Malone, David and Maher, Kevin
Investigating the Distribution of Password Choices.
WWW '12 Proceedings of the 21st international conference on World Wide Web.
ACM, New York, pp. 301-310.
In this paper we will look at the distribution
with which passwords are chosen. Zipf’s Law
is commonly observed in lists of chosen words.
Using password lists from four different on-
line sources, we will investigate if Zipf’s law is
a good candidate for describing the frequency
with which passwords are chosen. We look at a
number of standard statistics, used to measure
the security of password distributions, and see
if modelling the data using Zipf’s Law produces
good estimates of these statistics. We then look
at the the similarity of the password distribu-
tions from each of our sources, using guessing
as a metric. This shows that these distributions
provide effective tools for cracking passwords.
Finally, we will show how to shape the distribu-
tion of passwords in use, by occasionally asking
users to choose a different password.
Repository Staff Only(login required)
||Item control page