Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Studies of Keyboard Patterns in Passwords: Recognition, Characteristics and Strength Evolution

  • Conference paper
  • First Online:
Information and Communications Security (ICICS 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12918))

Included in the following conference series:

Abstract

Keyboard patterns are widely used in password construction, as they can be easily memorized with the aid of positions on the keyboard. Consequently, keyboard-pattern-based passwords has being the target in many dictionary attack models. However, most of the existing researches relies only on recognition methods defining keyboard pattern structures empirically or even manually. As a result, only those infamous keyboard patterns such as qwerty are recognized and many potential structures are not specified. Besides, there are limited studies focusing on the characteristics of keyboard patterns.

In this paper, we deal with the problem of recognizing and analyzing keyboard patterns in a systematic approach. Firstly, we put forward a general recognition method that can pick out keyboard patterns form passwords automatically. Next, a comprehensive study of keyboard pattern characteristics is presented, which reveals a great deal of amazing facts about the preference for passwords based on keyboard patterns, such as: (1) More than half of the pattern-based passwords are completely composed by keyboard patterns; (2) The frequency distribution of the keyboard patterns satisfies the PDF-Zipf model; (3) Users prefer to use keyboard patterns consisted by horizontal continuous keys or those characters whose physical location are on the upper left of the keyboard. We further evaluate the security of keyboard-pattern-based passwords by employing the PCFG-base cracking technique. The experimental results indicate that the keyboard patterns can reduce the security of passwords.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Bonneau, J.: The science of guessing: analyzing an anonymized corpus of 70 million passwords. In: 2012 IEEE Symposium on Security and Privacy, pp. 538–552 (2012)

    Google Scholar 

  2. Bonneau, J., Herley, C., Van Oorschot, P.C., Stajano, F.: Passwords and the evolution of imperfect authentication. Commun. ACM 58(7), 78–87 (2015)

    Article  Google Scholar 

  3. Chou, H.C., Lee, H.C., Hsueh, C.W., Lai, F.P.: Password cracking based on special keyboard patterns. Int. J. Innov. Comput. Inf. Control 8(1(A)), 387–402 (2012)

    Google Scholar 

  4. Deng, G., Yu, X., Guo, H.: Efficient password guessing based on a password segmentation approach. In: 2019 IEEE Global Communications Conference (GLOBECOM), pp. 1–6 (2019)

    Google Scholar 

  5. Grassi, P.A., et al.: Digital identity guidelines-authentication and lifecycle management. National Institute of Standards and Technology (2020)

    Google Scholar 

  6. Han, W., Xu, M., Zhang, J., Wang, C., Zhang, K., Wang, X.S.: TransPCFG : transferring the grammars from short passwords to guess long passwords effectively. IEEE Trans. Inf. Forensics Secur. 16(pp), 451–465 (2021)

    Google Scholar 

  7. Houshmand, S., Aggarwal, S., Flood, R.: Next gen PCFG password cracking. IEEE Trans. Inf. Forensics Secur. 10(8), 1776–1791 (2015)

    Article  Google Scholar 

  8. Kävrestad, J., Zaxmy, J., Nohlberg, M.: Analyzing the usage of character groups and keyboard patterns in password creation. Inf. Comput. Secur. 28(3), 347–358 (2020)

    Google Scholar 

  9. Li, J., Zeigler, E., Holland, T., Papamichail, D., Greco, D., Grabentein, J., Liang, D.: Common passwords and common words in passwords. In: World Conference on Information Systems and Technologies, pp. 818–827 (2020)

    Google Scholar 

  10. Li, Z., Han, W., Xu, W.: A large-scale empirical analysis of Chinese web passwords. In: SEC 2014 Proceedings of the 23rd USENIX Conference on Security Symposium, pp. 559–574 (2014)

    Google Scholar 

  11. Ma, J., Yang, W., Luo, M., Li, N.: A study of probabilistic password models. In: 2014 IEEE Symposium on Security and Privacy, pp. 689–704 (2014)

    Google Scholar 

  12. Pearman, S., et al.: Let’s go in for a closer look: observing passwords in their natural habitat. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 295–310 (2017)

    Google Scholar 

  13. Schweitzer, D., Boleng, J., Hughes, C., Murphy, L.: Visualizing keyboard pattern passwords. Inf. Vis. 10(2), 127–133 (2011)

    Article  Google Scholar 

  14. Wang, C., Jan, S.T., Hu, H., Bossart, D., Wang, G.: The next domino to fall: empirical analysis of user passwords across online services. In: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy, pp. 196–203 (2018)

    Google Scholar 

  15. Wang, D., Cheng, H., Wang, P., Huang, X., Jian, G.: Zipf’s law in passwords. IEEE Trans. Inf. Forensics Secur. 12(11), 2776–2791 (2017)

    Article  Google Scholar 

  16. Wang, D., Wang, P., He, D., Tian, Y.: Birthday, name and bifacial-security: understanding passwords of Chinese web users. In: SEC 2019 Proceedings of the 28th USENIX Conference on Security Symposium, pp. 1537–1554 (2019)

    Google Scholar 

  17. Wang, D., Zhang, Z., Wang, P., Yan, J., Huang, X.: Targeted online password guessing: an underestimated threat. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1242–1254 (2016)

    Google Scholar 

  18. Weir, M., Aggarwal, S., de Medeiros, B., Glodek, B.: Password cracking using probabilistic context-free grammars. In: 2009 IEEE Symposium on Security and Privacy, pp. 391–405 (2009)

    Google Scholar 

  19. Wheeler, D.L.: zxcvbn: Low-budget password strength estimation. In: SEC 2016 Proceedings of the 25th USENIX Conference on Security Symposium, pp. 157–173 (2016)

    Google Scholar 

  20. Zhang, Y., Xian, H., Yu, A.: CSNN: password guessing method based on Chinese syllables and neural network. Peer-to-Peer Netw. Appl. 13(6), 2237–2250 (2020). https://doi.org/10.1007/s12083-020-00893-7

    Article  Google Scholar 

Download references

Acknowledgments

This work is supported by the National Natural Science Foundation of China (Grant Nos. 62172433, 61862011, 61872449, 61772548), and Guangxi Natural Science Foundation (Grant Nos. 2018GXNSFAA138116).

Author information

Authors and Affiliations

  1. State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou, China

    Kunyu Yang, Xuexian Hu, Qihui Zhang & Jianghong Wei

  2. Guilin University of Electronic Technology, Guilin, China

    Wenfen Liu

Authors
  1. Kunyu Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xuexian Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Qihui Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jianghong Wei
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Wenfen Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xuexian Hu .

Editor information

Editors and Affiliations

  1. Singapore Management University, Singapore, Singapore

    Debin Gao

  2. Tsinghua University, Beijing, China

    Qi Li

  3. Xi'an Jiaotong University, Xi'an, China

    Xiaohong Guan

  4. Chongqing University, Chongqing, China

    Xiaofeng Liao

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Yang, K., Hu, X., Zhang, Q., Wei, J., Liu, W. (2021). Studies of Keyboard Patterns in Passwords: Recognition, Characteristics and Strength Evolution. In: Gao, D., Li, Q., Guan, X., Liao, X. (eds) Information and Communications Security. ICICS 2021. Lecture Notes in Computer Science(), vol 12918. Springer, Cham. https://doi.org/10.1007/978-3-030-86890-1_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-86890-1_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-86889-5

  • Online ISBN: 978-3-030-86890-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation