings of the 2nd security workshop, USENIX, pp 5–14
Komanduri S, Shay R, Kelley PG, Mazurek ML, Bauer L, Christin N, Cranor LF, Egelman S (2011) Of passwords and people: measuring the effect of password composition policies. In: Proceedings of the SIGCHI conference on human factors in computing systems, ACM, pp 2595–2604. https://doi.org/10.1145/1978942.1979321
Kurgas M, Mebus, Abhro GA (2018) Common User Passwords Profiler (CUPP). https://github.com/Mebus/cupp. Accessed 08 Mar 2018
Malone D, Maher K (2012) Investigating the distribution of password choices. In: Proceedings of the 21st international conference on World Wide Web, ACM, pp 301–310. https://doi.org/10.1145/2187836.2187878
Manber U, Myers G (1993) Suffix arrays: a new method for on-line string searches. SIAM J Comput 22(5):935–948. https://doi.org/10.1137/0222058
Mazurek ML, Komanduri S, Vidas T, Bauer L, Christin N, Cranor LF, Kelley PG, Shay R, Ur B (2013) Measuring password guessability for an entire university. In: Proceedings of the 2013 ACM SIGSAC conference on computer and communications security, ACM, pp 173–186. https://doi.org/10.1145/2508859.2516726
Preibusch S, Bonneau J (2010) The password game: negative externalities from weak password practices. In: Proceedings of the international conference on decision and game theory for security, Springer, Berlin, Heidelberg, pp 192–207. https://doi.org/10.1007/978-3-642-17197-0_13
Rao A, Jha B, Kini G (2013) Effect of grammar on security of long passwords. In: Proceedings of the third ACM conference on data and application security and privacy, ACM, pp 317–324. https://doi.org/10.1145/2435349.2435395
Shay R, Komanduri S, Kelley PG, Leon PG, Mazurek ML, Bauer L, Christin N, Cranor LF (2010) Encountering stronger password requirements: user attitudes and behaviors. In: Proceedings of the sixth symposium on usable privacy and security, ACM, p 2. https://doi.org/10.1145/1837110.1837113
Shay R, Komanduri S, Durity AL, Huh PS, Mazurek ML, Segreti SM, Ur B, Bauer L, Christin N, Cranor LF (2016) Designing password policies for strength and usability. ACM Trans Inform Syst Secur ACM 18(4):13. https://doi.org/10.1145/2891411
Spafford EH (1992) Observing reusable password choices. Technical Report. Perdue University
Ur B, Kelley PG, Komanduri S, Lee J, Maass M, Mazurek ML, Passaro T, Shay R, Vidas T, Bauer L, Christin N, Cranor LF (2012) How does your password measure up? The effect of strength meters on password creation. In: Proceedings of the 21st security symposium, USENIX. pp 65–80
Valentine O (2017) Multi-Networking Approaches its Peak. Globalwebindex. https://blog.globalwebindex.com/chart-of-the-day/multi-networking-approaches-its-peak/. Accessed 10 Mar 2018
Vance A (2010) If your password is 123456, just make it hackme. The New York times. https://www.nytimes.com/2010/01/21/technology/21password.html. Accessed 15 Mar 2018
Vu KPL, Proctor RW, Bhargav-Spantzel A, Tai BLB, Cook J, Schultz EE (2007) Improving password security and memorability to protect personal and organizational information. Int J Hum Comput Stud 65(8):744–757. https://doi.org/10.1016/j.ijhcs.2007.03.007
Wang D, Wang P (2015) The emperor’s new password creation policies. In: Proceedings of the European symposium on research in computer security, Springer, Cham, pp 456–477. https://doi.org/10.1007/978-3-319-24177-7_23
Weir M, Aggarwal S, Collins M, Stern H (2010) Testing metrics for password creation policies by attacking large sets of revealed passwords. In: Proceedings of the 17th ACM conference on computer and communications security, ACM, pp 162–175. https://doi.org/10.1145/1866307.1866327
Wheeler DL (2016) zxcvbn: low-budget password strength estimation. In: Proceedings of the 25th security symposium, USENIX, pp 157–173
Xylogiannopoulos KF (2017) Data structures, algorithms and applications for big data analytics: single, multiple and all repeated patterns detection in discrete sequences. Dissertation, University of Calgary
Xylogiannopoulos KF, Karampelas P, Alhajj R (2014) Analyzing very large time series using suffix arrays. Appl Intell Springer 41(3):941–955. https://doi.org/10.1007/s10489-014-0553-x
Xylogiannopoulos KF, Karampelas P, Alhajj R (2015) Sequential all frequent Itemsets detection—a method to detect all frequent sequential itemsets using LERP-reduced suffix array data structure and ARPaD algorithhm. In: Proceedings of international conference on advances in social networks analysis and mining, IEEE, pp 1141–1148. https://doi.org/10.1145/2808797.2809301
Xylogiannopoulos KF, Karampelas P, Alhajj R (2016) Repeated patterns detection in big data using classification and parallelism on LERP reduced suffix arrays. Appl Intell Springer 45(3):567–597. https://doi.org/10.1007/s10489-016-0766-2
Yan J, Blackwell A, Anderson R, Grant A (2004) Password memorability and security: empirical results. Secur Priv IEEE 2(5):25–31. https://doi.org/10.1109/MSP.2004.81
Yang W, Li N, Molloy IM, Park Y, Chari SN (2016) Comparing password ranking algorithms on real-world password datasets. In: Proceedings of the European symposium on research in computer security, Springer Cham, pp 69–90. https://doi.org/10.1007/978-3-319-45744-4_4
Zhang-Kennedy L, Chiasson S, van Oorschot P (2016) Revisiting password rules: facilitating human management of passwords. In: Proceedings of the electronic crime research (eCrime), 2016 APWG Symposium on, IEEE, pp 1–10. https://doi.org/10.1109/ECRIME.2016.7487945
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Xylogiannopoulos, K.F., Karampelas, P. & Alhajj, R. A password creation and validation system for social media platforms based on big data analytics. J Ambient Intell Human Comput 11, 53–73 (2020). https://doi.org/10.1007/s12652-019-01172-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-019-01172-x