Abstract
Passwords have been widely used in online authentication, and they form the front line that protects our data security and privacy. But the security of password may be easily harmed by insecure password generator. Massive reports state that users are always keen to generate new passwords by reusing or fine-tuning old secrets. Once an old password is leaked, the users may suffer from credential tweaking attacks. We propose a password reuse model PassTrans and simulate credential tweaking attacks. We evaluate the performance in leaked password datasets, and the results show that 67.51% of accounts is breakable under 1,000 guesses, indicating our model is accurate in capturing password reuse behavior.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the ICASSP 2022 - 2022 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) |
| Place of Publication | Piscataway |
| Publisher | IEEE |
| Pages | 3044-3048 |
| Number of pages | 5 |
| ISBN (Electronic) | 978-1-6654-0540-9 |
| ISBN (Print) | 978-1-6654-0541-6 |
| DOIs | |
| Publication status | Published - 2022 |
| Event | ICASSP 2022 - 2022 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) - Singapore, Singapore Duration: 23 May 2022 → 27 May 2022 |
Conference
| Conference | ICASSP 2022 - 2022 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) |
|---|---|
| Country/Territory | Singapore |
| City | Singapore |
| Period | 23/05/22 → 27/05/22 |
Bibliographical note
Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-careOtherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.
Keywords
- credential tweaking attack
- password model
- password reuse
- similarity