password generator research paper

Information

• Author Services

Initiatives

You are accessing a machine-readable page. In order to be human-readable, please install an RSS reader.

All articles published by MDPI are made immediately available worldwide under an open access license. No special permission is required to reuse all or part of the article published by MDPI, including figures and tables. For articles published under an open access Creative Common CC BY license, any part of the article may be reused without permission provided that the original article is clearly cited. For more information, please refer to https://www.mdpi.com/openaccess .

Feature papers represent the most advanced research with significant potential for high impact in the field. A Feature Paper should be a substantial original Article that involves several techniques or approaches, provides an outlook for future research directions and describes possible research applications.

Feature papers are submitted upon individual invitation or recommendation by the scientific editors and must receive positive feedback from the reviewers.

Editor’s Choice articles are based on recommendations by the scientific editors of MDPI journals from around the world. Editors select a small number of articles recently published in the journal that they believe will be particularly interesting to readers, or important in the respective research area. The aim is to provide a snapshot of some of the most exciting work published in the various research areas of the journal.

Original Submission Date Received: .

• Active Journals
• Find a Journal
• Proceedings Series
• For Authors
• For Reviewers
• For Editors
• For Librarians
• For Publishers
• For Societies
• For Conference Organizers
• Open Access Policy
• Institutional Open Access Program
• Special Issues Guidelines
• Editorial Process
• Research and Publication Ethics
• Article Processing Charges
• Testimonials
• Preprints.org
• SciProfiles
• Encyclopedia

Article Menu

• Subscribe SciFeed
• Recommended Articles
• Google Scholar
• on Google Scholar
• Table of Contents

Find support for a specific problem in the support section of our website.

Please let us know what you think of our products and services.

Visit our dedicated information section to learn more about MDPI.

JSmol Viewer

Intelligent security model for password generation and estimation using hand gesture features.

1. Introduction

• Information-gain-based feature selection is used to reduce the feature size of the MNIST dataset from 784 to 60 features.
• This paper devises an effective hand gesture recognition using an ensemble learning approach to contribute to the process of generating very strong, hard-to-break, and memorable passwords.
• We apply the sampling techniques to the password strength dataset to deal with an imbalanced class.
• Four well-known classifiers (MLP, SVM, RFT, and AdaBoost) are trained to evaluate password strength. It draws a test password similarity with most of the dataset’s weak, medium, and very strong passwords.
• We extract the most important features such as password diversity and entropy from the password strength dataset to improve the accuracy of classifiers.
• The proposed mechanism makes it easier for the user to create strong and memorable passwords and also provides a mechanism for checking passwords at the same time. Compared with previous work, we find that the system trains hand gestures and passwords with high accuracy.

2. Related Work

2.1. password generation, 2.2. password strength estimation, 2.3. the applications of intelligent data security, 3. datasets, 3.1. sign language dataset, 3.2. password strength dataset.

• A hand gesture recognition model using an ensemble learning approach to contribute to the process of generating passwords.
• A password strength checking model using an ensemble learning approach to estimate the strength of passwords.
• The user tries to choose at least four different signs through hand gestures.
• After the hand gesture classification, the sign prediction process tries to predict the label for each user’s hand motion.
• Similar features to predicted motion will be retrieved from the training MNIST images dataset and then passed to the password generator.
• The password generator generates a new password depending on each user’s motion features. The password generator has two possible inputs: the label for each user’s hand motion and similar features to predicted motion.
• After the classification of password strength, a new password is passed to the prediction process of the password to estimate its strength. If the new password’s strength is either medium or weak, the system will reject it and generate a new password; otherwise, the proposed approach will accept it.

4.1. The Proposed Password Generation Using Ensemble Learning

4.1.1. feature selection method, 4.1.2. hand gesture classifiers, 4.1.3. hand gesture recognition (sign prediction), 4.1.4. proposed password generation, 4.2. the proposed password strength estimation using ensemble learning, 4.2.1. handling imbalanced dataset, 4.2.2. proposed feature extraction method, 4.2.3. password strength classifiers, 4.2.4. password strength estimation (prediction), 5. results and discussion, 5.1. the proposed password strength estimation using ensemble learning, 5.2. performance comparison of hand gesture recognition with state of the art, 5.3. performance assessment of multiple classifiers for password strength estimation, 5.4. performance comparison of proposed password strength estimation with state of the art, 5.5. the analysis of proposed password generation and strength estimation, 6. conclusions, author contributions, institutional review board statement, informed consent statement, data availability statement, conflicts of interest.

