short-paper

Hacking Passwords that Satisfy Common Password Policies: Hacking Passwords

Authors:
Richard Beno

University of Glasgow, Scotland

University of Glasgow, Scotland
View Profile

,
Ron Poet

University of Glasgow, Scotland

University of Glasgow, Scotland
View Profile

SIN 2020: 13th International Conference on Security of Information and NetworksNovember 2020Article No.: 13Pages 1–3https://doi.org/10.1145/3433174.3433616

Published:01 February 2021Publication History

SIN 2020: 13th International Conference on Security of Information and Networks

Pages 1–3

ABSTRACT

The password policies for 14 popular websites were checked and a list of passwords that satisfied the minimal requirements created for each website. 58 users then created realistic passwords that satisfied the minimal requirements. A special purpose cracking computer was built to crack these passwords using dictionary and brute-force attacks. All minimal passwords were cracked and it was found that weaker password policies produced weaker realistic passwords. It is recommended that password policies increase the minimal length to 8 characters, require a more diverse alphabet, prevent simple passwords based on repetitions and sequences, and check a database of already hacked passwords.

References

Data Security Standard: Requirements and Security Assessment Procedures. PCI. [Online] May 2018. https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf?agreement=true&time=1600413523640.Google Scholar
Baykara, S.What Are the PCI DSS Password Requirements? [Online] 19 April 2020. https://www.pcidssguide.com/what-are-the-pci-dss-password-requirements/.Google Scholar
Rawlings, R.Here Are the Most Popular Passwords of 2019. NordPass. [Online] 19 April 2020. https://nordpass.com/blog/top-worst-passwords-2019/24.Google Scholar
Nvidia.CUDA Zone. Nvidia. [Online] https://developer.nvidia.com/cuda-zone.Google Scholar
Hunt, T.Passwords. Have I been pwned? [Online] 20 Sep 2020. https://haveibeenpwned.com/Passwords.Google Scholar

Index Terms

Hacking Passwords that Satisfy Common Password Policies: Hacking Passwords

Index terms have been assigned to the content through auto-classification.

Recommendations

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
SIN 2020: 13th International Conference on Security of Information and Networks
November 2020
220 pages
ISBN:9781450387514
DOI:10.1145/3433174
Editors:
Berna Örs,
Atilla Elçi
Copyright © 2020 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 1 February 2021
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
GPU
password cracking
Qualifiers
- short-paper
- Research
- Refereed limited
Conference

Acceptance Rates
Overall Acceptance Rate102of289submissions,35%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 0
  Total Citations
  View Citations
- 322
  Total Downloads
- Downloads (Last 12 months)49
- Downloads (Last 6 weeks)6
Other Metrics
View Author Metrics
Cited By
This publication has not been cited yet

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format .

View HTML Format

Hacking Passwords that Satisfy Common Password Policies: Hacking Passwords

SIN 2020: 13th International Conference on Security of Information and Networks

ABSTRACT

References

Cited By

Index Terms

Recommendations

Pocket Password Book (Password): A discreet internet password organizer

Password Book: Password Journals A-Z Tabs, The Personal Internet Address Log, Organizer Book, Website Password Log Book Directory, Diary, ... Cover Volume 1.

Password Book: Password Journal / Password Organizer / Password Keeper / Internet Usernames and Passwords / Internet Password Logbook A Passkey Log ... seamless pattern collection) (Volume 48)

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

HTML Format

Caption

Hacking Passwords that Satisfy Common Password Policies: Hacking Passwords

SIN 2020: 13th International Conference on Security of Information and Networks

ABSTRACT

References

Cited By

Index Terms

Recommendations

Pocket Password Book (Password): A discreet internet password organizer

Password Book: Password Journals A-Z Tabs, The Personal Internet Address Log, Organizer Book, Website Password Log Book Directory, Diary, ... Cover Volume 1.

Password Book: Password Journal / Password Organizer / Password Keeper / Internet Usernames and Passwords / Internet Password Logbook A Passkey Log ... seamless pattern collection) (Volume 48)

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

HTML Format

Share this Publication link

Share on Social Media