Password strength

Password strength is a measure of the effectiveness of a password against guessing or brute-force attacks. In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on average, to guess it correctly. The strength of a password is a function of length, complexity, and unpredictability. Using strong passwords lowers the overall risk of a security breach, but strong passwords do not replace the need for other effective security controls. The effectiveness of a password of a given strength is strongly determined by the design and implementation of the authentication factors (knowledge, ownership, inherence). The first factor is the main focus of this article. The rate at which an attacker can submit guessed passwords to the system is a key factor in determining system security. Some systems impose a time-out of several seconds after a small number (e.g. three) of failed password entry attempts. In the absence of other vulnera

About this result

This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Related publications (6)

Related publications

Related people

Related units

Related concepts (9)

Related concepts

Related courses (7)

This course provides an overview of information security and privacy topics. It introduces students to the knowledge and tools they will need to deal with the security/privacy challenges they are likely to encounter in today's Big Data world. The tools are illustrated with relevant applications.

This is an introductory course to computer security and privacy. Its goal is to provide students with means to reason about security and privacy problems, and provide them with tools to confront them.

This seminar introduces the participants to the current trends, problems, and methods in the area of communication security.

Related courses

Related lectures (21)

Related lectures

Interactive Mobile Robotic Drinking Glasses

Michele Leidi, Francesco Mondada, François Rey

The central idea behind this attempt is to merge common objects and robotics to obtain a new type of interactive artefact, we call robjects. Robjects provide services to everyday life and can be controlled by the user in a very intuitive way. Robjects take rarely the initiative, have few decisional autonomy. Most of their activity is centered and controlled by the interaction with the user. To test this concept in a concrete experimentwe decided to include mobile robotic technology into drinking glasses to improve their service on a table. Making them mobile and interactive brings a new dimension to the table, simplifies service and improves security. The system works in the following manner : when a user starts filling a glass, the other empty glasses come closer to get filled too and then go back to their initial position. Owners of the glasses can refuse to fill their glasses by simply bringing back the glass on its initial position as soon as the glass starts to move. The system has been prototyped and tested. The analysis of the interaction of some users shows strengths in interactivity and weaknesses in the speed of the system and in reliability of the actual prototype.

Springer2009

GenoGuard: Protecting Genomic Data Against Brute-Force Attacks

Erman Ayday, Jacques Fellay, Zhicong Huang, Jean-Pierre Hubaux, Ari Juels

Secure storage of genomic data is of great and increasing importance. The scientific community's improving ability to interpret individuals' genetic materials and the growing size of genetic database populations have been aggravating the potential consequences of data breaches. The prevalent use of passwords to generate encryption keys thus poses an especially serious problem when applied to genetic data. Weak passwords can jeopardize genetic data in the short term; given the multi-decade lifespan of genetic data, even the use of strong passwords with conventional encryption can lead to compromise. We present a tool called {\em GenoGuard} to provide strong protection for genomic data both today and in the long term. GenoGuard incorporates a new theoretical framework for encryption called honey encryption (HE) that can provide information-theoretic confidentiality guarantees for encrypted data. Previously proposed HE schemes, however, can unfortunately be applied to messages from only a very restricted set of probability distributions. GenoGuard thus addresses the open problem of applying HE techniques to the highly non-uniform probability distributions characterizing sequences of genetic data. In GenoGuard, a potential adversary can attempt to guess keys or passwords exhaustively and decrypt via a brute-force attack. We prove that decryption under any key, however, will yield a plausible genome sequence; thus GenoGuard offers an information-theoretic security guarantee against message-recovery attacks. We also explore attacks using side information. Finally, we present an efficient and parallelized software implementation of GenoGuard.

2015

GenoGuard: Protecting Genomic Data against Brute-Force Attacks

Erman Ayday, Jacques Fellay, Zhicong Huang, Jean-Pierre Hubaux, Ari Juels

Secure storage of genomic data is of great and increasing importance. The scientific community's improving ability to interpret individuals' genetic materials and the growing size of genetic database populations have been aggravating the potential consequences of data breaches. The prevalent use of passwords to generate encryption keys thus poses an especially serious problem when applied to genetic data. Weak passwords can jeopardize genetic data in the short term, but given the multi-decade lifespan of genetic data, even the use of strong passwords with conventional encryption can lead to compromise. We present a tool, called {\em GenoGuard}, for providing strong protection for genomic data both today and in the long term. GenoGuard incorporates a new theoretical framework for encryption called honey encryption (HE): it can provide information-theoretic confidentiality guarantees for encrypted data. Previously proposed HE schemes, however, can be applied to messages from, unfortunately, a very restricted set of probability distributions. Therefore, GenoGuard addresses the open problem of applying HE techniques to the highly non-uniform probability distributions that characterize sequences of genetic data. In GenoGuard, a potential adversary can attempt exhaustively to guess keys or passwords and decrypt via a brute-force attack. We prove that decryption under any key will yield a plausible genome sequence, and that GenoGuard offers an information-theoretic security guarantee against message-recovery attacks. We also explore attacks that use side information. Finally, we present an efficient and parallelized software implementation of GenoGuard.

2015

Password

A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, pa

Malware

Malware (a portmanteau for malicious software) is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorize

Password manager

A password manager is a computer program that allows users to store and manage their passwords for local applications or online services such as web applications, online shops or social media. Pas

This seminar introduces the participants to the current trends, problems, and methods in the area of communication security.