IEEE Access (Jan 2024)
A Study on Markov-Based Password Strength Meters
Abstract
Nowadays, passwords play an important role in ensuring practical security. Password strength meters (PSMs) are typical and well-known tools developed to help users estimate password strength. Among existing PSMs, Markov-based PSMs offer high accuracy and reliability. However, these PSMs are often compared with other types of PSMs, and no study has compared their accuracy in detail. Two types of Markov models introduced in previous studies are the Simple Markov Model (SMM) and the Layered Markov Model (LMM). When calculating the probability of a password, these models consider two factors: character position and password length. However, these two models do not cover all possible cases of these two factors. In this paper, we introduce the application of two new Markov models, which can be seen as “hybrid models” of SMM and LMM, into PSMs, called Simple Markov Model with password length consideration (SMMl) and unique Layered Markov Model (uLMM), to cover all the missing cases. Then, we present two specific scenarios and compare the effectiveness of four types of Markov models in evaluating passwords based on these two scenarios. The experimental results indicate that the SMMl model, one of the two models proposed in this paper, yields the best effectiveness. This result also suggests that the number of samples of sub-string sequences obtained during the training process affects the effectiveness of password evaluation. Therefore, we conduct a detailed analysis related to this issue. These results will support us in developing new PSMs in the future.
Keywords
