ABSTRACT
The password policies for 14 popular websites were checked and a list of passwords that satisfied the minimal requirements created for each website. 58 users then created realistic passwords that satisfied the minimal requirements. A special purpose cracking computer was built to crack these passwords using dictionary and brute-force attacks. All minimal passwords were cracked and it was found that weaker password policies produced weaker realistic passwords. It is recommended that password policies increase the minimal length to 8 characters, require a more diverse alphabet, prevent simple passwords based on repetitions and sequences, and check a database of already hacked passwords.
- Data Security Standard: Requirements and Security Assessment Procedures. PCI. [Online] May 2018. https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf?agreement=true&time=1600413523640.Google Scholar
- Baykara, S.What Are the PCI DSS Password Requirements? [Online] 19 April 2020. https://www.pcidssguide.com/what-are-the-pci-dss-password-requirements/.Google Scholar
- Rawlings, R.Here Are the Most Popular Passwords of 2019. NordPass. [Online] 19 April 2020. https://nordpass.com/blog/top-worst-passwords-2019/24.Google Scholar
- Nvidia.CUDA Zone. Nvidia. [Online] https://developer.nvidia.com/cuda-zone.Google Scholar
- Hunt, T.Passwords. Have I been pwned? [Online] 20 Sep 2020. https://haveibeenpwned.com/Passwords.Google Scholar
Index Terms
- Hacking Passwords that Satisfy Common Password Policies: Hacking Passwords
Comments