CN106934275B - Password strength evaluation method based on personal information - Google Patents

Password strength evaluation method based on personal information Download PDF

Info

Publication number
CN106934275B
CN106934275B CN201710047216.7A CN201710047216A CN106934275B CN 106934275 B CN106934275 B CN 106934275B CN 201710047216 A CN201710047216 A CN 201710047216A CN 106934275 B CN106934275 B CN 106934275B
Authority
CN
China
Prior art keywords
password
user
influence factor
value
name
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710047216.7A
Other languages
Chinese (zh)
Other versions
CN106934275A (en
Inventor
何道敬
叶冉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
East China Normal University
Original Assignee
East China Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by East China Normal University filed Critical East China Normal University
Priority to CN201710047216.7A priority Critical patent/CN106934275B/en
Publication of CN106934275A publication Critical patent/CN106934275A/en
Application granted granted Critical
Publication of CN106934275B publication Critical patent/CN106934275B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a password strength evaluating method based on personal identification information, which comprises the following steps: when a user registers for a website service, collecting influence factor fields of personal information for user password construction; classifying the influence factor fields respectively and labeling the influence factor fields according to an actual conversion form; when a user inputs a password, according to the extracted and collected user information influence factors, calculating a coverage value of the influence factor field containing personal information in the current user constructed password, and calculating a password intensity value by combining the coverage value with a traditional heuristic and mode detection method, wherein the maximum threshold value allowed to contain personal identification information in the received password is selected by the target website as an acceptance measurement index of the password intensity. The invention provides a password strength evaluation method added with personal identification information measurement factors for the first time. The method has the characteristics of immediate effective password strength value feedback, plug and play of influence factors, easiness in selection and the like, and helps a user to select a password with higher safety degree.

