Password Pattern and Vulnerability Analysis for Web and Mobile Applications

Li, Shancang; Romdhani, Imed; Buchanan, William

doi:10.3969/j.issn.1673-5188.2016.S0.006

Authors

Shancang Li

Dr Imed Romdhani I.Romdhani@napier.ac.uk
Associate Professor

Prof Bill Buchanan B.Buchanan@napier.ac.uk
Professor

Abstract

Text⁃based passwords are heavily used to defense for many web and mobile applications. In this paper, we investigated the patterns and vulnerabilities for both web and mobile applications based on conditions of the Shannon entropy, Guessing entropy and Minimum entropy. We show how to substantially improve upon the strength of passwords based on the analysis of text⁃password entropies. By analyzing the passwords datasets of Rockyou and 163.com, we believe strong password can be designed based on good usability, deployability, rememberbility, and security entropies.

Citation

Li, S., Romdhani, I., & Buchanan, W. (2016). Password Pattern and Vulnerability Analysis for Web and Mobile Applications. ZTE Communications, 14, 32-36. https://doi.org/10.3969/j.issn.1673-5188.2016.S0.006

Journal Article Type	Article
Acceptance Date	Jun 30, 2016
Online Publication Date	Aug 1, 2016
Publication Date	Jun 30, 2016
Deposit Date	Sep 20, 2016
Publicly Available Date	Oct 19, 2016
Journal	ZTE Communications
Print ISSN	1673􀆼5188
Peer Reviewed	Peer Reviewed
Volume	14
Pages	32-36
DOI	https://doi.org/10.3969/j.issn.1673-5188.2016.S0.006
Keywords	password strength; security entropies; password vulnerabilities
Public URL	http://researchrepository.napier.ac.uk/Output/367587