DeepMnemonic: Password Mnemonic Generation via Deep Attentive Encoder-Decoder Model

• URL: http://arxiv.org/abs/2006.13462v1
• Date: Wed, 24 Jun 2020 04:05:48 GMT
• Title: DeepMnemonic: Password Mnemonic Generation via Deep Attentive Encoder-Decoder Model
• Authors: Yao Cheng, Chang Xu, Zhen Hai, Yingjiu Li
• Abstract summary: We bridge the gap between strong password generation and the usability of strong passwords. We propose to automatically generate textual password mnemonics, i.e., natural language sentences, which are intended to help users better memorize passwords.
• Score: 26.797370435988853
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Strong passwords are fundamental to the security of password-based user authentication systems. In recent years, much effort has been made to evaluate password strength or to generate strong passwords. Unfortunately, the usability or memorability of the strong passwords has been largely neglected. In this paper, we aim to bridge the gap between strong password generation and the usability of strong passwords. We propose to automatically generate textual password mnemonics, i.e., natural language sentences, which are intended to help users better memorize passwords. We introduce \textit{DeepMnemonic}, a deep attentive encoder-decoder framework which takes a password as input and then automatically generates a mnemonic sentence for the password. We conduct extensive experiments to evaluate DeepMnemonic on the real-world data sets. The experimental results demonstrate that DeepMnemonic outperforms a well-known baseline for generating semantically meaningful mnemonic sentences. Moreover, the user study further validates that the generated mnemonic sentences by DeepMnemonic are useful in helping users memorize strong passwords.

Related papers

• A Large-Scale Survey of Password Entry Practices on Non-Desktop Devices [2.8698289487200856]
  We find that password entry on devices without password managers is a common occurrence and comes with significant usability challenges. These challenges lead users to weaken their passwords to increase the ease of entry. We conclude this paper with a discussion of how future research could address these challenges and encourage users to adopt generated passwords.
  arXiv  Detail & Related papers  (2024-09-04T19:28:36Z)
• PassTSL: Modeling Human-Created Passwords through Two-Stage Learning [7.287089766975719]
  We propose PassTSL (modeling human-created Passwords through Two-Stage Learning), inspired by the popular pretraining-finetuning framework in NLP and deep learning (DL) PassTSL outperforms five state-of-the-art (SOTA) password cracking methods on password guessing by a significant margin ranging from 4.11% to 64.69% at the maximum point. Based on PassTSL, we also implemented a password strength meter (PSM), and our experiments showed that it was able to estimate password strength more accurately.
  arXiv  Detail & Related papers  (2024-07-19T09:23:30Z)
• Nudging Users to Change Breached Passwords Using the Protection Motivation Theory [58.87688846800743]
  We draw on the Protection Motivation Theory (PMT) to design nudges that encourage users to change breached passwords. Our study contributes to PMT's application in security research and provides concrete design implications for improving compromised credential notifications.
  arXiv  Detail & Related papers  (2024-05-24T07:51:15Z)
• PassGPT: Password Modeling and (Guided) Generation with Large Language Models [59.11160990637616]
  We present PassGPT, a large language model trained on password leaks for password generation. We also introduce the concept of guided password generation, where we leverage PassGPT sampling procedure to generate passwords matching arbitrary constraints.
  arXiv  Detail & Related papers  (2023-06-02T13:49:53Z)
• Tram: A Token-level Retrieval-augmented Mechanism for Source Code Summarization [76.57699934689468]
  We propose a fine-grained Token-level retrieval-augmented mechanism (Tram) on the decoder side to enhance the performance of neural models. To overcome the challenge of token-level retrieval in capturing contextual code semantics, we also propose integrating code semantics into individual summary tokens.
  arXiv  Detail & Related papers  (2023-05-18T16:02:04Z)
• RiDDLE: Reversible and Diversified De-identification with Latent Encryptor [57.66174700276893]
  This work presents RiDDLE, short for Reversible and Diversified De-identification with Latent Encryptor. Built upon a pre-learned StyleGAN2 generator, RiDDLE manages to encrypt and decrypt the facial identity within the latent space.
  arXiv  Detail & Related papers  (2023-03-09T11:03:52Z)
• On Deep Learning in Password Guessing, a Survey [4.1499725848998965]
  This paper compares various deep learning-based password guessing approaches that do not require domain knowledge or assumptions about users' password structures and combinations. We propose a promising research experimental design on using variations of IWGAN on password guessing under non-targeted offline attacks.
  arXiv  Detail & Related papers  (2022-08-22T15:48:35Z)
• Skeptic: Automatic, Justified and Privacy-Preserving Password Composition Policy Selection [44.040106718326605]
  The choice of password composition policy to enforce on a password-protected system represents a critical security decision. In practice, this choice is not usually rigorous or justifiable, with a tendency for system administrators to choose password composition policies based on intuition alone. We propose a novel methodology that draws on password probability distributions constructed from large sets of real-world password data.
  arXiv  Detail & Related papers  (2020-07-07T22:12:13Z)
• Interpretable Probabilistic Password Strength Meters via Deep Learning [13.97315111128149]
  We show that probabilistic password meters inherently own the capability of describing the latent relation occurring between password strength and password structure. Unlike existing constructions, our method is free from any human bias, and, more importantly, its feedback has a probabilistic interpretation.
  arXiv  Detail & Related papers  (2020-04-15T16:05:50Z)
• Lost in Disclosure: On The Inference of Password Composition Policies [43.17794589897313]
  We study how password composition policies influence the distribution of user-chosen passwords on a system. We suggest a simple approach that produces more reliable results. We present pol-infer, a tool that implements this approach, and demonstrates its use inferring password composition policies.
  arXiv  Detail & Related papers  (2020-03-12T15:27:00Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.