• Adams, A.; Sasse, M.A. Users Are Not the Enemy. Commun. ACM 1999 , 42 , 40–46. [ Google Scholar ] [ CrossRef ]
• Riley, C.; Buckner, K.; Johnson, G.; Benyon, D. Culture & Biometrics: Regional Differences in the Perception of Biometric Authentication Technologies. AI Soc. 2009 , 24 , 295–306. [ Google Scholar ]
• Yang, G.-C.; Kim, H. A New Graphical Password Scheme Based on Universal Design. J. Digit. Converg. 2014 , 12 , 231–238. [ Google Scholar ] [ CrossRef ] [ Green Version ]
• Yang, G.-C.; Oh, H. Implementation of a Graphical Password Authentication System ‘PassPositions’. J. Image Graph. 2018 , 6 , 117–121. [ Google Scholar ] [ CrossRef ]
• Jiránek, K. Rule-Based Password Generation. 2017. Available online: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwjVypHJgeD6AhXlgFYBHeUUAmE-QFnoECBMQAQ&url=https%3A%2F%2Fexcel.fit.vutbr.cz%2Fsubmissions%2F2017%2F020%2F20.pdf&usg=AOvVaw3-bh39ob4Aqi102Mq-dMp8 (accessed on 15 August 2022).
• Deng, G.; Yu, X.; Guo, H. Efficient Password Guessing Based on a Password Segmentation Approach. In Proceedings of the 2019 IEEE Global Communications Conference (GLOBECOM), Waikoloa, HI, USA, 9–13 December 2019; pp. 1–6. [ Google Scholar ]
• Xia, Z.; Yi, P.; Liu, Y.; Jiang, B.; Wang, W.; Zhu, T. GENPass: A Multi-Source Deep Learning Model for Password Guessing. IEEE Trans. Multimed. 2019 , 22 , 1323–1332. [ Google Scholar ] [ CrossRef ]
• Kumar, B.P.; Reddy, E.S. An Efficient Security Model for Password Generation and Time Complexity Analysis for Cracking the Password. Int. J. Saf. Secur. Eng. 2020 , 10 , 713–720. [ Google Scholar ] [ CrossRef ]
• Murmu, S.; Kasyap, H.; Tripathy, S. PassMon: A Technique for Password Generation and Strength Estimation. J. Netw. Syst. Manag. 2022 , 30 , 1–23. [ Google Scholar ] [ CrossRef ]
• Hingmire, A.; Saliya, S. A Multimodal Metric for Password Strength Estimation. Int. J. Recent Trends Eng. Res. 2017 , 3 , 21–30. [ Google Scholar ]
• Rodwald, P. Using Gamification and Fear Appeal Instead of Password Strength Meters to Increase Password Entropy. Sci. J. Polish Nav. Acad. 2019 , 60 , 17–33. [ Google Scholar ] [ CrossRef ] [ Green Version ]
• Galbally, J.; Coisel, I.; Sanchez, I. A Probabilistic Framework for Improved Password Strength Metrics. In Proceedings of the 2014 International Carnahan Conference on Security Technology (ICCST), Rome, Italy, 13–16 October 2014; pp. 1–6. [ Google Scholar ]
• Ma, J.; Yang, W.; Luo, M.; Li, N. A Study of Probabilistic Password Models. In Proceedings of the 2014 IEEE Symposium on Security and Privacy, Rome, Italy, 13–16 October 2014; pp. 689–704. [ Google Scholar ]
• Bonneau, J. Statistical Metrics for Individual Password Strength. In Proceedings of the International Workshop on Security Protocols, Cambridge, UK, 12–13 April 2012; pp. 76–86. [ Google Scholar ]
• Cui, X.; Li, X.; Qin, Y.; Yong, D. A Password Strength Evaluation Algorithm Based on Sensitive Personal Information. In Proceedings of the 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Guangzhou, China, 29 December 2020–1 January 2021; pp. 1542–1545. [ Google Scholar ]
• Egelman, S.; Sotirakopoulos, A.; Muslukhov, I.; Beznosov, K.; Herley, C. Does My Password Go up to Eleven? The Impact of Password Meters on Password Selection. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, Paris, France, 27 April 2013–2 May 2013; pp. 2379–2388. [ Google Scholar ]
• Florêncio, D.; Herley, C.; Van Oorschot, P.C. An Administrator’s Guide to Internet Password Research. In Proceedings of the 28th Large Installation System Administration Conference (LISA14), Seattle, WA, USA, 9–14 November 2014; pp. 44–61. [ Google Scholar ]
• Grassi, P.A.; Garcia, M.E.; Fenton, J.L. Draft Nist Special Publication 800-63-3 Digital Identity Guidelines ; NIST: Los Altos, CA, USA, 2017. [ Google Scholar ]
• Wheeler, D.L. Zxcvbn:{Low-Budget} Password Strength Estimation. In Proceedings of the 25th USENIX Security Symposium (USENIX Security 16), Austin, TX, USA, 10–12 August 10 2016; pp. 157–173. [ Google Scholar ]
• Rathi, R.; Visvanathan, P.; Kanchana, R.; Anand, R. A Comparative Analysis of Soft Computing Techniques for Password Strength Classification. In Proceedings of the 2020 International Conference on Emerging Trends in Information Technology and Engineering (ic-ETITE), Vellore, India, 24–25 February 2020; pp. 1–3. [ Google Scholar ]
• Farooq, U. Real Time Password Strength Analysis on a Web Application Using Multiple Machine Learning Approaches. Int. J. Eng. Res. Technol. 2020 , 9 , 359–364. [ Google Scholar ]
• Nam, S.; Jeon, S.; Kim, H.; Moon, J. Recurrent Gans Password Cracker for Iot Password Security Enhancement. Sensors 2020 , 20 , 3106. [ Google Scholar ] [ CrossRef ] [ PubMed ]
• Mariappan, D.B.; Parihar, H.; Gautham, M.K.; Verma, D.C. Smart Office Area Monitoring & Control Based on IOT. In Proceedings of the 2020 2nd International Conference on Advances in Computing, Communication Control and Networking (ICACCCN), Greater Noida, India, 18–19 December 2020; pp. 450–453. [ Google Scholar ]
• CAI, J.; LI, R. New Dynamic Password Authentication Based on Smart Card and Fingerprint. J. Comput. Appl. 2008 , 28 , 1167–1169. [ Google Scholar ] [ CrossRef ]
• Kook, J. Design and Implementation of a OTP-Based IoT Digital Door-Lock System and Applications. Int. J. Eng. Res. Technol. 2019 , 12 , 1841–1846. [ Google Scholar ]
• Zhang, M.; Gao, C.; Xu, S. Dialect Password Recognition In Smart Home Based On Convolutional Neural Network. In Proceedings of the 2022 4th International Conference on Intelligent Control, Measurement and Signal Processing (ICMSP), Hangzhou, China, 8–10 July 2022; pp. 812–815. [ Google Scholar ]
• Banerjee, S.; Chowdhury, E.; Sikder, C.; Sarkar, D.; Sarbadhikary, R. Arduino UNO and GSM Based Real-Time Home Security System Using Self-Generated Password Protection. System 2019 , 4 , 8827. [ Google Scholar ] [ CrossRef ]
• Alajmi, M.; Elashry, I.; El-Sayed, H.S.; Faragallah, O.S. A Password-Based Authentication System Based on the CAPTCHA AI Problem. IEEE Access 2020 , 8 , 153914–153928. [ Google Scholar ] [ CrossRef ]
• Chen, D.; Zhao, H. Data Security and Privacy Protection Issues in Cloud Computing. In Proceedings of the 2012 International Conference on Computer Science and Electronics Engineering, Hangzhou, China, 23–25 March 2012; Volume 1, pp. 647–651. [ Google Scholar ]
• Li, B.; Feng, Y.; Xiong, Z.; Yang, W.; Liu, G. Research on AI Security Enhanced Encryption Algorithm of Autonomous IoT Systems. Inf. Sci. 2021 , 575 , 379–398. [ Google Scholar ] [ CrossRef ]
• Tecperson Sign Language MNIST. Available online: https://www.kaggle.com/datasets/datamunge/sign-language-mnist (accessed on 1 January 2022).
• Bhavik Bansal Password Strength Classifier Dataset. Available online: https://www.kaggle.com/datasets/bhavikbb/password-strength-classifier-dataset (accessed on 1 February 2022).
• Azhagusundari, B.; Thanamani, A.S. Feature Selection Based on Information Gain. Int. J. Innov. Technol. Explor. Eng. 2013 , 2 , 18–21. [ Google Scholar ]
• Taud, H.; Mas, J.F. Multilayer Perceptron (MLP). In Geomatic Approaches for Modeling Land Change Scenarios ; Springer: Berlin/Heidelberg, Germany, 2018; pp. 451–455. [ Google Scholar ]
• Chamasemani FF, S.Y. Multi-Class Support Vector Machine (SVM) Classifiers—An Application in Hypothyroid Detection and Classification. In Proceedings of the 2011 Sixth International Conference on Bio-Inspired Computing: Theories and Applications, Penang, Malaysia, 27–29 September 2011. [ Google Scholar ]
• Liaw, A.; Wiener, M. Classification and Regression by RandomForest. R News 2002 , 2 , 18–22. [ Google Scholar ]
• An, T.-K.; Kim, M.-H. A New Diverse AdaBoost Classifier. In Proceedings of the 2010 International Conference on Artificial Intelligence and Computational Intelligence, Washington, DC, USA, 23–24 October 2010; Volume 1, pp. 359–363. [ Google Scholar ]
• Demšar, J.; Curk, T.; Erjavec, A.; Gorup, Č.; Hočevar, T.; Milutinovič, M.; Možina, M.; Polajnar, M.; Toplak, M.; Starič, A. Orange: Data Mining Toolbox in Python. J. Mach. Learn. Res. 2013 , 14 , 2349–2353. [ Google Scholar ]

