i-manager Publications

Creating Secure Passwords through Personalized User Inputs

Bryan Joe*, Judith Johnsi J.**, Deepa C. M.***

*-*** Department of Computer Science, Indian School Al Maabela (ISAM), Muscat, Oman.

Periodicity:October - December'2024

Abstract

Individuals using various online services are increasingly concerned with securing and protecting their personal information from unauthorized access. There are numerous authentication systems available to safeguard data, with password-based authentication being one of the most common. Given the rise in information sharing, internet usage, e-commerce, and data transfer, ensuring the security and effectiveness of passwords has become crucial. However, the complexity of strong passwords leads to users forgetting them. To address this issue, this study proposes a novel algorithm for generating robust passwords, differing from existing random password generators. This study utilizes user-provided information to create passwords that are easier for users to remember. This system is tested with various synthetic input data and verified the strength of the generated passwords using four popular online password checkers. The results indicate that the passwords are highly reliable. Furthermore, this system effectively defends against two common types of password attacks: the dictionary attack and the brute force attack. This system is implemented in Python. The passwords generated by this system are not only easy for users to recall but also possess strong, secure characteristics that make them resistant to cracking attempts.

Keywords

Password Generator, Strong Password Pattern, Password Cracking, Password Entropy, Brute Force Attack, Dictionary Attack, Randomization Technique, Strength Checkers.

How to Cite this Article?

Joe, B., Johnsi, J. J., and Deepa, C. M. (2024). Creating Secure Passwords through Personalized User Inputs. i-manager’s Journal on Computer Science, 12(3), 39-48.

References

[1]. Abadi, M., Lomas, T. M., & Needham, R. (1997). Strengthening Passwords. Digital Equipment Corporation Systems Research Center [SRC].

[2]. Aggarwal, S., Houshmand, S., & Weir, M. (2018). New technologies in password cracking techniques. Cyber Security: Power and Technology (pp. 179-198).

[3]. Bojinov, H., Bursztein, E., Boyen, X., & Boneh, D. (2010). Kamouflage: Loss-resistant password management. In Computer Security–ESORICS 2010: 15th European Symposium on Research in Computer Security, Athens, Greece, September 20-22, 2010. Proceedings 15 (pp. 286-302). Springer Berlin Heidelberg.

[4]. Dell'Amico, M., Michiardi, P., & Roudier, Y. (2010, March). Password strength: An empirical analysis. In 2010 Proceedings IEEE INFOCOM (pp. 1-9). IEEE.

[5]. Dinesha, H. A., & Agrawal, V. K. (2012). Multi-dimensional password generation technique for accessing cloud services. International Journal on Cloud Computing: Services and Architecture, 2(3), 31-39.

[6]. Helkala, K., & Snekkenes, E. (2009). Password Generation and Search Space Reduction. Academy Publisher.

[7]. Herley, C., & Van Oorschot, P. (2011). A research agenda acknowledging the persistence of passwords. IEEE Security & Privacy, 10(1), 28-36.

[8]. Hitaj, B., Gasti, P., Ateniese, G., & Perez-Cruz, F. (2019). Passgan: A deep learning approach for password guessing. In Applied Cryptography and Network Security: 17th International Conference, ACNS 2019, Bogota, Colombia, June 5–7, 2019, Proceedings 17 (pp. 217-237). Springer International Publishing.

[9]. Houshmand, S., Aggarwal, S., & Flood, R. (2015). Next gen PCFG password cracking. IEEE Transactions on Information Forensics and Security, 10(8), 1776-1791.

[10]. Huh, J. H., Oh, S., Kim, H., Beznosov, K., Mohan, A., & Rajagopalan, S. R. (2015, October). Surpass: System-initiated user-replaceable passwords. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (pp. 170-181).

[11]. Inglesant, P. G., & Sasse, M. A. (2010, April). The true cost of unusable password policies: password use in the wild. In Proceedings of the Sigchi Conference on Human Factors in Computing Systems (pp. 383-392).

[12]. Kelley, P. G., Komanduri, S., Mazurek, M. L., Shay, R., Vidas, T., Bauer, L., & Lopez, J. (2012, May). Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. In 2012 IEEE Symposium on Security and Privacy (pp. 523-537). IEEE.

[13]. Kelsey, J., Schneier, B., Hall, C., & Wagner, D. (1997, September). Secure applications of low-entropy keys. In International Workshop on Information Security (pp. 121-134). Berlin, Heidelberg: Springer Berlin Heidelberg.

[14]. Komanduri, S., Shay, R., Kelley, P. G., Mazurek, M. L., Bauer, L., Christin, N., & Egelman, S. (2011, May). Of passwords and people: Measuring the effect of password-composition policies. In Proceedings of the Sigchi Conference on Human Factors in Computing Systems (pp. 2595-2604).

[15]. Manber, U. (1996). A simple scheme to make passwords based on one-way functions much harder to crack. Computers & Security, 15(2), 171-176.

[16]. Marechal, S. (2008). Advances in password cracking. Journal in Computer Virology, 4(1), 73-81.

[17]. Masui, T. (2018, May). Episodas: Das-based password generation using episodic memories. In Proceedings of the 2018 International Conference on Advanced Visual Interfaces (pp. 1-2).

[18]. Mazurek, M. L., Komanduri, S., Vidas, T., Bauer, L., Christin, N., Cranor, L. F., & Ur, B. (2013, November). Measuring password guessability for an entire university. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (pp. 173-186).

[19]. Mohammed, S. J. (2018). New algorithm of automatic complex password generator employing genetic algorithm. Journal of University of Babylon for Pure and Applied Sciences, 26(2), 295-302.

[20]. Sabzevar, A. P., & Stavrou, A. (2008, November). Universal multi-factor authentication using graphical passwords. In 2008 IEEE International Conference on Signal Image Technology and Internet Based Systems (pp. 625-632). IEEE.

[21]. Shay, R., Komanduri, S., Durity, A. L., Huh, P., Mazurek, M. L., Segreti, S. M., & Cranor, L. F. (2016). Designing password policies for strength and usability. ACM Transactions on Information and System Security (TISSEC), 18(4), 1-34.

[22]. Shay, R., Komanduri, S., Kelley, P. G., Leon, P. G., Mazurek, M. L., Bauer, L., & Cranor, L. F. (2010, July). Encountering stronger password requirements: User attitudes and behaviors. In Proceedings of the Sixth Symposium on Usable Privacy and Security (pp. 1-20).

[23]. Weir, M., Aggarwal, S., Collins, M., & Stern, H. (2010, October). Testing metrics for password creation policies by attacking large sets of revealed passwords. In Proceedings of the 17th ACM Conference on Computer and Communications Security (pp. 162-175).

[24]. Weir, M., Aggarwal, S., De Medeiros, B., & Glodek, B. (2009, May). Password cracking using probabilistic context-free grammars. In 2009 30th IEEE Symposium on Security and Privacy (pp. 391-405). IEEE.

[25]. Yang, W., Li, N., Chowdhury, O., Xiong, A., & Proctor, R. W. (2016, October). An empirical study of mnemonic sentence-based password generation strategies. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (pp. 1216-1229).

If you have access to this article please login to view the article or kindly login to purchase the article

Single Article

	North Americas,UK, Middle East,Europe		India	Rest of world
	USD	EUR	INR	USD-ROW
Online	15	15

ADD TO CART

Options for accessing this content:

If you would like institutional access to this content, please recommend the title to your librarian.
If you already have i-manager's user account: Login above and proceed to purchase the article.
New Users: Please register, then proceed to purchase the article.