Description

Password strength evaluation method based on personal information
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a user password strength evaluation method based on personal information.
Background
With the development of the internet and the continuous promotion of the informatization process, the daily life of individuals is continuously networked, the assets are continuously digitalized, and the identity authentication becomes a basic means for guaranteeing the information security of users. Due to the characteristics of simple and easy use, low cost and easy deployment of the text password, the text password gradually becomes the most widely applied identity authentication mode in ensuring the security of the information system. But at the same time, due to the user's requirement for easy memorability, the password is not a random character component in the actual sense, but is directly related to the user's intrinsic motivation for behavior and the external environment. Therefore, users often choose weak passwords that are simple but easy to remember when constructing passwords, which can easily lead to brute force and dictionary attacks by lawbreakers.
In order to provide timely feedback of the Password Strength result to the user, mainstream internet service providers forcibly perform Password Strength evaluation (PSM for short) to help the user select and improve the constructed Password Strength when the user registers a website service or modifies the Password. At present, the design of the password strength evaluation device of most mainstream websites is based on a heuristic method, sufficient effort is not invested for targeted optimization, the password strength result fed back to a user is inconsistent, the password strength result often conflicts with the evaluation result of other websites, and the user is inevitably confused, frustrated and misunderstood. According to different underlying design ideas, the password strength evaluators can be divided into three categories, namely rule-based, pattern-based inspection and attack-based algorithm. The rule-based PSM method is mainly determined by the length and the type of the included character, and most of the password strength evaluation methods currently applied to mainstream websites are rule-based methods, typically represented by National Institute of Standards and Technology PSM (NIST-PSM). The PSM method based on the pattern inspection mainly aims to detect the construction pattern (such as keyboard sequence, first letter case, sequential character pattern) to which each subsection of the password belongs, then, corresponding scores are given to each found pattern, and then the scores of all the patterns of the password are added to obtain the password strength value, which typically represents Zxcvbn. The PSM method based on the attack algorithm is mainly used for attacking a given password based on the current advanced password attack algorithm and judging the strength according to the difficulty degree of the attack (such as guessing times required by cracking and time dimension required by cracking). Typical representatives are PCFG-based PSM and Markov-based PSM.
With the continuous explosion of user information and password disclosure events by internet services and based on more intensive research on user vulnerability behaviors, it is found that internet users tend to mix personal information for easy memory when constructing passwords. Through the analysis of the existing leakage data set in real life, the user is often influenced by personal native language preference, name, birthday and other factors when constructing the password. Meanwhile, if an attacker knows the password construction behaviors of the users and carries out password guessing attack in a targeted manner, namely the attack is guessed by using the directed password based on the personal information of the users, the risks of user information leakage and personal asset loss are greatly increased. The current mainstream password strength evaluation device cannot give an accurate evaluation result for the weak password in the situation.
Disclosure of Invention
The invention aims to overcome the defects and shortcomings of the prior art method, and provides a password strength evaluation method based on personal identification information on the basis of the traditional password strength evaluation method, which firstly proposes to add personal information classification tagging treatment on the basis of inheriting a context probability-free grammar, can conveniently and accurately detect personal information contained in a password and different hidden change forms, can also very easily add other consideration factors into a website service provider, can obtain the personal identification information not only from the input of a user, but also through other various modes such as website crawlers, cross-site information utilization, leaked data sets and the like, can well resist the guessing attack based on the oriented password, can combine the traditional rule-based and heuristic-based methods, and simultaneously can realize the evaluation of the password strength based on the length of the password, And the user is helped to select the password with higher security by considering the aspects of character composition, keyboard mode, common weak password table and the like.
A personal information collection stage: when a user registers for a website service, collecting influence factor fields of personal information for user password construction;
and (3) classification labeling treatment stage: classifying the influence factor fields respectively and labeling the influence factor fields according to an actual conversion form;