Click here to enlarge figure

Share and Cite

Mahdi, B.S.; Hadi, M.J.; Abbas, A.R. Intelligent Security Model for Password Generation and Estimation Using Hand Gesture Features. Big Data Cogn. Comput. 2022 , 6 , 116. https://doi.org/10.3390/bdcc6040116

Mahdi BS, Hadi MJ, Abbas AR. Intelligent Security Model for Password Generation and Estimation Using Hand Gesture Features. Big Data and Cognitive Computing . 2022; 6(4):116. https://doi.org/10.3390/bdcc6040116

Mahdi, Bashar Saadoon, Mustafa Jasim Hadi, and Ayad Rodhan Abbas. 2022. "Intelligent Security Model for Password Generation and Estimation Using Hand Gesture Features" Big Data and Cognitive Computing 6, no. 4: 116. https://doi.org/10.3390/bdcc6040116

Article Metrics

Article access statistics, further information, mdpi initiatives, follow mdpi.

Subscribe to receive issue release notifications and newsletters from MDPI journals

PassMon: A Technique for Password Generation and Strength Estimation

• Published: 17 October 2021
• Volume 30 , article number  13 , ( 2022 )

Cite this article

• Sanjay Murmu 1 ,
• Harsh Kasyap   ORCID: orcid.org/0000-0002-8313-6354 1 &
• Somanath Tripathy 1  

1313 Accesses

9 Citations

Explore all metrics

The password is the most prevalent and reliant mode of authentication by date. We often come across many websites with user registration pages having different password strength estimation techniques. Most of them run lightweight java-script-based rules on the client-side, while others take it to the server and evaluate. The same password is measured on different scales and is treated as invalid, weak, medium, or strong by different meters. These constraints compel users to choose weak passwords. The state-of-the-art password guessing and strength estimating techniques are trained on the publicly available leaked data sets. They are able to cope with the dictionary attacks but became prone to adversarial attacks. Creating dynamic rules for such attacks is tedious and infeasible. This paper proposes an ensemble approach with a classification and guessing strategy. We devise a bi-directional generative adversarial network based algorithm to generate personalized passwords with an improved convergence rate. It generates as many numbers of samples compared to GAN in less time. The one-class SVM is trained over the leaked and generated passwords to estimate password strength. The passwords mainly comprise the medium and weak category, and it gives better performance drawing a similarity between weak passwords. LSTM has been tuned to predict the difficulty level to crack the given test password. Based on their combined results, the password strength is determined. This paper also proposes three password design methods to create memorable and reasonably strong passwords. They are simple to design by taking user personal information and adding randomness based on functional patterns.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save.

• Get 10 units per month
• Download Article/Chapter or eBook
• 1 Unit = 1 Article or 1 Chapter
• Cancel anytime

Price includes VAT (Russian Federation)

Instant access to the full article PDF.

Rent this article via DeepDyve

Institutional subscriptions

Similar content being viewed by others

Password Strength Estimators Trained on the Leaked Password Lists

The Revenge of Password Crackers: Automated Training of Password Cracking Tools

Hybritus: a password strength checker by ensemble learning from the query feedbacks of websites

Explore related subjects.

• Artificial Intelligence

Data Availability

Not applicable.

Code Availability

https://www.openwall.com/john/ .

https://hashcat.net/hashcat/ .

https://www.kaggle.com/wjburns/common-password-list-rockyoutxt .

http://downloads.skullsecurity.org/passwords/myspace.txt.bz2 .

http://www.pars.gatech.edu/ .

