Netinfo Security ›› 2015, Vol. 15 ›› Issue (12): 42-47.doi: 10.3969/j.issn.1671-1122.2015.12.007

Previous Articles     Next Articles

Quantitative Analysis and Create Policy of Password Based on Real Dataset

WANG Xiuli()   

  1. School of Information, Central University of Finance and Economics, Beijing 100081, China
  • Received:2015-11-10 Online:2015-12-20 Published:2016-01-04

Abstract:

For the serials of massive password leaks, an attacker can obtain user password more and more easily. Using the real password which reflecting user behavior tendency, an attacker can greatly improve their attack efficiency. Password creation policy which was used for restrict user behavior is an important means to improve user password security. It enable password set by the user tending to be uniform in the overall spatial distribution in order to improve resistance to guess and attack the user's password. Based on a large-scale data set, this paper makes a quantitative analysis on domestic user password security and memorability, thus puts forward to create the rules that according to the behavior of the user setting password and password history which dynamically constraints the user's behavior. The password should comprise at least seven numbers if using a digital password. The number of password characters is not six or eight if using uppercase and lowercase combination. The length of uppercase and special character combination should be nine. The password is good in both high safety and high memorability if respectively using lowercase, uppercase and lowercase combination, and uppercase and special character combination. The threshold of password memorability and safety is 14.21 and 19.17 respectively. The password should conduct dictionary check. The experimental results show that, under the constraint of the password creation rules, user password has the advantages of high safety and high memorability.

Key words: password, quantitative analysis, memorability, password strength, create policy

CLC Number: