CN114722383A - Weak password monitoring method, device, equipment and storage medium - Google Patents
Weak password monitoring method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN114722383A CN114722383A CN202011534970.1A CN202011534970A CN114722383A CN 114722383 A CN114722383 A CN 114722383A CN 202011534970 A CN202011534970 A CN 202011534970A CN 114722383 A CN114722383 A CN 114722383A
- Authority
- CN
- China
- Prior art keywords
- password
- weak
- passwords
- test
- account
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method, a device, equipment and a storage medium for monitoring a weak password, wherein the method is used for acquiring an account to be processed; screening weak passwords in a weak password basic database according to screening conditions to obtain a preprocessed weak password list; carrying out password combination on the personal information corresponding to the account to be processed and the password in the preprocessing weak password list according to a preset password format template to obtain a plurality of test passwords for logging test; adding a plurality of test passwords to the preprocessing weak password list to obtain a password dictionary; carrying out weak password collision test on a target system by using the account to be processed and the password dictionary command to obtain a test result; and when the test result represents that the target system is successfully logged in, determining that the password corresponding to the account to be processed is a weak password. The monitoring accuracy of the weak password is improved, and the safety of the user account is guaranteed.
Description
Technical Field
The invention relates to the technical field of data security, in particular to a method, a device, equipment and a storage medium for monitoring a weak password.
Background
With the great improvement of the operation speed of modern computers and the more and more comprehensive and perfect of password dictionaries mastered by hackers, the feasibility and success rate of breaking account passwords in a brute force mode are increased, so that events that account passwords are broken and maliciously embezzled can be frequently encountered all the time.
Particularly, in an enterprise, in order to facilitate memory, a simple password such as "123456" or "admin" is often used by an employee as a password for a mailbox or various internal system accounts, but such a password is easily cracked by others, so that a risk of data leakage is caused, and great loss is brought to the enterprise. Therefore, weak password monitoring inside multiple enterprises is needed to improve data security inside the enterprises.
However, since the user password relates to privacy, if a method for monitoring after directly acquiring the user password in the prior art is adopted, the user privacy cannot be ensured, and the risk of account password leakage exists.
Disclosure of Invention
In view of the above, the present invention provides a weak password monitoring method, apparatus, device and storage medium that overcome the above problems or at least partially solve the above problems.
The embodiment of the invention provides a weak password monitoring method, which comprises the following steps:
obtaining an account to be processed; screening weak passwords in a weak password basic database according to screening conditions to obtain a preprocessed weak password list;
carrying out password combination on the personal information corresponding to the account to be processed and the password in the preprocessed weak password list according to a preset password format template to obtain a plurality of test passwords for logging test, wherein each test password comprises partial characters in the personal information and partial characters in the weak password;
adding a plurality of test passwords to the preprocessing weak password list to obtain a password dictionary;
carrying out weak password collision test on a target system by using the account to be processed and the password dictionary command to obtain a test result;
and when the test result represents that the target system is successfully logged in, determining that the password corresponding to the account to be processed is a weak password.
In some embodiments, the performing password combination on the personal information corresponding to the account to be processed and the passwords in the preprocessed weak password list according to a preset password format template to obtain a plurality of test passwords for performing login test includes:
disassembling each weak password in the preprocessed weak password list according to a disassembling rule to obtain a main password and a secondary password;
writing the subject password and the personal information into a first temporary list;
writing the secondary password to a second temporary list;
and calling a preset template, and combining the password in the first temporary list and the password in the second temporary list to obtain a plurality of test passwords.
In some embodiments, the preset template includes a combination priority, the invoking the preset template combines the password in the first temporary list and the password in the second temporary list to obtain a plurality of test passwords, including:
sequencing each password in the first temporary list and the second temporary list according to the hit times to obtain a sequenced first temporary list and a sequenced second temporary list;
and combining each password in the first temporary list with each password in the second temporary list respectively according to the combination priority to obtain a plurality of test passwords.
In some embodiments, the method further comprises:
eliminating exclusive information in the preprocessed weak password list, wherein the exclusive information is as follows: and the weak password is not matched with the personal information of the account to be processed.
