May 09, 2017

New metre to help users create better passwords

BYPankaj Mishra

US researchers have unveiled a new state-of-the-art password metre that offers real-time feedback and advice to help people create better passwords.
The new meter helps users to create stronger passwords that are no harder to remember than passwords created without the feedback.
“The key result is that providing the data-driven feedback actually makes a huge difference in security compared to just having a password labelled as weak or strong,” said lead author Blase Ur, assistant professor at the University of Chicago.
The findings will be presented at CHI 2017 conference in Denver, Colorado.
The metre works by employing an artificial neural network: a large, complex map of information that resembles the way neurons behave in the brain.
The network “learns” by scanning millions of existing passwords and identifying trends. If the meter detects a characteristic in your password that it knows attackers may guess, it’ll tell you.
“Instead of just having a meter say, ‘Your password is bad,’ we thought it would be useful for the meter to say, ‘Here’s why it’s bad and here’s how you could do better,'” added Nicolas Christin, professor at Carnegie Mellon University in Pennsylvania, US.
This data-driven feedback is presented in real-time, as a user is typing their password out letter-by-letter.
“The way attackers guess passwords is by exploiting the patterns that they observe in large datasets of breached passwords. For example, if you change Es to 3s in your password, that’s not going to fool an attacker. The meter will explain about how prevalent that substitution is and offer advice on what to do instead,” Ur said.

FactorDaily’s journalism is produced by some of the best brains in the story-telling business. If you like our body of work – deep reportage, domain specialist write-ups, data stories, podcasts and the like – consider supporting the FactorDaily journey.

Support FactorDaily

Pankaj Mishra is a writer of FactorDaily.