TY - GEN
T1 - A password strength evaluation algorithm based on sensitive personal information
AU - Cui, Xinchun
AU - Li, Xueqing
AU - Qin, Yiming
AU - Yong, Ding
N1 - Publisher Copyright:
© 2020 IEEE.
PY - 2020/12
Y1 - 2020/12
N2 - Many Internet service providers are still using traditional password strength evaluation methods, resulting in user passwords being vulnerable to social engineering attacks. We believe that the password strength evaluation method based on sensitive personal information has great research value for improving the security of password authentication system. In this paper, we use the structure segmentation algorithm and the bidirectional matching algorithm to investigate how users' personal information is used in passwords. Then, we present a sensitivity personal information coverage evaluation function that represents the correlation between users' password and their personal information. Finally, a password strength evaluation method based on sensitive personal information is proposed. This method is composed of three stages: preprocessing stage, prediction dictionary generation stage and password strength evaluation stage.
AB - Many Internet service providers are still using traditional password strength evaluation methods, resulting in user passwords being vulnerable to social engineering attacks. We believe that the password strength evaluation method based on sensitive personal information has great research value for improving the security of password authentication system. In this paper, we use the structure segmentation algorithm and the bidirectional matching algorithm to investigate how users' personal information is used in passwords. Then, we present a sensitivity personal information coverage evaluation function that represents the correlation between users' password and their personal information. Finally, a password strength evaluation method based on sensitive personal information is proposed. This method is composed of three stages: preprocessing stage, prediction dictionary generation stage and password strength evaluation stage.
KW - Data mining
KW - Information security
KW - Password authentication
KW - Password strength evaluation method
UR - https://www.scopus.com/pages/publications/85101282359
U2 - 10.1109/TrustCom50675.2020.00211
DO - 10.1109/TrustCom50675.2020.00211
M3 - 会议稿件
AN - SCOPUS:85101282359
T3 - Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020
SP - 1542
EP - 1545
BT - Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020
A2 - Wang, Guojun
A2 - Ko, Ryan
A2 - Bhuiyan, Md Zakirul Alam
A2 - Pan, Yi
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020
Y2 - 29 December 2020 through 1 January 2021
ER -