William Fraser
Examining the Strength of Three Word Passwords
Fraser, William; Broadbent, Matthew; Pitropakis, Nikolaos; Chrysoulas, Christos
Authors
Matthew Broadbent
Dr Nick Pitropakis N.Pitropakis@napier.ac.uk
Associate Professor
Christos Chrysoulas
Abstract
Passwords make up the most common method of authentication. With ever increasing computing power, password complexity has had to keep pace. This creates a challenge for remembering all complex passwords which some password policies attempt to resolve. One such policy is to use three random words rather than a complex alphanumeric password. This paper attempted to prove the security of using such three-word passwords. It was discovered both theoretically and experimentally that three-word passwords should not be considered secure. Theoretical entropy of a three-word password found in the 25,000 most common words would be 43.8, that is lower than the entropy of a lowercase only password. Experimental data, collected via participant survey, shows up to 85% of random words provided by participants could be found in the top 15,000 common words found in the Google n-Gram data and 86.47% of combinations could be found in 25,000 most common words. This would mean, for at least 86.47% of cases, the entropy of the password is less than passwords already considered insecure in the industry.
Citation
Fraser, W., Broadbent, M., Pitropakis, N., & Chrysoulas, C. (2024, June). Examining the Strength of Three Word Passwords. Presented at ICT Systems Security and Privacy Protection (SEC 2024), Edinburgh
| Presentation Conference Type | Conference Paper (published) |
|---|---|
| Conference Name | ICT Systems Security and Privacy Protection (SEC 2024) |
| Start Date | Jun 12, 2024 |
| End Date | Jun 14, 2024 |
| Online Publication Date | Jul 26, 2024 |
| Publication Date | 2024 |
| Deposit Date | Aug 21, 2024 |
| Publicly Available Date | Jul 27, 2025 |
| Publisher | Springer |
| Peer Reviewed | Peer Reviewed |
| Pages | 119-133 |
| Series Title | IFIP Advances in Information and Communication Technology |
| Series ISSN | 1868-4238 |
| Book Title | ICT Systems Security and Privacy Protection 39th IFIP International Conference |
| ISBN | 978-3-031-65174-8 |
| DOI | https://doi.org/10.1007/978-3-031-65175-5_9 |
| Keywords | Authentication, Password, Entropy, Google n-Gram |
Files
This file is under embargo until Jul 27, 2025 due to copyright reasons.
Contact repository@napier.ac.uk to request a copy for personal use.
You might also like
Chaotic Quantum Encryption to Secure Image Data in Post Quantum Consumer Technology
(2024)
Journal Article
SRSS: A New Chaos-Based Single-Round Single S-Box Image Encryption Scheme for Highly Auto-Correlated Data
(2023)
Presentation / Conference Contribution
CellSecure: Securing Image Data in Industrial Internet-of-Things via Cellular Automata and Chaos-Based Encryption
(2023)
Presentation / Conference Contribution
Downloadable Citations
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search