password intensity value calculation stage: when a user inputs a password, according to the extracted and collected user information influence factors, calculating a coverage value of the influence factor field containing personal information in the current user constructed password, and calculating a password intensity value by combining the coverage value with a traditional heuristic or mode detection method, such as: the length of the user password, the composition of the influence factors, the combination of types and the like. The target web site selects the maximum threshold allowed to contain personal identification information in the accepted password as the acceptance measure of the password strength.
Wherein, the collecting means of the influence factor field comprises a direct extraction mode and an indirect extraction mode; the direct extraction mode is information which is input by a user when the user registers the website service and is used for password construction, and the information comprises a user name, a birthday, a telephone number, an identity card number, a registered user name, a registered mailbox address which are directly used for password construction, and native language preference, gender, age and website name which are indirectly used for password construction; the user related information acquired by the indirect extraction mode comprises website crawlers, existing leaked data sets and cross-site user information utilization.
Wherein, the classification labeling processing stage comprises the following steps:
b1. based on the processing thought of the context probability-free grammar, the invention classifies the password construction influence factor field into a letter segment L, a number segment D and a special character segment S. The core of the context probability-free grammar algorithm assumes that a letter segment L, a number segment D and a special character segment S of the password are mutually independent, and the password is segmented according to the three character types when being analyzed. And the existing password data set is subjected to statistical analysis training to obtain the frequency of various modes and the frequency table of each character component in the modes, which is a processing method and an idea which are commonly used in the password analysis at present.
b2. And further performing corresponding labeling definition on the classified influence factor fields according to the specific change mode of the influence factors in the actual password construction process. E.g., user name impact factor class corresponds to letter segment L and label N1~N6,N1Full spelling, N, representing the user's name2Acronym for name of user, N3Last name field letter, N, representing the user's name4Name field letter, N, representing the name of the user5Letters, N, representing the full name field and the abbreviated name field of the user's name6Letters representing a full name field and an abbreviated name field of a user name; the user birthday influence factor classification is corresponding to a number segment D and labeled B1~B10,B1Composition format of year, month, day (y.m.d) data part representing birthday, B2Composition format of the month, day, year (m.d.y) data part representing the birthday, B3Composition format of the date-and-month-year (d.m.y) data part representing a birthday, B4Combination format for data portion of day part (D) in birthday,B5Composite format representing data part of month (M) of birthday, B6A composition format representing month and day (M.D) data parts in a birthday, B7A combination format representing the year and month (Y.M) data parts of the birthday, B8Representing the second two digits of a year plus month and day (Y)1/2M.D) composition format of data parts, B9Represents the month and day of the birthday plus two digits after the year (m.d.y)1/2) Composite format of data parts, B10A combined format representing month and year (M.Y) data portions of a birthday.
Wherein, the password intensity value calculation stage comprises the following steps:
c1. when the user enters the constructed personal password at the target website, extracting the entered password characters for step c 2;
c2. and in the password strength calculation process, the password characters extracted in the step c1 are received and calculated with the influence factor fields after labeling processing, and the coverage value of the personal information contained in the password is obtained.
c3. And according to the maximum threshold value allowed to contain the personal identification information in the password set by the target website, selecting acceptance or rejection for the password with the coverage value lower or higher than the set maximum threshold value in the step c2, and using the acceptance or rejection as an index based on the strength evaluation of the personal information password.
Compared with the prior art, the invention has the following advantages and effects:
(1) password guessing against orientation: the invention provides a simple and easy-to-use password strength evaluating tool based on personal information during registration and personal information acquired in other ways for the first time, and combines the current mainstream PSM design mode to well guide a user to select a password containing the personal information as little as possible, thereby being capable of resisting directed password guess.
(2) An evaluation algorithm based on a specific probability model: the method is a password guessing algorithm completely built on a strict probability model based on a context-free grammar, the model is applied to the design of a password strength evaluation device for the first time, and the change form of the influence factors in the personal information can be judged more accurately through training of the leakage data sets of the same type and a scientific classification method.
