Targeted online password guessing : an underestimated threat
- Submitting institution
-
The University of Lancaster
- Unit of assessment
- 11 - Computer Science and Informatics
- Output identifier
- 159792869
- Type
- E - Conference contribution
- DOI
-
10.1145/2976749.2978339
- Title of conference / published proceedings
- CCS '16 Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security
- First page
- 1242
- Volume
- -
- Issue
- -
- ISSN
- -
- Open access status
- -
- Month of publication
- October
- Year of publication
- 2016
- URL
-
-
- Supplementary information
-
-
- Request cross-referral to
- -
- Output has been delayed by COVID-19
- No
- COVID-19 affected output statement
- -
- Forensic science
- No
- Criminology
- No
- Interdisciplinary
- No
- Number of additional authors
-
4
- Research group(s)
-
I - Security
- Citation count
- 94
- Proposed double-weighted
- No
- Reserve for an output with double weighting
- No
- Additional information
- Using targeted personal information to guess passwords is known to be highly effective. However, its generalization as a scientific technique has remained elusive. Appearing in ACM CCS’16, a top-tier security conference, the paper constitutes foundational work in establishing the effective use of probabilistic distributions on personal data. Our new algorithms, with 100 guesses per account, achieve avg success rates ~70% against normal users, and ~30% against security-savvy users. Impact: (rapidly growing) citation count but perhaps more strikingly, NIST in the USA have revised part of SP 800-63-3 Digital Authentication Guideline, and invited our further comments on SP 800-63B etc.
- Author contribution statement
- -
- Non-English
- No
- English abstract
- -
