Most people do not realize how thin the safety net of regulation and inspection really is. In today's globalized economy, we cannot live without imported products. The results not only demonstrate feasibility of our framework, but also suggest guidelines for selecting passwords which are less likely to result in compromised authentication procedures. Participants never guessed the other password, however, even when cues were provided. The common English word was vulnerable to guessing, but only when cues about this word were provided. Participants were given 20 attempts to guess an eight-character password which was either a common English word or two unrelated words joined by a control character (eight characters in all). A pilot study confirmed the feasibility of this framework. A system manager might utilize results of guessability studies by encouraging users to avoid choosing passwords which are closely associated with account names or which have been shown to be highly vulnerable to guessing, or by not assigning passwords which are from vulnerable classes of passwords. This method can be used to develop metrics for guessability of classes of passwords. Hit rates (the percentage of passwords correctly guessed within a limited number of attempts) can then be obtained. People who attempt to guess more » what a password is can be provided with cues, such as what a password for another account in the system is or a nickname. The framework we propose is that computer security experts can conduct guessability studies on a large number of passwords which are candidates for assignment to users. If someone discovers one of a series of rule-based passwords, it is easier to guess other passwords. We assume that passwords are usually based on a simple rule. We have developed a framework for a methodology to estimate the guessability of passwords. This paper focuses on the most commonly used authentication procedure-use of passwords. AbstractNote = ,Ī major problem in computer security is intrusion into systems due to compromised authentication procedures.
0 Comments
Leave a Reply. |