ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2016, Vol. 53 ›› Issue (10): 2173-2188.doi: 10.7544/issn1000-1239.2016.20160483

Special Issue: 2016网络空间共享安全研究进展专题

Previous Articles     Next Articles

Advances in Password Security

Wang Ping1,3, Wang Ding1, Huang Xinyi2   

  1. 1(School of Electronics Engineering and Computer Science, Peking University, Beijing 100871); 2(School of Mathematics and Computer Science, Fujian Normal University, Fuzhou 350117); 3(School of Software and Microelectronics, Peking University, Beijing 102600)
  • Online:2016-10-01

Abstract: Identity authentication is the first line of defense for information systems, and passwords are the most widely used authentication method. Though there are a number of issues in passwords regarding security and usability, and various alternative authentication methods have also been successively proposed, password-based authentication will remain the dominant method in the foreseeable future due to its simplicity, low cost and easiness to change. Thus, this topic has attracted extensive interests from worldwide researchers, and many important results have been revealed. This work begins with the introduction of users’ vulnerable behaviors and details the password characteristics, distribution and reuse rate. Next we summarize the primary cracking algorithms that have appeared in the past 30 years, and classify them into groups in terms of the difference in dependence on what information is exploited by the attacker. Then, we revisit the various statistical-based evaluation metrics for measuring the strength of password distributions. Further, we compare the state-of-the-art password strength meters. Finally, we summarize our results and outline some future research trends.

Key words: identity authentication, password security, vulnerable behavior, guessing attack, strength evaluation

CLC Number: