skip to main content
10.1145/1854099.1854113acmotherconferencesArticle/Chapter ViewAbstractPublication PagessinConference Proceedingsconference-collections
short-paper

The weak and the strong password preferences: a case study on turkish users

Published: 07 September 2010 Publication History

Abstract

Considering the computer authentication, any password shall not only be private to its owner but also be chosen as not to be predicted easily by others. The passwords used in authentication processes of any critical system should be strong as not to be cracked easily. In this context, the strong password choice gets significance for the general system security. This study aims to reveal the proper and improper properties on password preferences via examining the real samples. The method used in this work is first to gather the real passwords in plaintext, then to crack the encrypted forms of them and finally to investigate statistical queries on those passwords in order to distinguish the common weak and strong characteristics. As the case study, the experiments are conducted on real passwords of Turkish users in an actively running system. The results of the experiments are categorized for weak and strong passwords. Moreover, the common tendencies on password choice are evaluated.

References

[1]
F. Bergadano, B. Crispo, and G. Ruflo. High dictionary compression for proactive password checking. ACM Transactions on Information and System Security, 1(1):3--25, 1998.
[2]
M. Bishop and D. Klein. Improving system security via proactive password checking. Computers & Security, 14(3):223--249, 1995.
[3]
C. Blundo, P. D'Arco, A. D. Santis, and C. Galdi. Hyppocrates: a new proactive password checker. The Journal of Systems and Software, 71:163--175, 2004.
[4]
T. Chenoweth, R. Minch, and S. Tabor. User security behavior on wireless networks: An empirical study. In Proceedings of the 40th Hawaii International Conference on System Sciences, 2007.
[5]
T. Chenoweth, R. Minch, and S. Tabor. Wireless insecurity: examining user security behavior on public networks. Communications of the ACM, 53(2):134--138, February 2010.
[6]
M. Hertzum. Remembering multiple passwords by way of minimal-feedback hints: Replication and further analysis. In Proceedings of the Fourth Danish Human-Computer Interaction Research Symposium, pages 21--24, 2004.
[7]
P. Hoonakker, N. Bornoe, and P. Carayon. Password authentication from a human factors perspective: Results of a survey among end-users. In Proceedings of the Human Factors and Ergonomics Society, pages 459--463, 2009.
[8]
D. V. Klein. Foiling the cracker: A survey of, and improvements to, password security. In Proceedings of the USENIX Workshop on Security. USENIX Assoc., 1990.
[9]
I. Korkmaz. An Investigation of Password Security in Computer Systems. Master Thesis (in Turkish) at International Computer Institute at Ege University, Izmir, 2006.
[10]
W. Stallings. Cryptography and Network Security. Pearson Education, Inc., New Jersey, 2003.
[11]
S. tool Crack. ftp://ftp.cerias.purdue.edu/pub/tools/unix/pwdutils/crack/. accessed on April 2010.
[12]
S. tool John the Ripper. http://www.openwall.com/john/. accessed on April 2010.
[13]
J. Yan. A note on proactive password checking. In Proceedings of the ACM New Security Paradigms Workshop, pages 127--135. ACM, 2001.
[14]
J. Yan, A. Blackwell, R. Anderson, and A. Grant. The Memorability and Security of Passwords - Some Emprical Results. Technical Report No. 500, Computer Laboratory, University of Cambridge, 2000.

Cited By

View all
  • (2021)A Novel approach towards Implicit Authentication System by using Multi-share visual key Cryptography MechanismJournal of Physics: Conference Series10.1088/1742-6596/1963/1/0121411963:1(012141)Online publication date: 1-Jul-2021
  • (2021)A Study on Password Security Awareness in Constructing Strong PasswordsInternational Conference on Innovative Computing and Communications10.1007/978-981-16-2594-7_35(421-429)Online publication date: 18-Aug-2021
  • (2021)Authentication Mechanisms and Classification: A Literature SurveyIntelligent Computing10.1007/978-3-030-80129-8_69(1051-1070)Online publication date: 6-Jul-2021
  • Show More Cited By

Index Terms

  1. The weak and the strong password preferences: a case study on turkish users

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Other conferences
    SIN '10: Proceedings of the 3rd international conference on Security of information and networks
    September 2010
    286 pages
    ISBN:9781450302340
    DOI:10.1145/1854099
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    • Microsoft: Microsoft
    • RFBR: Russian Foundation for Basic Research

    In-Cooperation

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 07 September 2010

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. password checking
    2. password choice tendency
    3. password cracking
    4. security
    5. strong password
    6. weak password

    Qualifiers

    • Short-paper

    Conference

    SIN '10
    Sponsor:
    • Microsoft
    • RFBR
    SIN '10: 3rd International Conference of Security of Information and Networks
    September 7 - 11, 2010
    Rostov-on-Don, Taganrog, Russian Federation

    Acceptance Rates

    Overall Acceptance Rate 102 of 289 submissions, 35%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)11
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 13 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2021)A Novel approach towards Implicit Authentication System by using Multi-share visual key Cryptography MechanismJournal of Physics: Conference Series10.1088/1742-6596/1963/1/0121411963:1(012141)Online publication date: 1-Jul-2021
    • (2021)A Study on Password Security Awareness in Constructing Strong PasswordsInternational Conference on Innovative Computing and Communications10.1007/978-981-16-2594-7_35(421-429)Online publication date: 18-Aug-2021
    • (2021)Authentication Mechanisms and Classification: A Literature SurveyIntelligent Computing10.1007/978-3-030-80129-8_69(1051-1070)Online publication date: 6-Jul-2021
    • (2013)Strong passwords: Practical issues2013 IEEE 7th International Conference on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS)10.1109/IDAACS.2013.6662997(608-613)Online publication date: Sep-2013
    • (2011)An Empirical Study on the Web Password Strength in GreeceProceedings of the 2011 15th Panhellenic Conference on Informatics10.1109/PCI.2011.6(212-216)Online publication date: 30-Sep-2011

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media