Password Patterns- An Analysis

587 views

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
587
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
8
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Password Patterns- An Analysis

  1. 1. Password Patterns – An Analysis Dr. Emin Islam Tatlı Twitter: @eitatli tatli@architectingsecurity.com 25 April 2012 1
  2. 2. Password Patterns – An AnalysisOverview1. Password Fiasco (Leakage of more than 32 M plain text passwords)2. Password Analysis - Imperva3. Password Analysis – Password Patterns4. Conclusion 2
  3. 3. Password Leakagerockyou.com hacked * Referenced from http://techcrunch.com 3
  4. 4. Password Leakagerockyou.com plaintext password are online 4
  5. 5. Password PatternsFTC fines RockYou 5
  6. 6. Password AnalysisAnalysis of Imperva - Distribution•Consumer Password Worst Practices:http://www.imperva.com/docs/WP_Consumer_Password_Worst_Practices.pdf 6
  7. 7. Password AnalysisAnalysis of Imperva – Key Findings 7
  8. 8. Password AnalysisAnalysis of Imperva – Common Passwords 8
  9. 9. Password PatternsPassword Complexity What about security of z6iFk#rdlr vs. TØpsecret. ??? Randomly generated Consists of certain patterns (e.g. dictionary word, ending with “.”) 9
  10. 10. Password PatternsThe Analysis• Dual and Triple Concatenation of [:alpha:], [:digit:] and [:punct:] characters• Replacement of [:alpha:] => [:digit:] and [:punct:]• Special patterns• Frequency of the Symbols 10
  11. 11. Password Patterns[:alpha:], [:digit:] and [:punct:] characters 11
  12. 12. Password PatternsNo Concatenation 12
  13. 13. Password PatternsDual Concatenation 13
  14. 14. Password PatternsDual Concatenation – cont. 14
  15. 15. Password PatternsTriple Concatenation 15
  16. 16. Password PatternsReplacement Pattern 16
  17. 17. Password PatternsSome Special Patterns 17
  18. 18. Password PatternsFrequency of the Symbols 18
  19. 19. Password PatternsPassword Cracking - Methods• Brute-Force Attacks• Dictionary Attacks 19
  20. 20. Password PatternsPassword Cracking – Tools - I 20
  21. 21. Password PatternsPassword Cracking – Tools - II 21
  22. 22. Password PatternsThe Results in Conclusion•The most commonly used dual concatenation of alpha-digit-punct characters is“alpha+digit” with 30%.•The most commonly used triple concatenation of alpha-digit-punct characters is“alpha+punct+digit” with 0.57%.•Forthe replacement pattern, replacing the letter i or l with the number “1” is themost commonly used pattern.•The most commonly used special character is . (point).•Password patterns might be the next generation of dictionary attacks.•Do not choose and use any password based on a common pattern. 22
  23. 23. References•PasswordPatterns:http://www.architectingsecurity.com/2010/09/11/password-patterns/ 23

×