Kim, H., Huh, J.H.: Pin selection policies: are they really effective? Comput. Secur. 31 (4), 484–496 (2012)

Article   Google Scholar  

Nandakumar, K., Nagar, A., Jain, A.K.: Hardening fingerprint fuzzy vault using password. In: Proceedings of the International Conference on Biometrics, pp. 927–937. Springer (2007)

Galterio, M.G., Shavit, S.A., Hayajneh, T.: A review of facial biometrics security for smart devices. Computers 7 (3), 37 (2018)

Wang, D., Cheng, H., Wang, P., Huang, X., Jian, G.: Zipf’s law in passwords. IEEE Trans. Inf. Forensics Secur. 12 (11), 2776–2791 (2017)

Wang, D., Wang, P.: The emperor’s new password creation policies. In: Proceedings of the European Symposium on Research in Computer Security, pp. 456–477. Springer (2015)

Wang, D., He, D., Cheng, H., Wang, P.: fuzzypsm: a new password strength meter using fuzzy probabilistic context-free grammars. In: Proceedings of the 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 595–606 (2016)

Doucek, P., Pavlíek, L., Sedláček, J., Nedomová, L.: Adaptation of password strength estimators to a non-English environment-the CZech experience. Comput. Secur. 101757 , 02 (2020)

Google Scholar  

Weir, M., Aggarwal, S., Medeiros, B., Glodek, B.: Password cracking using probabilistic context-free grammars. In: Proceedings of the 2009 30th IEEE Symposium on Security and Privacy, pp. 391–405 (2009)

Goodfellow, I., Pouget-Abadie, J., Mirza, M., Xu, B., Warde-Farley, D., Ozair, S., Courville, A., Bengio, Y.: Generative adversarial nets. Adv. Neural Inf. Process. Syst. 27 (2014)

Hitaj, B., Gasti, P., Ateniese, G., Pérez-Cruz, F.: Passgan: a deep learning approach for password guessing. CoRR, abs/1709.00440 (2017)

Donahue, J., Krähenbühl, P., and Darrell, T.: Adversarial feature learning. CoRR, abs/1605.09782 (2016)

Weir, M., Aggarwal, S., Collins, M., Stern, H.: Testing metrics for password creation policies by attacking large sets of revealed passwords. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 162–175 (2010)

Wang, D., Zhang, Z., Wang, P., Yan, J., Huang, X.: Targeted online password guessing: An underestimated threat. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1242–1254 (2016)

Wang, D., Wang, P., He, D., Tian, Y.: Birthday, name and bifacial-security: understanding passwords of Chinese web users. In: Proceedings of the 28th USENIX Security Symposium (USENIX Security 19), pp. 1537–1555 (2019)

Florêncio, D., Herley, C., and Van Oorschot, P.C .: An administrator’s guide to internet password research. In: Proceedings of the 28th Large Installation System Administration Conference (LISA14), pp. 44–61 (2014)

Van Heerden, R.P., Vorster, J.S.: Using Markov models to crack passwords. In: Proceedings of the 3rd International Conference on Information Warfare and Security: Peter Kiewit Institute, University of Nebraska, Omaha, USA, pp. 24–25 (2008)

Yazdi, S.H.: Probabilistic context-free grammar based password cracking: attack, defense and applications. Comput. Sci. (2015)

Melicher, W., Ur, B., Segreti, S.M., Komanduri, S., Bauer, L., Christin, N., Cranor, L.F.: Fast, lean, and accurate: modeling password guessability using neural networks. In: Proceedings of the 25th USENIX Security Symposium (USENIX Security 16), pp. 175–191, USENIX Association, Austin, TX (2016)

Bošnjak, L., Sreš, J., Brumen, B.: Brute-force and dictionary attack on hashed real-world passwords. In: Proceedings of the 2018 41st International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp. 1161–1166 (018)

Zoebisch, F., Vielhauer, C.: A test tool to support brute-force online and offline signature forgery tests on mobile devices. In: 2003 International Conference on Multimedia and Expo. ICME ’03. Proceedings (Cat. No. 03TH8698), vol. 3, pp. III–225 (2003)

Wang, D., Wang, P.: Offline dictionary attack on password authentication schemes using smart cards. In: Desmedt, Y. (ed.) Information Security, pp. 221–237. Springer International Publishing, Cham (2015)

Chapter   Google Scholar  

Monrose, F., Reiter, M.K., Wetzel, S.: Password hardening based on keystroke dynamics. In: Proceedings of the CCS ’99 (1999)

Yıldırım, M., Mackie, I.: Encouraging users to improve password security and memorability. Int. J. Inf. Secur. 18 (6), 741–759 (2019)

Woods, N., Siponen, M.: Improving password memorability, while not inconveniencing the user. Int. J. Hum. Comput. Stud. 128 , 61–71 (2019)

Houshmand, S., Aggarwal, S., Flood, R.: Next gen PCFG password cracking. IEEE Trans. Inf. Forensics Secur. 10 (8), 1776–1791 (2015)

Ma, J., Yang, W., Luo, M., Li, N.: A study of probabilistic password models. In: Proceedings of the 2014 IEEE Symposium on Security and Privacy, pp. 689–704 (2014)

Guo, Y., Zhang, Z.: LPSE: lightweight password-strength estimation for password meters. Comput. Secur. 73 , 507–518 (2018)

Fang, Y., Liu, K., Jing, F., Zuo, Z.: Password guessing based on semantic analysis and neural networks. In: Zhang, H., Zhao, B., Yan, F. (eds.) Trusted Computing and Information Security, pp. 84–98. Springer, Singapore (2019)

Arjovsky, M., Chintala, S., Bottou, L.: Wasserstein gan. arXiv preprintarXiv:1701.07875 (2017)

Liu, Y., Xia, Z., Yi, P., Yao, Y., Xie, T., Wang, W., and Zhu, T.: Genpass: a general deep learning model for password guessing with PCFG rules and adversarial generation. In: Proceedings of the 2018 IEEE International Conference on Communications (ICC), pp. 1–6 (2018)

Ciaramella, A., D’Arco, P., De Santis, A., Galdi, C., Tagliaferri, R.: Neural network techniques for proactive password checking. IEEE Trans. Depend. Secure Comput. 3 (4), 327–339 (2006)

