Password Patterns- An Analysis

Post on 27-May-2015

373 views 4 download

Preview:

Click to see full reader

Tags:

Report this document
SHARE

transcript

1

Password Patterns – An Analysis

Dr. Emin Islam Tatlı

Twitter: @eitatli

tatli@architectingsecurity.com

25 April 2012

2

Password Patterns – An AnalysisOverview

1. Password Fiasco (Leakage of more than 32 M plain text passwords)

2. Password Analysis - Imperva

3. Password Analysis – Password Patterns

4. Conclusion

3

Password Leakagerockyou.com hacked

* Referenced from http://techcrunch.com

4

Password Leakagerockyou.com plaintext password are online

5

Password PatternsFTC fines RockYou

6

Password AnalysisAnalysis of Imperva - Distribution•Consumer Password Worst Practices:

http://www.imperva.com/docs/WP_Consumer_Password_Worst_Practices.pdf

7

Password AnalysisAnalysis of Imperva – Key Findings

8

Password AnalysisAnalysis of Imperva – Common Passwords

9

Password PatternsPassword Complexity

What about security of

z6iFk#rdlr vs. TØpsecret.

???

Randomly generated Consists of certain patterns

(e.g. dictionary word, ending

with “.”)

10

Password PatternsThe Analysis

• Dual and Triple Concatenation of [:alpha:], [:digit:] and [:punct:] characters

• Replacement of [:alpha:] => [:digit:] and [:punct:]

• Special patterns

• Frequency of the Symbols

11

Password Patterns[:alpha:], [:digit:] and [:punct:] characters

12

Password PatternsNo Concatenation

13

Password PatternsDual Concatenation

14

Password PatternsDual Concatenation – cont.

15

Password PatternsTriple Concatenation

16

Password PatternsReplacement Pattern

17

Password PatternsSome Special Patterns

18

Password PatternsFrequency of the Symbols

19

Password PatternsPassword Cracking - Methods

• Brute-Force Attacks

• Dictionary Attacks

20

Password PatternsPassword Cracking – Tools - I

21

Password PatternsPassword Cracking – Tools - II

22

Password PatternsThe Results in Conclusion

•The most commonly used dual concatenation of alpha-digit-punct characters is

“alpha+digit” with 30%.

•The most commonly used triple concatenation of alpha-digit-punct characters is

“alpha+punct+digit” with 0.57%.

•For the replacement pattern, replacing the letter i or l with the number “1” is the

most commonly used pattern.

•The most commonly used special character is . (point).

•Password patterns might be the next generation of dictionary attacks.

•Do not choose and use any password based on a common pattern.

23

•Password Patterns:

http://www.architectingsecurity.com/2010/09/11/password-patterns/

References

Top related

User password repetitive patterns analysis and visualizationpeople.cst.cmich.edu/liao1q/papers/ics-06-2015-0026.pdf · password repetitive patterns 93 Received24June2015 Revised24June2015
Documents
The Pattern-richness of Graphical Passwords...graphical password security. Index Terms—Information security, graphical pass-words, password patterns, user authentication, user study.
Documents
Analysis of Microsoft Office Password Protection System,
Documents
Security Analysis on Password
Documents
Your Culture is in Your Password: An Analysis of a ...
Documents
How to change your Office 365 Password - Villanova College · § qwertyuiop (and other keypress patterns) Title: Microsoft Word - BYOD change password instructions.docx Created Date:
Documents
The Analysis of Patterns
Documents
Password Patterns - The Hillside Group - A group …hillside.net/.../EuroPLoP2002/2002_RiehleEtAl_PasswordPatterns.pdfPassword Patterns This is a set of ... Joe Bergin Is this pattern
Documents
Chromosome Analysis: Banding Patterns and Structural ...
Documents
FOREX - TECHNICAL ANALYSIS: PRICE PATTERNS (3.2)
Documents
Stochastic Turing patterns: analysis of compartment-based ...people.maths.ox.ac.uk/erban/papers/BMBturing.pdf · Stochastic Turing patterns: analysis of compartment-based approaches
Documents
Case Study: Source Code Analysis of a Password ...
Documents
QUANTITATIVE ANALYSIS OF VEGETATION PATTERNS AND …
Documents
Embedded Decision Analysis: Systems Design Patterns
Education
Delgado - Forex: Technical Analysis; Chart Patterns.
Documents
Patterns and Reuse. Patterns Reuse of Analysis and Design.
Documents
Crop planting dates: an analysis of global patterns planting dates: an analysis of global patterns ... Calculation of climate variables and summary ... an analysis of global patterns
Documents
The Emperor’s New Password Manager: Security Analysis of ... · The Emperor’s New Password Manager: Security Analysis of Web-based Password Managers Zhiwei Li, Warren He, Devdatta
Documents
A Design and Analysis of Graphical Password
Documents
Hitachi ID Password Manager Security Analysis
Technology

Copyright © 2018 DOCUMENTS