当前位置:
X-MOL 学术
›
Comput. Secur.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Evaluating the Strength of a Multilingual Passphrase Policy
Computers & Security ( IF 5.6 ) Pub Date : 2020-05-01 , DOI: 10.1016/j.cose.2020.101746 Pardon Blessings Maoneke , Stephen Flowerday , Naomi Isabirye
Computers & Security ( IF 5.6 ) Pub Date : 2020-05-01 , DOI: 10.1016/j.cose.2020.101746 Pardon Blessings Maoneke , Stephen Flowerday , Naomi Isabirye
Abstract A number of studies have advocated for the use of long passwords (passphrases) with the aim of attaining a balance between security and usability. This study investigated the security gains of using a multilingual passphrase policy in user generated passphrases that are based on African and Indo-European languages. The research on passwords has been largely focused on the Global North where English is often the first or only language. Targeted password guessing of English and Chinese-based passwords shows that a user's mother tongue language can influence password structure, something that reflects on security. Given a multilingual user group, for example in Africa, it is interesting to establish whether such a population can generate secure multilingual passphrases. Accordingly, the findings of this study could be extrapolated to other contexts with multilingual users. In this study, a total of 224 university students in Southern Africa were invited to take part in an experiment that involved the generation of passwords and passphrases guided by a short password and multilingual passphrase policy. The results show that English language-oriented passwords dominated the short password corpora. Moreover, the use of a multilingual passphrase policy reduced the dominance of English language-oriented passwords. Security tests using a Probabilistic Context-Free Grammar (PCFG) suggest that short passwords are weaker, with marginally more than 50% of the short passwords being guessed while none of the multilingual passphrases were guessed. Further analysis shows that short passwords oriented towards an Indo-European language were easier to guess when compared to short passwords based on African languages. Hence, this study encourages orienting passwords to other languages, with the use of a multilingual passphrase policy expected to offer more security.
中文翻译:
评估多语言密码策略的强度
摘要 许多研究提倡使用长密码(密码短语),目的是在安全性和可用性之间取得平衡。本研究调查了在基于非洲和印欧语言的用户生成密码中使用多语言密码策略的安全收益。对密码的研究主要集中在英语通常是第一或唯一语言的全球北部。对英文和中文密码的针对性密码猜测表明,用户的母语语言可以影响密码结构,这反映了安全性。给定一个多语言用户组,例如在非洲,确定这样的用户群是否可以生成安全的多语言密码是很有趣的。因此,这项研究的结果可以外推到多语言用户的其他环境中。在这项研究中,共有 224 名南部非洲大学生被邀请参加一项实验,该实验涉及在短密码和多语言密码策略指导下生成密码和密码短语。结果表明,面向英语的密码在短密码语料库中占主导地位。此外,多语言密码策略的使用降低了面向英语的密码的主导地位。使用概率上下文无关文法 (PCFG) 的安全测试表明,短密码较弱,略多于 50% 的短密码被猜到,而多语言密码没有被猜到。进一步的分析表明,与基于非洲语言的短密码相比,面向印欧语言的短密码更容易猜到。因此,本研究鼓励将密码定向到其他语言,使用多语言密码策略有望提供更高的安全性。
更新日期:2020-05-01
中文翻译:
评估多语言密码策略的强度
摘要 许多研究提倡使用长密码(密码短语),目的是在安全性和可用性之间取得平衡。本研究调查了在基于非洲和印欧语言的用户生成密码中使用多语言密码策略的安全收益。对密码的研究主要集中在英语通常是第一或唯一语言的全球北部。对英文和中文密码的针对性密码猜测表明,用户的母语语言可以影响密码结构,这反映了安全性。给定一个多语言用户组,例如在非洲,确定这样的用户群是否可以生成安全的多语言密码是很有趣的。因此,这项研究的结果可以外推到多语言用户的其他环境中。在这项研究中,共有 224 名南部非洲大学生被邀请参加一项实验,该实验涉及在短密码和多语言密码策略指导下生成密码和密码短语。结果表明,面向英语的密码在短密码语料库中占主导地位。此外,多语言密码策略的使用降低了面向英语的密码的主导地位。使用概率上下文无关文法 (PCFG) 的安全测试表明,短密码较弱,略多于 50% 的短密码被猜到,而多语言密码没有被猜到。进一步的分析表明,与基于非洲语言的短密码相比,面向印欧语言的短密码更容易猜到。因此,本研究鼓励将密码定向到其他语言,使用多语言密码策略有望提供更高的安全性。
京公网安备 11010802027423号