In some embodiments, the weak password base database includes weak passwords that are historically hit, weak passwords that are commonly used internally, weak passwords that are historically leaked, and weak passwords that are commonly used at home and abroad;
the screening conditions comprise a first screening condition, a second screening condition and a third screening condition; the first screening condition is to obtain a history hit weak password, the second screening condition is to obtain a history hit weak password, an internal common weak password and a history leaked weak password, and the third screening condition is to obtain a history hit weak password, an internal common weak password, a history leaked weak password and a domestic and foreign common weak password.
In some embodiments, the preset password format template includes rules for performing password combinations and a format of a password.
Another aspect of the embodiments of the present invention provides a device for monitoring a weak password, including:
the acquisition module is used for acquiring the account to be processed;
the preprocessing module is used for screening weak passwords in the weak password basic database according to screening conditions to obtain a preprocessed weak password list;
the password recombination module is used for carrying out password combination on the personal information corresponding to the account to be processed and the passwords in the weak password list according to a preset password format template to obtain a plurality of test passwords for login test, wherein each test password comprises partial characters in the personal information and partial characters in the weak passwords;
the dictionary generation module is used for adding the test passwords into the preprocessing weak password list to obtain a password dictionary;
the test module is used for carrying out weak password collision test on the target system by using the account to be processed and the password dictionary command to obtain a test result;
and the output module is used for determining that the password corresponding to the account to be processed is a weak password when the test result represents that the target system is successfully logged in.
In another aspect, an embodiment of the present invention further provides an apparatus, where the apparatus includes at least one processor, and at least one memory and a bus connected to the processor; the processor and the memory complete mutual communication through the bus; the processor is configured to call program instructions in the memory to perform a weak password monitoring method as described above.
In another aspect, an embodiment of the present invention provides a storage medium, where the storage medium stores computer-executable instructions, and when the computer-executable instructions are loaded and executed by a processor, the weak password monitoring method is implemented as described above.
According to the technical scheme, the monitoring method, the device, the equipment and the storage medium of the weak password provided by the invention have the advantages that firstly, an account number to be processed is obtained; then, screening weak passwords in a weak password basic database according to screening conditions to obtain a preprocessed weak password list; carrying out password combination on the personal information corresponding to the account to be processed and the passwords in the weak password list according to a preset password format template to obtain a plurality of test passwords for login test, wherein each test password comprises partial characters in the personal information and partial characters in the weak passwords; adding a plurality of test passwords to the preprocessing weak password list to obtain a password dictionary; then, carrying out weak password collision test on the target system by using the account to be processed and the password dictionary command to obtain a test result; and when the test result represents that the target system is successfully logged in, determining that the password corresponding to the account to be processed is a weak password. The technical scheme of the invention can recombine the password dictionary according to the personal information and the weak password basic database, so that the specific monitoring can be carried out on each account to be processed on the premise of not acquiring the personal password, the privacy of the user can be ensured not to be leaked, the personalized monitoring can be carried out, the monitoring accuracy of the weak password is improved, and the safety of the user account is ensured.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 is a flowchart illustrating a weak password monitoring method according to an embodiment of the present invention.
Fig. 2 is a schematic structural diagram of a weak password monitoring apparatus according to an embodiment of the present invention.
Fig. 3 is a schematic structural diagram of an apparatus according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
The method and the device are used for monitoring the weak password, particularly effectively monitoring the weak password in the enterprise, and improving the data security of the enterprise.
It can be understood that a threat monitoring system is generally deployed in an enterprise, and when malicious blasting occurs, the enterprise is determined to be illegal intrusion. The technical scheme of the invention can be understood that security personnel in an enterprise can examine the vulnerability of the account number of the internal system, so that the method is beneficial to internal construction and has obvious effect.
In the embodiment of the invention, the password set by the user can be regarded as safe only by proving that the password set by the user is not a weak password without obtaining the password plaintext set by the user. If the password plaintext is directly acquired and directly detected, the risk of plaintext leakage exists, and once the risk occurs, irreparable loss can be caused to data in an enterprise. Therefore, in the embodiment of the invention, on the basis of not acquiring the password plaintext and on the premise of ensuring that the password set by the user is not leaked, the user information and the basic weak password of the user application are utilized to carry out password recombination, so that weak password monitoring on the password set by the user is realized, the monitoring precision of the weak password is improved, and the data security of enterprises is improved.
The following specifically describes embodiments of the present application.
The embodiment of the invention discloses a method for monitoring a weak password.