He, Y., Alem, E.E., Wang, W.: Hybritus: a password strength checker by ensemble learning from the query feedbacks of websites. Front. Comput. Sci. 14 (3), 1–14 (2020)

Junli, C., Licheng, J.: Classification mechanism of support vector machines. In: WCC 2000–ICSP 2000. 2000 5th International Conference on Signal Processing Proceedings. 16th World Computer Congress 2000, vol. 3, pp. 1556–1559 (2000)

Jamuna, K.S., Karpagavalli, S., Vijaya, M.S.: A novel approach for password strength analysis through support vector machine. Int. J. Recent Trends Eng. 2 (1), 79 (2009)

Zhu, F., Ye, N., Wei, Yu., Sheng, X., Li, G.: Boundary detection and sample reduction for one-class support vector machines. Neurocomputing 123 , 166–173 (2014)

Manevitz, L.M., Yousef, M.: One-class svms for document classification. J. Mach. Learn. Res. 2 , 139–154 (2001)

MATH   Google Scholar  

Download references

Acknowledgements

We acknowledge the Ministry of Human Resource Development, Government of India, for providing fellowship to complete this work.

Author information

Authors and affiliations.

Department of Computer Science and Engineering, Indian Institute of Technology Patna, Patna, India

Sanjay Murmu, Harsh Kasyap & Somanath Tripathy

You can also search for this author in PubMed   Google Scholar

Corresponding author

Correspondence to Harsh Kasyap .

Ethics declarations

Conflict of interest.

The authors declare that they have no conflict of interest.

Additional information

Publisher's note.

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Murmu, S., Kasyap, H. & Tripathy, S. PassMon: A Technique for Password Generation and Strength Estimation. J Netw Syst Manage 30 , 13 (2022). https://doi.org/10.1007/s10922-021-09620-w

Download citation

Received : 17 December 2020

Revised : 08 June 2021

Accepted : 09 August 2021

Published : 17 October 2021

DOI : https://doi.org/10.1007/s10922-021-09620-w

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

• Password policy
• Password security
• Adversarial password generation
• Password strength

Advertisement

• Find a journal
• Publish with us
• Track your research

• DOI: 10.1007/978-3-319-45931-8_16
• Corpus ID: 13553792

Password Generators: Old Ideas and New

• Fatma Al Maqbali , C. Mitchell
• Published in Workshop in Information… 15 July 2016
• Computer Science

6 Citations

Autopass: an automatic password generator, update-tolerant and revocable password backup, the research on methods for generating random passwords, update-tolerant and revocable password backup (extended version), generating and managing secure passwords for online accounts, just look at to open it up:, 23 references, site-specific passwords.

• Highly Influential
• 10 Excerpts

A convenient method for securely managing passwords

Digital objects as passwords, stronger password authentication using browser extensions, passpet: convenient password management and phishing protection, password requirements markup language, the usable security of passwords based on digital objects : from design and analysis to user study ∗, passwords: if we're so smart, why are we still using them, user study, analysis, and usable security of passwords based on digital objects, a large-scale study of web password habits, related papers.

Showing 1 through 3 of 0 Related Papers

Verified Password Generation from Password Composition Policies

• Conference paper
• First Online: 01 June 2022
• Cite this conference paper

• Miguel Grilo 9 ,
• João Campos 10 ,
• João F. Ferreira 10 ,
• José Bacelar Almeida 11 &
• Alexandra Mendes 12  

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13274))

Included in the following conference series:

• International Conference on Integrated Formal Methods

711 Accesses

2 Citations

Password managers (PMs) are important tools that enable the use of stronger passwords, freeing users from the cognitive burden of remembering them. Despite this, there are still many users who do not fully trust PMs. In this paper, we focus on a feature that most PMs offer that might impact the user’s trust, which is the process of generating a random password. We present three of the most commonly used algorithms and we propose a solution for a formally verified reference implementation of a password generation algorithm. We use EasyCrypt to specify and verify our reference implementation. In addition, we present a proof-of-concept prototype that extends Bitwarden to only generate compliant passwords, solving a frequent users’ frustration with PMs. This demonstrates that our formally verified component can be integrated into an existing (and widely used) PM.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save.

• Get 10 units per month
• Download Article/Chapter or eBook
• 1 Unit = 1 Article or 1 Chapter
• Cancel anytime
• Available as PDF
• Read on any device
• Instant download
• Own it forever
• Available as EPUB and PDF
• Compact, lightweight edition
• Dispatched in 3 to 5 business days
• Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Certified Password Quality

Password Generators: Old Ideas and New

GuidedPass: Helping Users to Create Strong and Memorable Passwords

https://github.com/passcert-project/pw_generator_server .

https://source.chromium.org/chromium/chromium/src/+/master:components .

https://github.com/bitwarden .

https://github.com/dlech/KeePass2.x .

https://github.com/passcert-project/random-password-generator/blob/main/EC/PasswordGenerationTh.eca .

https://github.com/passcert-project/random-password-generator/blob/main/EC/passCertRPG_ref.ec .

https://github.com/passcert-project/random-password-generator/blob/main/EC/RPGTh.eca .

https://github.com/apple/password-manager-resources/blob/main/tools/PasswordRulesParser.js .

https://github.com/apple/password-manager-resources/blob/main/quirks/password-rules.json .

https://github.com/bitwarden/browser/pull/2047#issuecomment-978846599 .

A search on Google Scholar shows one relevant paper [ 17 ], which is the abstract of an informal talk delivered by our team.

PassCert project: https://passcert-project.github.io .

