With the continuous development of authentication approaches, password-based authentication is still the first choice for various online services today. The security of password-based authentication relies heavily on the strength of the passwords created by users. Password enhancement is a general way to increase the difficulty of cracking a password. An ideal password enhancement strategy should take into account both the usability (mainly the memorability) and the security of passwords. However, it has been found that the higher the password strength, the lower the usability of the password, and vice versa. In order to balance the usability and the security of the password, we propose a password enhancement method based on semantic transformation, which can effectively analyze the semantic structure of a given password. This enhances the password's strength through one or more password semantic transformations to make the password better protected against guessing attacks. Finally, we use publicly available real-world password data sets leaked in previous security incidents to conduct experiments. Our password enhancement strategy significantly reduces the proportion of guesses by a classic password guessing attack, which demonstrates the effectiveness of the method.

中文翻译：

---

基于语义转换的密码增强

随着身份验证方法的不断发展，基于密码的身份验证仍然是当今各种在线服务的首选。基于密码的身份验证的安全性在很大程度上取决于用户创建的密码的强度。密码增强是增加破解密码难度的一般方法。理想的密码增强策略应同时考虑密码的可用性（主要是存储性）和安全性。但是，已经发现密码强度越高，密码的可用性越低，反之亦然。为了平衡密码的可用性和安全性，我们提出了一种基于语义转换的密码增强方法，可以有效地分析给定密码的语义结构。通过一个或多个密码语义转换，可以增强密码的强度，从而更好地保护密码免受猜测攻击。最后，我们使用在先前的安全事件中泄漏的公开可用的现实世界密码数据集进行实验。我们的密码增强策略通过经典的密码猜测攻击大大降低了猜测的比例，这证明了该方法的有效性。