Malone, David and Maher, Kevin (2012) Investigating the Distribution of Password Choices. In: WWW '12 Proceedings of the 21st international conference on World Wide Web. ACM, New York, pp. 301-310. ISBN 978-1-4503-1229-5

Download (812kB)

Abstract

In this paper we will look at the distribution with which passwords are chosen. Zipf’s Law is commonly observed in lists of chosen words. Using password lists from four different on- line sources, we will investigate if Zipf’s law is a good candidate for describing the frequency with which passwords are chosen. We look at a number of standard statistics, used to measure the security of password distributions, and see if modelling the data using Zipf’s Law produces good estimates of these statistics. We then look at the the similarity of the password distribu- tions from each of our sources, using guessing as a metric. This shows that these distributions provide effective tools for cracking passwords. Finally, we will show how to shape the distribu- tion of passwords in use, by occasionally asking users to choose a different password.

Item Type:	Book Section
Additional Information:	Preprint version of original published paper. The definitive version of this paper is published in the WWW '12 Proceedings of the 21st international conference on World Wide Web (2012) doi>10.1145/2187836.2187878
Keywords:	Distribution; Password Choices; Zipf’s Law;
Academic Unit:	Faculty of Science and Engineering > Research Institutes > Hamilton Institute
Item ID:	3754
Depositing User:	Dr. David Malone
Date Deposited:	13 Jun 2012 15:25
Publisher:	ACM
Refereed:	No
URI:	http://www.acm.org/ http://www.hamilton.ie/
Use Licence:	This item is available under a Creative Commons Attribution Non Commercial Share Alike Licence (CC BY-NC-SA). Details of this licence are available here

Repository Staff Only(login required)

Item control page

Downloads

Origin of downloads