(3) Allowed dynamic impact factors: the security of the user password construction is further improved by adding personal information detection on the basis of the traditional rule-based intensity evaluation device. The selection of the website on the personal information influence factors can be dynamically changed, and suitable influence factors can be freely selected and added or shielded according to different application scenes. Meanwhile, the influence factors can be acquired by abundant means without being limited to a single mode, so that the precision of the evaluation result is improved.
(4) In combination with the conventional PSM design: the method can be combined with the traditional rule-based and heuristic PSM-based design method, and not only considers personal identification information contained in the password construction process, but also considers the length, character composition, keyboard mode, common weak password table and other aspects of the password. Thereby helping the user select a more secure password while resisting directed guessing attacks.
Drawings
FIG. 1 is a flow chart of the present invention
FIG. 2 is a labeling diagram proposed based on the context probability-free grammar processing idea.
Detailed Description
The related technical terms are as follows:
PSM-Password intensity assessor (passed Strength Metric)
PCFG-Context-based probability-Free grammar (Probalistic Context-Free grammar)
PI-Personal information (Personal information)
The present invention will be described in further detail with reference to examples and drawings, but the embodiments of the present invention are not limited thereto.
Examples
As shown in fig. 1, the password strength evaluation method based on personal information is divided into three stages: the method specifically comprises the following steps:
a personal information collection stage: when a user registers for a web service, the personal information impact factor field that may be used to construct a user password is extracted.
And (3) classification labeling treatment stage: classifying the extracted password construction influence factor fields and labeling the influence factor fields according to an actual conversion form;
password intensity value calculation stage: when the user inputs the password, the coverage value of the influence factors in the user constructed password is calculated according to the extracted and collected user information influence factors, and the password strength value is calculated by combining the coverage value with a heuristic detection method or a mode detection method. The target website self-selects the maximum threshold value allowed to contain personal identification information in the password as the acceptance measurement index of the password strength.
In the personal information collection stage, the personal identification information of the user is various, and some personal information is composed of letters, such as name and hobby; some personal information is composed of numbers, such as birthdays and mobile phone numbers; some are mixed letters, numbers, and characters, such as a user name. Meanwhile, some personal information can be directly used for password construction, such as name and birthday; some personal information is not directly available for password construction, such as gender and education. In the stage, effective analysis and extraction are carried out according to information filled in during user registration and information collected in other modes, in order to improve efficiency and accuracy, relevant similar data sets leaked in reality can be analyzed, relevant fields and change forms of the fields are extracted in a targeted mode, and attack guessing of cross-site reutilization of user passwords can be resisted to a certain extent.
In the stage of classification tagging, the inventor considers that the efficiency of the mainstream directional guess attack based on rich personal information is much higher than that of the past walk guess attack, such as: Personal-PCFG, Personal-Markov. Therefore, the inventor classifies the collected personal information into letter segments L and numbers according to fields based on the algorithm thought of expanding PCFGThe field D and the special character field S are divided into a main influence factor and a secondary influence factor according to the influence degree of personal information when the password is constructed. Different from the conventional PCFG algorithm, only the length of a field, such as L, is considered3I.e., a length of 3, which is an expression in the form of underestimation and overestimation because it does not take into account the variation of the user's personal information when actually used to construct the password. The embodiment of the invention provides a method for labeling personal information fields in the password strength evaluation process, and the method fully considers the change form of each field and performs labeling representation by analyzing the behavior change of the password constructed by a user in an actual scene.
