Abstract
In this paper we measure the accuracy of password strength meters (PSMs) using password guessing resistance against off-the-shelf guessing attacks. We consider 13 PSMs, 5 different attack tools, and a random selection of 60,000 passwords extracted from three different datasets of real-world password leaks. Our results show that a significant percentage of passwords classified as strong were cracked, thus suggesting that current password strength estimation methods can be improved.
Alexandra Mendes
Assistant Professor
My research focuses on innovative user interfaces for formal methods and mathematical approaches to software quality. More recently, I started work on usable security, in particular on the impact of formal verification on the use and adoption of formally verified security software product. Much of my most recent work overlaps with the area of software engineering. I am also interested on innovative and fun ways to teach Computer Science. For more details, see selected publications and some of my projects. Follow me on Twitter or add me on LinkedIn.