From Very Weak to Very Strong: Analyzing Password-Strength Meters

Author(s): Xavier de Carné de Carnavalet and Mohammad Mannan

Download: Paper (PDF)

Date: 22 Feb 2014

Document Type: Briefing Papers

Additional Documents: Slides

Associated Event: NDSS Symposium 2014

Abstract:

We analyze password-strength meters from 11 highly popular web services by reverse-engineering their functionality, and testing them against nearly 4 million passwords from common dictionaries. Our results provide prominent characteristics of these meters, and show severe inconsistencies in strength outcomes that may confuse users in choosing a stronger password.