In particular embodiments, for example, the user name impact factor classification corresponds to an letter segment L and the label is N1~N6,N1Full spelling, N, representing the user's name2Acronym for name of user, N3Last name field letter, N, representing the user's name4Name field letter, N, representing the name of the user5Letters, N, representing the full name field and the abbreviated name field of the user's name6Letters representing a full name field and an abbreviated name field of a user name; the user birthday influence factor classification is corresponding to a number segment D and labeled B1~B10,B1Composition format of year, month, day (y.m.d) data part representing birthday, B2Composition format of the month, day, year (m.d.y) data part representing the birthday, B3Composition format of the date-and-month-year (d.m.y) data part representing a birthday, B4A combination format showing the data part of the day part (D) of the day, B5Composite format representing data part of month (M) of birthday, B6A composition format representing month and day (M.D) data parts in a birthday, B7A combination format representing the year and month (Y.M) data parts of the birthday, B8Representing the second two digits of a year plus month and day (Y)1/2M.D) composition format of data parts, B9Represents the month and day of the birthday plus two digits after the year (m.d.y)1/2) Composite format of data parts, B10Representing the month of the birthdayCombined format of the year and year (M.Y) data portions. This classification takes into account not only the length of each tag value, but also the variation of the impact factor.
In the phase of calculating the password intensity value, the invention provides a method for calculating the coverage, which firstly considers the actual change form of a certain influence factor label value in each field classification, and if any label value is not detected, then continuously considers the coverage length value of the influence factor under the sliding window. The specific definition is as follows: the Personal Information Coverage value (PICM) is calculated by the following formula:
Figure BDA0001216596400000051
wherein lfiIndicating the length, L, of the label value corresponding to a match to an impact factorpRepresenting the length of the constructed password entered by the user. The value range of the PICM is between 0 and 1, the value 0 represents that the selected personal information influence factor is not detected in the password, the value 1 represents that the selected personal information influence factor is completely matched in the password, the larger the coverage value is, the more the personal information influence factor is covered, and the weaker the strength of the corresponding password is. In matching password impact factor lengths, the inventors define a length array to record the length of the matched tag under different impact factors, such as N for matching the impact factor of the user name in the password letter field3Tag value, N is recorded first in the array3The length of the tag value. However, if the password number field is not matched with any label value in the birthday influence factors of the user, the inventor needs to further analyze the influence factors of the password number field according to the influence factors of the data field, define a sliding window with an initial value of 2 to sequentially search the matched passwords in the birthday influence factors from the beginning for the same number length, if the matching is successful, increase the size of the sliding window by 1 each time, and record the matched lengths into an array at the moment when the matching is failed. In this case, there may be several records with length of 2 but no practical meaning in the array due to matching characters by chance, and therefore, the sum of the elements of the array is calculatedAnd in the process, the calculation result is expressed in a form of power value, so that the influence of the length data without practical significance is reduced, and the problem of data sparsity in the process of calculating the coverage of the influence factor is avoided. In particular embodiments, the person-constructed password is represented as L in PCFG, taking into account only the PI impact factors for name and birthday mentioned above4D6S3The password constructed on behalf of the user contains letters of length 4, numbers of length 6, and special characters of length 3. The personal information coverage value is calculated as follows:
for the letter segment L, the label values are matched in the same type of influence factor, in the embodiment only the name and the birthday are considered, so that the name label N defined in the above is matched here in turn1~N6And if so, assigning the length of the tag value to lfi. Otherwise, defining a sliding window with initial length of 2 to sequentially search the longest continuous matching length assignment l rich in name field in passwordfiHere, |fiMay contain multiple values, then the last lfiIs the sum of the squares of these several values. The data segment D and the special character segment S can be calculated according to the above method.
The evaluation of the password strength can be combined with the personal information coverage value and the password strength evaluation means based on the traditional heuristic and rule such as length, character composition, keyboard mode, common weak password table and the like to set a strength threshold, namely, the website can set a maximum personal password strength threshold which is lower than the threshold, so that the personal information security contained in the password of the user is in an acceptable range, otherwise, the password is rejected. Under the condition, the password with the common weak password can be rejected, feedback can be provided for the password rich in personal information, and the guess of the more harmful directional attack can be resisted, so that the user can be helped to select the more robust password.
The protection of the present invention is not limited to the above embodiments. Variations and advantages that may occur to those skilled in the art may be incorporated into the invention without departing from the spirit and scope of the inventive concept, and the scope of the appended claims is intended to be protected.