Referring to fig. 1, fig. 1 is a flowchart illustrating a weak password monitoring method according to an embodiment of the present invention.
The invention discloses a weak password monitoring method, which comprises the following steps:
s100, obtaining an account to be processed;
s200, screening weak passwords in a weak password basic database according to screening conditions to obtain a preprocessed weak password list;
the embodiment of the present invention may be a single monitoring system or application, and when the embodiment of the present invention is executed, the white list set by the target system releases the process executed by the monitoring system or application of the present invention.
In the embodiment of the invention, when the weak password needs to be monitored, the account to be processed is obtained. And the account to be processed is a login account of the target system. Where the target system may be a mailbox system, office system, or other system.
The account to be processed may include personal information, such as information that is closely related to an individual, such as a domain account, a mailbox account, a name, a mobile phone number, a birthday, and the like.
In actual use, an account management module may be provided, which maintains the personal information, and may acquire the personal information corresponding to the account to be processed through a provided unified interface by using, for example, LDAP.
In the embodiment of the invention, a weak password basic database is arranged. The weak password basic database may include a plurality of weak password lists, each of which includes a plurality of weak passwords, for example, the weak password lists may include a history hit, a history leak, an internal common use, domestic topN, and foreign topN.
It can be understood that, in the embodiment of the present invention, the weak passwords in each weak password list may be sorted according to hit times, where the hit times refer to times when the weak password is executed on the account to be processed to monitor the password corresponding to the account to be processed and determine the password as the weak password.
In the embodiment of the invention, the data source coverage is wide, and a data basis is provided for the subsequent password combination.
In the embodiment of the invention, the weak password base database comprises a history hit weak password, an internal commonly used weak password, a history leaked weak password and a domestic and foreign commonly used weak password;
the screening conditions comprise a first screening condition, a second screening condition and a third screening condition; the first screening condition is to obtain a history hit weak password, the second screening condition is to obtain a history hit weak password, an internal common weak password and a history leaked weak password, and the third screening condition is to obtain a history hit weak password, an internal common weak password, a history leaked weak password and a domestic and foreign common weak password.
Wherein the screening condition is used to set which weak passwords to participate in subsequent operations.
In the embodiment of the invention, the data source participating in password combination in the subsequent steps and the data volume of the password dictionary are controlled by setting the screening condition.
In actual use, the screening conditions can be automatically matched according to the identity information of the account to be processed, such as a manager, an employee, and the like. For example, the screening condition corresponding to the manager is stricter than that corresponding to the employee, so that weak password monitoring is realized in a targeted manner, and the monitoring efficiency is improved. For example, the manager matches the third filtering condition, and the employee matches the first filtering condition.
It can be understood that the screening condition may have a matching relationship with the identity information matching the personal information in the account to be processed, and the corresponding screening condition is matched according to the personal information.
Of course, in actual use, which of the screening conditions is adopted may be manually forcibly set.
In practical use, a basic weak password library management module can be arranged to manage the weak password basic database.
In the embodiment of the invention, the exclusive information in the preprocessing weak password list is also removed.
Exclusive information in the preprocessed weak password list is eliminated, wherein the exclusive information is as follows: and the weak password is not matched with the personal information of the account to be processed.
For example, the account number to be processed for Zhangsan is Zhangsan @123.com, which includes the name Zhangsan associated with personal information, while lisi @ XXX. com clearly has no relation to the account number information for Zhang san, and is therefore excluded.
It is understood that the execution sequence of steps S100 and S200 may be set according to actual needs, or may be executed in parallel, and is not limited herein.
S300, password combination is carried out on the personal information corresponding to the account to be processed and the passwords in the weak password list according to a preset password format template, and a plurality of test passwords for login test are obtained, wherein each test password comprises partial characters in the personal information and partial characters in the weak passwords;
in the embodiment of the invention, a plurality of preset password format templates can be arranged, wherein each preset password format template can be manually arranged by a user or obtained by decomposing the combined structure of weak passwords in a basic weak password database.
It will be appreciated that the preset password format template may include rules and formats for password combination. The preset weak password template may specifically be, for example, a template composed of a continuous alphabetic string and/or a continuous numeric string, a template composed of a continuous alphabetic string, a special character, and a continuous numeric string, a template composed of a continuous alphabetic string, a continuous numeric string, a special character, a continuous alphabetic string, a template composed of a continuous numeric string, a special character, a continuous numeric string, and the like. I.e., weak passwords with the same feature type match to the same preset weak password format template.
