Abstract
Keyboard patterns are widely used in password construction, as they can be easily memorized with the aid of positions on the keyboard. Consequently, keyboard-pattern-based passwords has being the target in many dictionary attack models. However, most of the existing researches relies only on recognition methods defining keyboard pattern structures empirically or even manually. As a result, only those infamous keyboard patterns such as qwerty are recognized and many potential structures are not specified. Besides, there are limited studies focusing on the characteristics of keyboard patterns.
In this paper, we deal with the problem of recognizing and analyzing keyboard patterns in a systematic approach. Firstly, we put forward a general recognition method that can pick out keyboard patterns form passwords automatically. Next, a comprehensive study of keyboard pattern characteristics is presented, which reveals a great deal of amazing facts about the preference for passwords based on keyboard patterns, such as: (1) More than half of the pattern-based passwords are completely composed by keyboard patterns; (2) The frequency distribution of the keyboard patterns satisfies the PDF-Zipf model; (3) Users prefer to use keyboard patterns consisted by horizontal continuous keys or those characters whose physical location are on the upper left of the keyboard. We further evaluate the security of keyboard-pattern-based passwords by employing the PCFG-base cracking technique. The experimental results indicate that the keyboard patterns can reduce the security of passwords.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bonneau, J.: The science of guessing: analyzing an anonymized corpus of 70 million passwords. In: 2012 IEEE Symposium on Security and Privacy, pp. 538–552 (2012)
Bonneau, J., Herley, C., Van Oorschot, P.C., Stajano, F.: Passwords and the evolution of imperfect authentication. Commun. ACM 58(7), 78–87 (2015)
Chou, H.C., Lee, H.C., Hsueh, C.W., Lai, F.P.: Password cracking based on special keyboard patterns. Int. J. Innov. Comput. Inf. Control 8(1(A)), 387–402 (2012)
Deng, G., Yu, X., Guo, H.: Efficient password guessing based on a password segmentation approach. In: 2019 IEEE Global Communications Conference (GLOBECOM), pp. 1–6 (2019)
Grassi, P.A., et al.: Digital identity guidelines-authentication and lifecycle management. National Institute of Standards and Technology (2020)
Han, W., Xu, M., Zhang, J., Wang, C., Zhang, K., Wang, X.S.: TransPCFG : transferring the grammars from short passwords to guess long passwords effectively. IEEE Trans. Inf. Forensics Secur. 16(pp), 451–465 (2021)
Houshmand, S., Aggarwal, S., Flood, R.: Next gen PCFG password cracking. IEEE Trans. Inf. Forensics Secur. 10(8), 1776–1791 (2015)
Kävrestad, J., Zaxmy, J., Nohlberg, M.: Analyzing the usage of character groups and keyboard patterns in password creation. Inf. Comput. Secur. 28(3), 347–358 (2020)
Li, J., Zeigler, E., Holland, T., Papamichail, D., Greco, D., Grabentein, J., Liang, D.: Common passwords and common words in passwords. In: World Conference on Information Systems and Technologies, pp. 818–827 (2020)
Li, Z., Han, W., Xu, W.: A large-scale empirical analysis of Chinese web passwords. In: SEC 2014 Proceedings of the 23rd USENIX Conference on Security Symposium, pp. 559–574 (2014)
Ma, J., Yang, W., Luo, M., Li, N.: A study of probabilistic password models. In: 2014 IEEE Symposium on Security and Privacy, pp. 689–704 (2014)
Pearman, S., et al.: Let’s go in for a closer look: observing passwords in their natural habitat. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 295–310 (2017)
Schweitzer, D., Boleng, J., Hughes, C., Murphy, L.: Visualizing keyboard pattern passwords. Inf. Vis. 10(2), 127–133 (2011)
Wang, C., Jan, S.T., Hu, H., Bossart, D., Wang, G.: The next domino to fall: empirical analysis of user passwords across online services. In: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy, pp. 196–203 (2018)
Wang, D., Cheng, H., Wang, P., Huang, X., Jian, G.: Zipf’s law in passwords. IEEE Trans. Inf. Forensics Secur. 12(11), 2776–2791 (2017)
Wang, D., Wang, P., He, D., Tian, Y.: Birthday, name and bifacial-security: understanding passwords of Chinese web users. In: SEC 2019 Proceedings of the 28th USENIX Conference on Security Symposium, pp. 1537–1554 (2019)
Wang, D., Zhang, Z., Wang, P., Yan, J., Huang, X.: Targeted online password guessing: an underestimated threat. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1242–1254 (2016)
Weir, M., Aggarwal, S., de Medeiros, B., Glodek, B.: Password cracking using probabilistic context-free grammars. In: 2009 IEEE Symposium on Security and Privacy, pp. 391–405 (2009)
Wheeler, D.L.: zxcvbn: Low-budget password strength estimation. In: SEC 2016 Proceedings of the 25th USENIX Conference on Security Symposium, pp. 157–173 (2016)
Zhang, Y., Xian, H., Yu, A.: CSNN: password guessing method based on Chinese syllables and neural network. Peer-to-Peer Netw. Appl. 13(6), 2237–2250 (2020). https://doi.org/10.1007/s12083-020-00893-7
Acknowledgments
This work is supported by the National Natural Science Foundation of China (Grant Nos. 62172433, 61862011, 61872449, 61772548), and Guangxi Natural Science Foundation (Grant Nos. 2018GXNSFAA138116).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Yang, K., Hu, X., Zhang, Q., Wei, J., Liu, W. (2021). Studies of Keyboard Patterns in Passwords: Recognition, Characteristics and Strength Evolution. In: Gao, D., Li, Q., Guan, X., Liao, X. (eds) Information and Communications Security. ICICS 2021. Lecture Notes in Computer Science(), vol 12918. Springer, Cham. https://doi.org/10.1007/978-3-030-86890-1_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-86890-1_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-86889-5
Online ISBN: 978-3-030-86890-1
eBook Packages: Computer ScienceComputer Science (R0)