Claims (4)

1. A password intensity evaluating method based on personal identification information is characterized by comprising the following stages:
a personal information collection stage: when a user registers for a website service, collecting influence factor fields of personal information for user password construction; the collecting means of the influence factor field comprises a direct extraction mode and an indirect extraction mode;
the direct extraction mode is information which is input by a user when the user registers the website service and is used for password construction, and the information comprises a user name, a birthday, a telephone number, an identity card number, a registered user name, a registered mailbox address which are directly used for password construction, and native language preference, gender, age and website name which are indirectly used for password construction;
the user related information acquired by the indirect extraction mode comprises website crawlers, existing leakage data sets and cross-site user information utilization;
the website dynamically changes the selection of the personal information influence factors, and selects and adds or shields proper influence factors according to different application scenes;
and (3) classification labeling treatment stage: classifying the influence factor fields respectively and labeling the influence factor fields according to an actual conversion form; the classification labeling processing stage comprises the following steps:
b1. classifying the influence factor field into a letter segment L, a number segment D and a special character segment S based on a password analysis processing method;
b2. further performing corresponding labeling definition on the classified influence factor fields according to the specific change mode of the influence factors in the actual user password construction process; specifically, the user name impact factor classification corresponds to an letter segment L and a label N1~N6,N1Full spelling, N, representing the user's name2Acronym for name of user, N3Last name field letter, N, representing the user's name4Name field letter, N, representing the name of the user5Words representing the surname full name field and the first name abbreviated field of the user's nameMother, N6Letters representing a full name field and an abbreviated name field of a user name; the user birthday influence factor classification is corresponding to a number segment D and labeled B1~B10,B1Composition format of year, month and day data part representing birthday, B2Composition format of month, day, year data part representing birthday, B3Composition format of the date and month data part representing the birthday, B4Composition format showing the data part of the day in the birthday, B5Composition format representing month data part in birthday, B6A combined format representing the month and day data parts of the birthday, B7A combination format representing the year and month data parts of the birthday, B8A combination format representing the last two years of a year plus the data part of the month and day, B9A composition format representing the month and day of the birthday plus two-bit data part after year, B10A combination format representing month and year data parts in a birthday;
password intensity value calculation stage: when a user inputs a password, calculating a coverage value of an influence factor field containing personal information in the current user constructed password according to the extracted and collected user information influence factors, and combining the coverage value with a heuristic detection method or a mode detection method to calculate a password intensity value; the method specifically comprises the following steps:
c1. when a user inputs a personal password at a target website, extracting input password characters;
c2. receiving the password characters and the influence factor fields subjected to labeling processing in the password strength calculation process to calculate to obtain a coverage value containing personal information in the password, and combining the coverage value with a heuristic detection method or a mode detection method to calculate a password strength value; the method specifically comprises the following steps:
c21. dividing the password characters input by the user into an letter segment L, a number segment D and a special character segment S according to a processing method based on the probability context-free grammar; calculating label values classified into letter sections L in the letter sections L of the password and the influence factors, calculating label values classified into number sections D in the number sections D and the influence factors, and calculating label values classified into special character sections S in the special character sections S and the influence factors;
c22. calculating a personal information coverage value, wherein the coverage value is expressed by the following formula:
Figure FDA0002536134320000021
wherein the index i denotes the ith selected influence factor, lfiIndicating that the matched i-th influence factor corresponds to the length of the label value, LpRepresents the total length of the password entered by the user; the method specifically comprises the following steps:
an influence factor l contained in the calculation of the passwordfiWhen the length value is obtained, firstly, sequentially matching all label values defined in an influence factor under the classification, and if the label values are matched, recording the length of the label values; if all defined label values in the influence factor are not matched, traversing the password by a dynamic sliding window method with the defined initial value of 2, recording the length of the matched character containing the longest continuous influence factor in the password characters, otherwise, recording the length of the character containing the longest continuous influence factor in the influence factorfiThe value is 0;
c3. and according to the maximum threshold value which is allowed to contain the personal identification information in the passwords set by the target website, accepting the password with the coverage value lower than the maximum threshold value, and rejecting the password with the coverage value higher than the maximum threshold value.
2. The password strength evaluating method according to claim 1, wherein the influence factor field includes a primary influence factor and a secondary influence factor; the main influence factor refers to a component of a personal information field of a user which is widely used for personal password construction; the secondary influence factor refers to an information field which partially influences the construction of the user password due to the difference of different registered website services.
3. The password strength evaluating method according to claim 1, wherein the length of the matched influence factor is measured in power.
4. The password strength evaluation method according to claim 1, wherein the maximum personal identification information threshold in step c3 is an extreme security index value allowed by the website to accept a security password, and the comprehensive consideration includes the personal identification information of the user, and in combination with the rule and pattern based strength evaluation method, the consideration factors of the rule and pattern based strength evaluation method include: the length of the user password, the composition of the influence factors, the type combination and the keyboard mode.
CN201710047216.7A 2017-01-22 2017-01-22 Password strength evaluation method based on personal information Active CN106934275B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710047216.7A CN106934275B (en) 2017-01-22 2017-01-22 Password strength evaluation method based on personal information

