Visualizing Keyboard Pattern Passwords
Date: October 2009 Publication: 6th International Workshop on Visualization for Cyber Security, VizSec 2009 Page(s): 69 - 73 Publisher: IEEE Source 1: http://cs.wheatoncollege.edu/~mgousie/comp401/amos.pdf Source 2: http://www.usafa.edu/df/dfe/dfer/centers/accr/docs/schweitzer2009a.pdf Source 3: http://dx.doi.org/10.1109/VIZSEC.2009.5375544 - Subscription or payment required Abstract or Summary:
Passwords are a fundamental security vulnerability in many systems. Several researchers have investigated the tradeoff between password memorability versus resiliency to cracking and have looked at alternative systems such as graphical passwords and biometrics. To create stronger passwords, many systems enforce rules regarding the required length and types of characters passwords must contain. Another suggested approach is to use passphrases to combat dictionary attacks. One common 'trick' used to remember passwords that conform to complex rules is to select a pattern of keys on the keyboard. While appearing random, the pattern is easy to remember. The purpose of this research was to investigate how often patterns are used, whether patterns could be classified into common categories, and whether those categories could be used to attack and defeat pattern-based passwords. Visualization techniques were used to collect data and assist in pattern categorization. The approach successfully identified two out of eleven passwords in a real-world password file that were not discovered with a traditional dictionary attack. This paper will present the approach used to collect and categorize patterns, and describe the resulting attack method that successfully identified passwords in a live system. Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.
<-- Back to Authentication Research Paper Index |