OPUS: preventing weak password choices
Computers and Security
An algorithm for approximate membership checking with application to password security
Information Processing Letters
Proactive password checking with decision trees
Proceedings of the 4th ACM conference on Computer and communications security
Communications of the ACM
Space/time trade-offs in hash coding with allowable errors
Communications of the ACM
A note on proactive password checking
Proceedings of the 2001 workshop on New security paradigms
Securing passwords against dictionary attacks
Proceedings of the 9th ACM conference on Computer and communications security
New directions in traffic measurement and accounting: Focusing on the elephants, ignoring the mice
ACM Transactions on Computer Systems (TOCS)
Proceedings of the 2003 ACM SIGMOD international conference on Management of data
An improved data stream summary: the count-min sketch and its applications
Journal of Algorithms
Privacy-preserving payload-based correlation for accurate malicious traffic detection
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
On countering online dictionary attacks with login histories and humans-in-the-loop
ACM Transactions on Information and System Security (TISSEC)
A large-scale study of web password habits
Proceedings of the 16th international conference on World Wide Web
Improving text passwords through persuasion
Proceedings of the 4th symposium on Usable privacy and security
It's No Secret. Measuring the Security and Reliability of Authentication via "Secret Questions
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Privacy-preserving indexing of documents on the network
The VLDB Journal — The International Journal on Very Large Data Bases
THE WAY I SEE IT: When security gets in the way
interactions - Catalyzing a Perfect Storm
Password exhaustion: predicting the end of password usefulness
ICISS'06 Proceedings of the Second international conference on Information Systems Security
Of passwords and people: measuring the effect of password-composition policies
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Approximate scalable bounded space sketch for large data NLP
EMNLP '11 Proceedings of the Conference on Empirical Methods in Natural Language Processing
Investigating the distribution of password choices
Proceedings of the 21st international conference on World Wide Web
Correct horse battery staple: exploring the usability of system-assigned passphrases
Proceedings of the Eighth Symposium on Usable Privacy and Security
The benefits of understanding passwords
HotSec'12 Proceedings of the 7th USENIX conference on Hot Topics in Security
Sketch algorithms for estimating point queries in NLP
EMNLP-CoNLL '12 Proceedings of the 2012 Joint Conference on Empirical Methods in Natural Language Processing and Computational Natural Language Learning
Building better passwords using probabilistic techniques
Proceedings of the 28th Annual Computer Security Applications Conference
Effect of grammar on security of long passwords
Proceedings of the third ACM conference on Data and application security and privacy
Does my password go up to eleven?: the impact of password meters on password selection
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Optimizing password composition policies
Proceedings of the fourteenth ACM conference on Electronic commerce
Exploring the design space of graphical passwords on smartphones
Proceedings of the Ninth Symposium on Usable Privacy and Security
Honeywords: making password-cracking detectable
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Useful password hashing: how to waste computing cycles with style
Proceedings of the 2013 workshop on New security paradigms workshop
Hi-index | 0.00 |
We propose to strengthen user-selected passwords against statistical-guessing attacks by allowing users of Internet-scale systems to choose any password they want--so long as it's not already too popular with other users. We create an oracle to identify undesirably popular passwords using an existing data structure known as a count-min sketch, which we populate with existing users' passwords and update with each new user password. Unlike most applications of probabilistic data structures, which seek to achieve only a maximum acceptable rate false-positives, we set a minimum acceptable false-positive rate to confound attackers who might query the oracle or even obtain a copy of it.