TY - GEN
T1 - Examining the Strength of Three Word Passwords
AU - Fraser, William
AU - Broadbent, Matthew
AU - Pitropakis, Nikolaos
AU - Chrysoulas, Christos
PY - 2024/7/26
Y1 - 2024/7/26
N2 - Passwords make up the most common method of authentication. With ever increasing computing power, password complexity has had to keep pace. This creates a challenge for remembering all complex passwords which some password policies attempt to resolve. One such policy is to use three random words rather than a complex alphanumeric password. This paper attempted to prove the security of using such three-word passwords. It was discovered both theoretically and experimentally that three-word passwords should not be considered secure. Theoretical entropy of a three-word password found in the 25,000 most common words would be 43.8, that is lower than the entropy of a lowercase only password. Experimental data, collected via participant survey, shows up to 85% of random words provided by participants could be found in the top 15,000 common words found in the Google n-Gram data and 86.47% of combinations could be found in 25,000 most common words. This would mean, for at least 86.47% of cases, the entropy of the password is less than passwords already considered insecure in the industry.
AB - Passwords make up the most common method of authentication. With ever increasing computing power, password complexity has had to keep pace. This creates a challenge for remembering all complex passwords which some password policies attempt to resolve. One such policy is to use three random words rather than a complex alphanumeric password. This paper attempted to prove the security of using such three-word passwords. It was discovered both theoretically and experimentally that three-word passwords should not be considered secure. Theoretical entropy of a three-word password found in the 25,000 most common words would be 43.8, that is lower than the entropy of a lowercase only password. Experimental data, collected via participant survey, shows up to 85% of random words provided by participants could be found in the top 15,000 common words found in the Google n-Gram data and 86.47% of combinations could be found in 25,000 most common words. This would mean, for at least 86.47% of cases, the entropy of the password is less than passwords already considered insecure in the industry.
KW - Authentication
KW - Entropy
KW - Google n-Gram
KW - Password
UR - http://www.scopus.com/inward/record.url?scp=85200718853&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-65175-5_9
DO - 10.1007/978-3-031-65175-5_9
M3 - Conference contribution
SN - 9783031651748
T3 - IFIP Advances in Information and Communication Technology
SP - 119
EP - 133
BT - ICT Systems Security and Privacy Protection. SEC 2024
PB - Springer
ER -