Human-Generated and Machine-Generated Ratings of Password Strength: What Do Users Trust More?

Alqahtani, Saeed Ibrahim; Li, Shujun; Yuan, Haiyue; Rusconi, Patrice

doi:10.4108/eai.13-7-2018.162797

Cited by 3 publications

(2 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A common approach to evaluate a password in terms of its strength level is passwords rating. In [24] the authors categorized the techniques of the password strength rating into two major categories: 1-machine ratings and 2-human ratings. After that, they implemented a survey to measure how such ratings affect users' trust.…”

Section: Related Workmentioning

confidence: 99%

Introducing a Machine Learning Password Metric Based on EFKM Clustering Algorithm

Almousa

Migdady

2022

Int. j. commun. netw. inf. secur.

View full text Add to dashboard Cite

we introduce a password strength metric using Enhanced Fuzzy K-Means clustering algorithm (EFKM henceforth). The EFKM is trained on the OWASP list of 10002 weak passwords. After that, the optimized centroids are maximized to develop a password strength metric. The resulting meter was validated by contrasting with three entropy-based metrics using two datasets: the training dataset (OWASP) and a dataset that we collected from github website that contains 5189451 leaked passwords. Our metric is able to recognize all the passwords from the OWASP as weak passwords only. Regarding the leaked passwords, the metric recognizes almost the entire set as weak passwords. We found that the results of the EFKM-based metric and the entropy-based meters are consistent. Hence the EFKM metric demonstrates its validity as an efficient password strength checker.

show abstract

Section: Related Workmentioning

confidence: 99%

Introducing a Machine Learning Password Metric Based on EFKM Clustering Algorithm

Almousa

Migdady

2022

Int. j. commun. netw. inf. secur.

View full text Add to dashboard Cite

show abstract

“…One source of the weak password problem is the conflict of security and usability of passwords: stronger passwords tend to be harder to remember, and easier-to-remember passwords tend to be easier to crack [16,18]. Human users tend to have different insecure behaviours around password creation, e.g., the mismatch between human users' misperception of a password's strength and its actual strength can lead to creation of weak passwords [1,18], and many users choose to reuse the same password across multiple accounts [12]. Such weak passwords have led to repeated leakage of passwords from many websites, including some very large-scale incidents.…”

Section: Introductionmentioning

confidence: 99%