TY - GEN
T1 - Interpretable probabilistic password strength meters via deep learning
AU - Pasquini, Dario
AU - Ateniese, Giuseppe
AU - Bernaschi, Massimo
N1 - Publisher Copyright:
© Springer Nature Switzerland AG 2020.
PY - 2020
Y1 - 2020
N2 - Probabilistic password strength meters have been proved to be the most accurate tools to measure password strength. Unfortunately, by construction, they are limited to solely produce an opaque security estimation that fails to fully support the user during the password composition. In the present work, we move the first steps towards cracking the intelligibility barrier of this compelling class of meters. We show that probabilistic password meters inherently own the capability to describe the latent relation between password strength and password structure. In our approach, the security contribution of each character composing a password is disentangled and used to provide explicit fine-grained feedback for the user. Furthermore, unlike existing heuristic constructions, our method is free from any human bias, and, more importantly, its feedback has a clear probabilistic interpretation. In our contribution: (1) we formulate the theoretical foundations of interpretable probabilistic password strength meters; (2) we describe how they can be implemented via an efficient and lightweight deep learning framework suitable for client-side operability.
AB - Probabilistic password strength meters have been proved to be the most accurate tools to measure password strength. Unfortunately, by construction, they are limited to solely produce an opaque security estimation that fails to fully support the user during the password composition. In the present work, we move the first steps towards cracking the intelligibility barrier of this compelling class of meters. We show that probabilistic password meters inherently own the capability to describe the latent relation between password strength and password structure. In our approach, the security contribution of each character composing a password is disentangled and used to provide explicit fine-grained feedback for the user. Furthermore, unlike existing heuristic constructions, our method is free from any human bias, and, more importantly, its feedback has a clear probabilistic interpretation. In our contribution: (1) we formulate the theoretical foundations of interpretable probabilistic password strength meters; (2) we describe how they can be implemented via an efficient and lightweight deep learning framework suitable for client-side operability.
KW - Deep learning
KW - Password security
KW - Strength meters
UR - http://www.scopus.com/inward/record.url?scp=85091564076&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85091564076&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-58951-6_25
DO - 10.1007/978-3-030-58951-6_25
M3 - Conference contribution
AN - SCOPUS:85091564076
SN - 9783030589509
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 502
EP - 522
BT - Computer Security – ESORICS 2020 - 25th European Symposium on Research in Computer Security, Proceedings
A2 - Chen, Liqun
A2 - Schneider, Steve
A2 - Li, Ninghui
A2 - Liang, Kaitai
T2 - 25th European Symposium on Research in Computer Security, ESORICS 2020
Y2 - 14 September 2020 through 18 September 2020
ER -