Alkaldi, N., Renaud, K.: Why do people adopt, or reject, smartphone password managers? In: 1st European Workshop on Usable Security-EuroUSEC 2016 (2016)

Google Scholar  

Almeida, J.B., et al.: Jasmin: high-assurance and high-speed cryptography. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1807–1823 (2017)

Almeida, J.B., et al.: The last mile: high-assurance and high-speed cryptographic implementations. In: 2020 IEEE Symposium on Security and Privacy (SP) (2020)

Almeida, J.B., et al.: Machine-checked proofs for cryptographic standards: indifferentiability of sponge and secure high-assurance implementations of SHA-3. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (2019)

Apple. Customizing Password AutoFill Rules (2021). https://developer.apple.com/documentation/security/password_autofill/customizing_password_autofill_rules . Accessed 31 July 2021

Apple. Web sites won’t accept Safari generated strong passwords due to dashes or other criteria (2021). https://discussions.apple.com/thread/251341081 . Accessed 26 Oct 2021

Barthe, G., Dupressoir, F., Grégoire, B., Kunz, C., Schmidt, B., Strub, P.-Y.: EasyCrypt : a tutorial. In: Aldini, A., Lopez, J., Martinelli, F. (eds.) FOSAD 2012-2013. LNCS, vol. 8604, pp. 146–166. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10082-1_6

Chapter   Google Scholar  

Bellare, M., Rogaway, P.: Code-based game-playing proofs and the security of triple encryption. IACR Cryptology ePrint Archive 2004/331 (2004)

Bond, B., et al.: Vale: verifying high-performance cryptographic assembly code. In: 26th USENIX Security Symposium, pp. 917–934 (2017)

Carreira, C., Ferreira, J.F., Mendes, A.: Towards improving the usability of password managers. In: INFORUM (2021)

Carreira, C., Ferreira, J.F., Mendes, A., Christin, N.: Exploring usable security to improve the impact of formal verification: a research agenda. In: First Workshop on Applicable Formal Methods (Co-Located with Formal Methods 2021) (2021)

Chiasson, S., van Oorschot, P.C., Biddle, R.: A usability study and critique of two password managers. In: USENIX Security Symposium, vol. 15, pp. 1–16 (2006)

EA. Password Does Not Meet Requirements (2021). https://web.archive.org/web/20210817105229/answers.ea.com/t5/EA-General-Questions/quot-Password-Does-Not-Meet-Requirements-quot/td-p/5744758 . Accessed 26 Oct 2021

Erbsen, A., Philipoom, J., Gross, J., Sloan, R., Chlipala, A.: Simple high-level code for cryptographic arithmetic - with proofs, without compromises. In: 2019 IEEE Symposium on Security and Privacy, SP 2019, pp. 1202–1219. IEEE (2019)

Ferreira, J.F., Johnson, S.A., Mendes, A., Brooke, P.J.: Certified password quality. In: Polikarpova, N., Schneider, S. (eds.) IFM 2017. LNCS, vol. 10510, pp. 407–421. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66845-1_27

Florencio, D., Herley, C.: A large-scale study of web password habits. In: Proceedings of the 16th International Conference on World Wide Web, pp. 657–666 (2007)

Grilo, M., Ferreira, J.F., Almeida, J.B.: Towards formal verification of password generation algorithms used in password managers. arXiv preprint arXiv:2106.03626 (2021)

Horsch, M., Schlipf, M., Braun, J., Buchmann, J.: Password requirements markup language. In: Liu, J.K., Steinfeld, R. (eds.) ACISP 2016. LNCS, vol. 9722, pp. 426–439. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-40253-6_26

Johnson, S., Ferreira, J.F., Mendes, A., Cordry, J.: Skeptic: automatic, justified and privacy-preserving password composition policy selection. In: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, pp. 101–115 (2020)

Oesch, S., Ruoti, S.: That was then, this is now: a security evaluation of password generation, storage, and autofill in browser-based password managers. In: USENIX Security Symposium (2020)

Pearman, S., Zhang, S.A., Bauer, L., Christin, N., Cranor, L.F.: Why people (don’t) use password managers effectively. In: Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019), pp. 319–338. USENIX Association, Santa Clara (2019)

Pereira, D., Ferreira, J.F., Mendes, A.: Evaluating the accuracy of password strength meters using off-the-shelf guessing attacks. In: 2020 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), pp. 237–242. IEEE (2020)

Shay, R., et al.: Designing password policies for strength and usability. ACM Trans. Inf. Syst. Secur. (TISSEC) 18 (4), 1–34 (2016)

Article   Google Scholar  

Shoup, V.: Sequences of games: a tool for taming complexity in security proofs. IACR Cryptology ePrint Archive 2004/332 (2004)

Stajano, F., Spencer, M., Jenkinson, G., Stafford-Fraser, Q.: Password-manager friendly (PMF): semantic annotations to improve the effectiveness of password managers. In: Mjølsnes, S.F. (ed.) PASSWORDS 2014. LNCS, vol. 9393, pp. 61–73. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24192-0_4

TechNet. Can’t create local user “Password does not meet password policy requirements” - but it does (2021). https://web.archive.org/web/20211026082725/ . https://social.technet.microsoft.com/Forums/en-US/12b06881-ea1a-403d-aafb-99bbe7d4d1b0/cant-create-local-user-quotpassword-does-not-meet-password-policy-requirementsquot-but-it?forum=win10itprosecurity . Accessed 26 Oct 2021

Zinzindohoué, J.-K., Bhargavan, K., Protzenko, J., Beurdouche, B.: HACL*: a verified modern cryptographic library. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, pp. 1789–1806. Association for Computing Machinery, New York (2017). ISBN: 9781450349468

Zuo, C., Lin, Z., Zhang, Y.: Why does your data leak? Uncovering the data leakage in cloud from mobile apps. In: 2019 IEEE Symposium on Security and Privacy (SP). IEEE (2019)

Download references

Acknowledgments

This work was partially funded by the PassCert project, a CMU Portugal Exploratory Project funded by Fundação para a Ciência e Tecnologia (FCT), with reference CMU/TIC/0006/2019 and supported by national funds through FCT under project UIDB/50021/2020.

Author information

Authors and affiliations.

INESC TEC and IST, University of Lisbon, Lisbon, Portugal

Miguel Grilo

INESC-ID and IST, University of Lisbon, Lisbon, Portugal

João Campos & João F. Ferreira

HASLab, INESC TEC and University of Minho, Braga, Portugal

José Bacelar Almeida

HASLab, INESC TEC and Faculty of Engineering, University of Porto, Porto, Portugal

Alexandra Mendes

You can also search for this author in PubMed   Google Scholar

Corresponding author

Correspondence to João F. Ferreira .