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710047216.7A CN106934275B (en) 2017-01-22 2017-01-22 Password strength evaluation method based on personal information

Publications (2)

Publication Number Publication Date
CN106934275A CN106934275A (en) 2017-07-07
CN106934275B true CN106934275B (en) 2020-10-16

Family

ID=59423820

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710047216.7A Active CN106934275B (en) 2017-01-22 2017-01-22 Password strength evaluation method based on personal information

Country Status (1)

Country Link
CN (1) CN106934275B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108121909A (en) * 2017-12-12 2018-06-05 深圳中琛源科技股份有限公司 A kind of detection method of weak passwurd, terminal device and storage medium
CN108540438A (en) * 2018-01-26 2018-09-14 上海实创信息科技有限公司 One kind is based on RFID secret protections identification verification device and its verification method
CN108470124B (en) * 2018-02-09 2022-10-04 华东师范大学 Password strengthening method based on fragile factor analysis
CN108509790A (en) * 2018-03-14 2018-09-07 华东师范大学 A kind of password strength assessment method based on group
CN108763918A (en) * 2018-04-10 2018-11-06 华东师范大学 A kind of password reinforcement method based on semantic transforms
CN108763920A (en) * 2018-05-23 2018-11-06 四川大学 A kind of password strength assessment model based on integrated study
CN109145582B (en) * 2018-06-05 2021-07-23 中国科学院信息工程研究所 Password guess set generation method based on byte pair encoding, password cracking method and device
CN110110518B (en) * 2019-04-08 2024-01-19 平安科技(深圳)有限公司 Password strength evaluation method, device and computer readable storage medium
CN110162961A (en) * 2019-05-13 2019-08-23 华东师范大学 Group's password intensity evaluation method based on integrated study
CN110334488B (en) * 2019-06-14 2021-03-02 北京大学 User authentication password security evaluation method and device based on random forest model
CN110336921B (en) * 2019-07-09 2021-01-15 华中师范大学 Android graph password strength measurement method and system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104268450A (en) * 2014-09-11 2015-01-07 浙江工业大学 Bulk password grading priori check method
CN105187382A (en) * 2015-08-05 2015-12-23 西安电子科技大学 Multi-factor identity authentication method for preventing library collision attacks

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104268450A (en) * 2014-09-11 2015-01-07 浙江工业大学 Bulk password grading priori check method
CN105187382A (en) * 2015-08-05 2015-12-23 西安电子科技大学 Multi-factor identity authentication method for preventing library collision attacks

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
A Study of Personal Information in Human-chosen Passwords and Its Security Implications;Yue Li等;《 IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications》;20160728;第Ⅰ-Ⅲ节 *
基于真实数据挖掘的口令脆弱性评估及恢复;刘功申等;《计算机学报》;20160331;第39卷(第3期);第454-467页 *

Also Published As

Publication number Publication date
CN106934275A (en) 2017-07-07

Similar Documents

Publication Publication Date Title
CN106934275B (en) Password strength evaluation method based on personal information
US9189746B2 (en) Machine-learning based classification of user accounts based on email addresses and other account information
CN110069609B (en) Referee document analysis method, referee document analysis device, computer equipment and storage medium
WO2019218699A1 (en) Fraud transaction determining method and apparatus, computer device, and storage medium
CN109815976A (en) A kind of certificate information recognition methods, device and equipment
Spinde et al. MBIC--A Media Bias Annotation Dataset Including Annotator Characteristics
US20150169745A1 (en) Document Sorting System, Document Sorting Method, and Document Sorting Program
CN106874253A (en) Recognize the method and device of sensitive information
CN107169063A (en) A kind of user property Forecasting Methodology and system based on social information
CN107872323B (en) Password security evaluation method and system based on user information detection
CN110175851A (en) A kind of cheating detection method and device
CN109462603A (en) Voiceprint authentication method, equipment, storage medium and device based on blind Detecting
CN108038173A (en) A kind of Web page classification method, system and a kind of Web page classifying equipment
CN106778357A (en) The detection method and device of a kind of webpage tamper
Alkhurayyif et al. Readability as a basis for information security policy assessment
CN104580109B (en) Generation clicks the method and device of identifying code
Nielek et al. Spiral of hatred: social effects in internet auctions. between informativity and emotion
CN113132368B (en) Chat data auditing method and device and computer equipment
JPWO2015118616A1 (en) Document analysis system, document analysis method, and document analysis program
CN113657773A (en) Method and device for testing speech technology, electronic equipment and storage medium
CN112016317A (en) Sensitive word recognition method and device based on artificial intelligence and computer equipment
CN114817518B (en) License handling method, system and medium based on big data archive identification
CN116401343A (en) Data compliance analysis method
CN108537428A (en) A kind of cloud service provider service quality evaluation method based on official website situation of change
CN111522747B (en) Application processing method, device, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP02 Change in the address of a patent holder
CP02 Change in the address of a patent holder

Address after: 200241 No. 500, Dongchuan Road, Shanghai, Minhang District

Patentee after: EAST CHINA NORMAL University

Address before: 200062 No. 3663, Putuo District, Shanghai, Zhongshan North Road

Patentee before: EAST CHINA NORMAL University