UNDERSTANDING PASSWORDS

MARKUS JAKOBSSONMAYANK DHIMAN

WHAT PWD STRENGTH CHECKERS DO

Long enough?Enough upper-case characters?Enough lower-case characters?

Enough other stuff?Contains offending sequence?

YOU WANT TO FIND FAST RUNNERS?

Has yellow?Has black?Has tail?

Has dots?

YOU WANT TO FIND FAST RUNNERS?

Has yellow?Has black?Has tail?

Has dots?

WHAT PWD CHECKERS SHOULD DO

Unlikely enough?

WHAT IS UNLIKELY?

We need to know the distribution

WHAT IS UNLIKELY?

That means we need to understand how passwords are generatedWe need to know the distribution

PROCESS?

1. Setupa. Determine components and rulesb. Parse tons of passwords, identify components/rulesc. Record frequencies of component/rule occurrences

PROCESS?

1. Setupa. Determine components and rulesb. Parse tons of passwords, identify components/rulesc. Record frequencies of component/rule occurrences

2. Assess password strengtha. Parse; identify components and rulesb. Determine probability of each component and rulec. Determine probability of password

COMPONENTS

SOME RESULTS

WHAT ELSE CAN WE DO?

ATO classificationCorrelate with password reset, predict forgetting

Determine degree of similarityHow to communicate strength

UNDERSTANDING PASSWORDS

Documents

Transcript of UNDERSTANDING PASSWORDS

Passwords presentation

Passwords Defecto Routers

Chapter 7 Passwords - cdn.ttgtmedia.comcdn.ttgtmedia.com/.../HackingforDummiesCh07.pdf · Chapter 7 Passwords ... Therefore, passwords are one of the weakest links in ... This includes

Passwords & security

Passwords Issa

passwords and passphrases

Kanishka_3D Passwords

Passwords and You CREATING AND MAINTAINING SECURE PASSWORDS.

8 login passwords

PDF Passwords-Eltima

Using Hamiltonian Totems as Passwords Abstract 1 Visual passwords

graphical passwords

Passwords & corresponding accounts

Perfect Passwords

Handsworth Grange Passwords

Passwords 101

Passwords And Security

Default Router Passwords

Passwords Das Cartas

Strong Passwords