Editor information

Editors and affiliations.

ISTI-CNR, Pisa, Italy

Maurice H. ter Beek

Maynooth University, Maynooth, Ireland

Rosemary Monahan

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Cite this paper.

Grilo, M., Campos, J., Ferreira, J.F., Almeida, J.B., Mendes, A. (2022). Verified Password Generation from Password Composition Policies. In: ter Beek, M.H., Monahan, R. (eds) Integrated Formal Methods. IFM 2022. Lecture Notes in Computer Science, vol 13274. Springer, Cham. https://doi.org/10.1007/978-3-031-07727-2_15

Download citation

DOI : https://doi.org/10.1007/978-3-031-07727-2_15

Published : 01 June 2022

Publisher Name : Springer, Cham

Print ISBN : 978-3-031-07726-5

Online ISBN : 978-3-031-07727-2

eBook Packages : Computer Science Computer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

• Publish with us

Policies and ethics

• Find a journal
• Track your research

IEEE Account

• Change Username/Password
• Update Address

Purchase Details

• Payment Options
• Order History
• View Purchased Documents

Profile Information

• Communications Preferences
• Profession and Education
• Technical Interests
• US & Canada: +1 800 678 4333
• Worldwide: +1 732 981 0060
• Contact & Support
• About IEEE Xplore
• Accessibility
• Terms of Use
• Nondiscrimination Policy
• Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity. © Copyright 2024 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.

