Researchers at INRIA and Ruhr University have developed a system designed to rate passwords relative to those already stored in a Web site's database, rather than follow rules for password strength. The password strength checker can tell users if their password is among the weakest 5 percent on a site and encourage them to choose a stronger alternative.
Existing password strength checkers might offer vague strength messages based on the length or number of special characters, but the researchers' system focuses on each sequence of characters within a password and compares them to a site's database to see how often those sequences occur in other passwords.
However, experts note that comparing a password to others could be risky. The researchers say they never use an entire password for comparisons, only sequences of a certain length, and add that a certain amount of noise is included in sequences to make it difficult for database-stealing hackers to reconstruct a valid password.
From New Scientist
View Full Article
Abstracts Copyright © 2012 Information Inc., Bethesda, Maryland, USA
No entries found