How viable is password cracking in digital forensic investigation? Analyzing the guessability of over 3.9 billion real-world accounts

Aikaterini Kanta*, Sein Coray, Iwen Coisel, Mark Scanlon

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

51 Downloads (Pure)

Abstract

Passwords have been and still remain the most common method of authentication in computer systems. These systems are therefore privileged targets of attackers, and the number of data breaches in the last few years attests to that. A detailed analysis of such data can provide insight on password trends and patterns users follow when they create a password. To this end, this paper presents the largest and most comprehensive analysis of real-world passwords to date – associated with over 3.9 billion accounts from Have I Been Pwned. This analysis includes statistics on use and most common patterns found in passwords and innovates with a breakdown of the constituent fragments that make each password. Furthermore, a classification of these fragments according to their semantic meaning, provides insight on the role of context in password selection. Finally, we provide an in-depth analysis on the guessability of these real-world passwords.

Original languageEnglish
Article number301186
Number of pages11
JournalForensic Science International: Digital Investigation
Volume37
DOIs
Publication statusPublished - 1 Jul 2021

Keywords

  • Context-based password cracking
  • Password security
  • Password strength meters
  • Password-based authentication

Fingerprint

Dive into the research topics of 'How viable is password cracking in digital forensic investigation? Analyzing the guessability of over 3.9 billion real-world accounts'. Together they form a unique fingerprint.

Cite this