Open source password strength meter could help boost account security
It's no secret that most people are rubbish at choosing passwords -- it's something that's proved time and time again when the annual list of common passwords is released. To help overcome the problem, and hopefully increase the security of people's accounts, a team of researchers from the Carnegie Mellon University and the University of Chicago have created an open source password meter that provides advice about how to strengthen a password.
While it's quite common to encounter online forms that require you to create passwords that meet certain criteria, it still does not necessarily mean they are secure. CyLab Usable Privacy and Security Laboratory (CUPS), in conjunction with the Institute for Software Research, has created a tool that provides real-time feedback that helps to explain why a password is insecure, and offers tips about how to strengthen it.
The tool comes as a result of a study into passwords, and the findings are due to be presented at the CHI 2017 conference in Denver, Colorado this week. On the face of things, the password-checker is fairly simple, but the feedback it provides comes through the use of an artificial neural network. Using this technique, the tool is able to identify password trends that might make your choice easy to guess.
The tool is particularly effective at helping people choose passwords that are less prone to brute force attacks. One of the authors of the paper, Blase Ur, says:
The way attackers guess passwords is by exploiting the patterns that they observe in large datasets of breached passwords. For example, if you change Es to 3s in your password, that's not going to fool an attacker. The meter will explain about how prevalent that substitution is and offer advice on what to do instead.