TY - JOUR
T1 - How viable is password cracking in digital forensic investigation? Analyzing the guessability of over 3.9 billion real-world accounts
AU - Kanta, Aikaterini
AU - Coray, Sein
AU - Coisel, Iwen
AU - Scanlon, Mark
N1 - Publisher Copyright:
© 2021 The Authors
PY - 2021/7/1
Y1 - 2021/7/1
N2 - Passwords have been and still remain the most common method of authentication in computer systems. These systems are therefore privileged targets of attackers, and the number of data breaches in the last few years attests to that. A detailed analysis of such data can provide insight on password trends and patterns users follow when they create a password. To this end, this paper presents the largest and most comprehensive analysis of real-world passwords to date – associated with over 3.9 billion accounts from Have I Been Pwned. This analysis includes statistics on use and most common patterns found in passwords and innovates with a breakdown of the constituent fragments that make each password. Furthermore, a classification of these fragments according to their semantic meaning, provides insight on the role of context in password selection. Finally, we provide an in-depth analysis on the guessability of these real-world passwords.
AB - Passwords have been and still remain the most common method of authentication in computer systems. These systems are therefore privileged targets of attackers, and the number of data breaches in the last few years attests to that. A detailed analysis of such data can provide insight on password trends and patterns users follow when they create a password. To this end, this paper presents the largest and most comprehensive analysis of real-world passwords to date – associated with over 3.9 billion accounts from Have I Been Pwned. This analysis includes statistics on use and most common patterns found in passwords and innovates with a breakdown of the constituent fragments that make each password. Furthermore, a classification of these fragments according to their semantic meaning, provides insight on the role of context in password selection. Finally, we provide an in-depth analysis on the guessability of these real-world passwords.
KW - Context-based password cracking
KW - Password security
KW - Password strength meters
KW - Password-based authentication
UR - http://www.scopus.com/inward/record.url?scp=85112518199&partnerID=8YFLogxK
U2 - 10.1016/j.fsidi.2021.301186
DO - 10.1016/j.fsidi.2021.301186
M3 - Article
AN - SCOPUS:85112518199
SN - 2666-2825
VL - 37
JO - Forensic Science International: Digital Investigation
JF - Forensic Science International: Digital Investigation
M1 - 301186
ER -