for you. No one else can ever see them or get them. You may safely take these strings as they are, or use chunks from several to build your own if you prefer, or do whatever you want with them. Each set displayed are totally, uniquely yours — forever. The "Application Notes" section below discusses various aspects of using these random passwords for locking down wireless WEP and WPA networks, for use as VPN shared secrets, as well as for other purposes. The "Techie Details" section at the end describes exactly how these super-strong maximum-entropy passwords are generated (to satisfy the uber-geek inside you). can be tapped and used as a source of true randomness, but this is much more than is needed for our purposes here. High quality algorithms are sufficient. The deterministic binary noise generated by my server, which is then converted into various displayable formats, is derived from the highest quality mathematical pseudo-random algorithms known. In other words, these password strings are as random as anything non-random can be. , CBC provides necessary security in situations where some repetition or predictability of the "plaintext" message is present. Since the "plaintext" in this instance is a large 128-bit steadily-increasing (monotonic) counter value (which gives us our guaranteed never-to-repeat property, but is also extremely predictable) we need to scramble it so that the value being encrypted cannot be predicted. This is what "CBC" does: As the diagram above shows, the output from the previous encryption operation is "fed back" and XOR-mixed with the incrementing counter value. This prevents the possibility of determining the secret key by analysing successive counter encryption results. One last detail: Since there is no "output from the previous encryption" to be used during the encryption of the first block, the switch shown in the diagram above is used to supply a 128-bit "Initialization Vector" (which is just 128-bits of secret random data) for the XOR-mixing of the first counter value. Thus, the first encryption is performed on a mixture of the 128-bit counter and the "Initialization Vector" value, and subsequent encryptions are performed on the mixture of the incrementing counter and the previous encrypted result. The result of the combination of the 256-bit Rijndael/AES secret key, the unknowable (therefore secret) present value of the 128-bit monotonically incrementing counter, and the 128-bit secret Initialization Vector (IV) is 512-bits of secret data providing extremely high security for the generation of this page's "perfect passwords". No one is going to figure out what passwords you have just received. How much security do 512 binary bits provide? Well, 2^512 (2 raised to the power of 512) is the total number of possible combinations of those 512 binary bits — every single bit of which actively participates in determining this page's successive password sequence. 2^512 is approximately equal to: 1.34078079 x 10^154, which is this rather amazing number: . Sports Medicine On Password Strength: A Survey and Analysis Studies in Computational Intelligence In book: Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (pp.165-186) Central Michigan University Abstract and Figures Discover the world's research 25+ million members 160+ million publication pages 2.3+ billion citations Hidema Tanaka Farid Akram INT J INF SECUR Ki Hyeon Hong Meaghen Vydelingum Miguel Vargas Martin Premraj Pawade Mohit Kulkarni Shreya Naik Agung Nugroho Jagmohan Chauhan Saranga Komanduri Julio López Micheline Kamber Joseph Bonneau Cormac Herley Paul C. van Oorschot Judith Lynne Hanna Tristan Cazenave Michal Ayalon Judi Humberstone Mohammad Mannan Charles Matthew Weir Claude Elwood Shannon C. E. Shannon Recruit researchers Join for free Login Email Tip: Most researchers use their institutional email address as their ResearchGate login Password Forgot password? Keep me logged in Log in or Continue with Google Welcome back! Please log in. Email · Hint Tip: Most researchers use their institutional email address as their ResearchGate login Password Forgot password? Keep me logged in Log in or Continue with Google No account? Sign up 188 IMAGES Password Generator Project Free Password Tracker Template 33 Best Password List Templates (Word, Excel & PDF) ᐅ TemplateLab (PDF) Password Generators: Old Ideas and New 5 best Random Password Generators New! Create Secure Passwords With: Random Password Generator VIDEO Random password generator #coding #tech #python random password generator with html css and javascript Random Password Generator in React PASSWORD GENERATOR GRADE XI Random password generator Password Generator COMMENTS (PDF) Password Generators: Old Ideas and New Abstract. This paper considers password generators, i.e. systems designed to generate site-specific passwords on demand. Such systems are an alternative to password managers. Over the last 15 ... [1607.04421] Password Generators: Old Ideas and New This paper considers password generators, i.e. systems designed to generate site-specific passwords on demand. Such systems are an alternative to password managers. Over the last 15 years a range of password generator systems have been described. This paper proposes the first general model for such systems, and critically examines options for instantiating this model; options considered ... PDF Towards Formal Verification of Password Generation Algorithms used in that generation of random passwords is one important feature that increases use of PMs [1] and helps prevent the use of weaker passwords and password reuse [11]. These studies suggest that a strong password generator that users can fully trust is a must-have feature for PMs. In this paper, we propose a formally verified reference ... BDCC Feature papers represent the most advanced research with significant potential for high impact in the field. A Feature Paper should be a substantial original Article that involves several techniques or approaches, provides an outlook for future research directions and describes possible research applications. ... A password generator is a tool ... Strong Password Generation Based On User Inputs Published in: 2019 IEEE 10th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON) Article #: Date of Conference: 17-19 October 2019. Date Added to IEEE Xplore: 19 December 2019. ISBN Information: Electronic ISBN: 978-1-7281-2530-5. Print on Demand (PoD) ISBN: 978-1-7281-2531-2. PassMan: A New Approach of Password Generation and ... Password has become a critical part of one's personal, social, and professional life. We need passwords to secure personal information regardless of the platform. People need passwords for almost every system they use. Secured passwords are hard to generate. It is harder to remember and manage them. Password managers claim immense importance in this circumstance, but not all the password ... PDF User Choice-Based Secure Password Generator using Python Abstract: There is a wide range of password generator available through internet. However, they are not secure being generic in nature. Many users face problem in remembering complex passwords thereby increasing the probability of using older passwords. In this paper, a new technique is presented in which random complex PassGPT: Password Modeling and (Guided) Generation with Large Language Large language models (LLMs) successfully model natural language from vast amounts of text without the need for explicit supervision. In this paper, we investigate the efficacy of LLMs in modeling passwords. We present PassGPT, a LLM trained on password leaks for password generation. PassGPT outperforms existing methods based on generative adversarial networks (GAN) by guessing twice as many ... PDF PassMon: A Technique for Password Generation and Strength ... mined. This paper also proposes three password design methods to create memo-rable and reasonably strong passwords. They are simple to design by taking user personal information and adding randomness based on functional patterns. Keywords Password policy · Password security · Adversarial password generation · BiGAN · Password strength Password Generators: Old Ideas and New The first general model for password generators that generate site-specific passwords on demand is proposed, and a possible new scheme, AutoPass, is sketched to incorporate the best features of the prior art while addressing many of the shortcomings of existing systems. Password generators that generate site-specific passwords on demand are an alternative to password managers. Over the last 15 ... ProActive Approach for Generating Random Passwords for Information To generate a random password of specific length, above step is repeated that many times. For example, a character set with lowercase letters (26), uppercase letters (26) and digits (10) and password length of six. The cardinality of the character set is 26 + 26 + 10 = 62. Now, there are 62 choices for each six positions. A comparative study of three random password generators Abstract. This paper compares three random password generation schemes, describing and analyzing each. It also reports the results of a small study testing the quality of the passwords generated ... AutoPass: An Automatic Password Generator This paper provides a. detailed specification and analysis of AutoPass, a password genera-. tor scheme previously outlined as part of a general analysis of such. schemes. AutoPass has been ... Verified Password Generation from Password Composition Policies To address many of the existing problems regarding password authentication [16, 22, 28], security experts often recommend using password managers (PMs) for storing and generating strong random passwords.Indeed, a key feature of PMs is random password generation, since it helps prevent the use of weaker passwords and password reuse [].Moreover, it provides users with a greater sense of security ... A Novel Strong Password Generator for Improving Cloud Authentication In order to achieve better security than the alphanumerical password, this paper describes a scheme which allows strengthening the authentication process in the cloud environment using the password generator module by means of a combination of different techniques such as multi-factor authentication, One-time password and SHA1. © 2015 The ... That Was Then, This Is Now: A Security Evaluation of Password Download paper; Research Artifacts. We have made our research artifacts regarding password generation, storage, and autofill available to the community. ... LastPass, online password generator, and RoboForm, we scraped passwords from password generation websites. The scripts for scraping passwords can be found here. We do not actively update ... Random Password Generation In conclusion, random password generation is an important part of network security. In this paper we reviewed different sources that cover the topic of random password generation. The first topic that was addressed in the review was discussion of different random password generation schemes (Michael D. Leonhard, 2007). The second topic addressed A comparative study of three random password generators This paper compares three random password generation schemes, describing and analyzing each. It also reports the results of a small study testing the quality of the passwords generated by the schemes. Qualities discussed include security, memorability, and user affinity. Improvements to the schemes and experiment are suggested. PDF Formal Verification of Password Generation Algorithms used in Password passwords, which is a feature that most password managers offer. Research Papers. Parts of the work presented in this thesis were used in the following research papers: • Miguel Grilo, Joao F. Ferreira, and Jos˜ e Bacelar Almeida. Verified Password Generation from´ Password Composition Policies. AutoPass: An Automatic Password Generator One way of addressing this is by using a password generator, i.e. a client-side scheme which generates (and regenerates) site-specific strong passwords on demand, with minimal user input. This paper gives a detailed specification and analysis of AutoPass, a novel password generator scheme. AutoPass: An automatic password generator paper gives a detailed specification and analysis of AutoPass, a novel password generator scheme. AutoP ass has been designed. to address issues identified in previously proposed password ... PassGAN: A Deep Learning Approach for Password Guessing To test this hypothesis, in this paper we introduce PassGAN, new approach for generating password guesses based on deep learning and Generative Adversarial Networks (GANs) [25]. GANs. are recently-introduced machine-learning tools designed to per-form density estimation in high-dimensional spaces [25]. GRC 1,624 sets of passwords generated per day 36,717,395 sets of passwords generated for our visitors. DETECT "SECURE" CONNECTION INTERCEPTION with GRC's NEW HTTPS fingerprinting service!! Generating long, high-quality random passwords is not simple. So here is some totally random raw material, generated just for YOU, to start with. PDF That Was Then, This Is Now: A Security Evaluation of Password Password managers have the potential to help users more effectively manage their passwords and address many of the concerns surrounding password-based authentication. However, prior research has identified significant vulnerabilities in existing password managers; especially in browser-based password managers, which are the focus of this paper. (PDF) On Password Strength: A Survey and Analysis Analysis of password strength has been an activ e area for research and practice f or. a long time. The focus of these work is on the metrics of password strength and. evaluation of these metrics ... essay homework paper phd project resume review study thesis