The generation process of the preset password format module may include the following processes.
Splitting each weak password in a basic weak password database into a plurality of characters according to a splitting rule;
wherein, the splitting rule may include: the decomposition is performed in the order from left to right of a continuous letter string, a continuous number string, a continuous special character string, and the like. For example, xxqiye @123 is broken down into three elements: xxqiye, @, 123. In practice, the password can be divided into a password body and a password subbody, for example, xxqiye is called the password body, qwe is called the password subbody, and @ is called a special character. The decomposition is carried out into three elements: xxqiye @, qwe. A transformation list may also be provided, and the whole elements in the transformation list are not split, for example, P @ ssword @123, where P @ ssword is taken as a whole and is not split into P, @, ssword, @, and 123.
And obtaining a preset password format template according to each split element. For example, a shape like: the preset password format template of < master > @ < digit >, < master > < letter > $% < letter >.
It will be appreciated that P @ ssword has records in the warp list, and therefore cannot be matched to < master > @ < letter > @ < digit >, but < master > @ < digit >. It will be appreciated that the preset password format template may be used to characterize weak passwords having the same characteristic type. Wherein the feature type is a composition of weak passwords, e.g., < master > @ < digit > may characterize a continuous string of letters and a continuous string of numbers connected by a special string of characters.
In the embodiment of the invention, a switch for presetting the password format template can be set, and a user can set which templates participate in the subsequent process according to actual needs. It will be appreciated that the preset password format template may be used to control the number of passwords in the finally generated password dictionary and the amount of data in the password dictionary.
In the embodiment of the invention, the preset password format template needs to be strictly controlled, for example, only the part with high hit frequency is opened, the combination form with low hit frequency and unusual combination form is closed, the quantity of the password templates directly determines the quantity of the finally generated dictionary, and the templates which can be used for combination are opened carefully.
It will be appreciated that the participating preset password format templates should conform to the preset password format template depth. The preset password format template depth refers to the sum of the number of continuous letter strings or continuous number strings in a password main body and a password secondary body except special characters, and if the depth of < master > < letter > $% < letter > is 3.
In the embodiment of the invention, after the combination of the passwords is executed, the generated test password comprises partial personal information and partial characters of the weak password in the preprocessing weak password list.
It can be understood that the purpose of password combination is to carry out self-learning according to the use habits and relevant elements of the account user to be processed to the maximum extent by presetting a password format template, thereby enhancing the capability of finding risks.
It is to be understood that embodiments of the present invention may be configured with a black list and a white list, wherein the black list is used to specifically mark the list with obvious personal characteristics, and no password combination is added if it is included and not included in the list of historical weak passwords for the account. The password containing special characters such as p @ ssw0rd should not be split, and the problem is that a white list is maintained, and the system is regarded as a whole and is not split, so that a large number of invalid combinations are avoided.
S400, adding the test passwords into the preprocessing weak password list to obtain a password dictionary;
after the test password is obtained, the test password is added to the preprocessed weak password list to form a password dictionary.
The form of the password dictionary is not particularly limited, and may be a text or a character string. It is understood that the weak password in the preprocessed weak password list may be added after or before the test password, and may be set according to actual needs. Generally, the preprocessed weak password list is very small, and a newly obtained password dictionary is very large, so that the monitored account to be processed can preferentially arrange the weak passwords in the preprocessed weak password list in front, so as to improve the hit efficiency.
In the embodiment of the invention, after the password dictionary is obtained, the password dictionary can be further optimized.
The embodiment of the invention also comprises the following steps:
filtering passwords which do not accord with the password strength constraint condition in the password dictionary; and/or
And carrying out deduplication operation on the filtered password dictionary.
In the embodiment of the invention, the duplicate removal operation can be performed on the password dictionary. The identical multiple passwords are saved as only one. It may also be determined whether the number of repeated characters between two passwords exceeds a preset number. When the number exceeds the preset number, only one of the numbers is reserved. Or vectorizing the password to see whether the distance between the vectors exceeds a preset distance. When the preset distance is exceeded, only any one is retained. Of course, the determination mode of the deduplication operation can be set according to actual needs.
In this embodiment of the present invention, the password strength constraint condition may include: letters, numbers, special characters, length, etc. are elements of the constraint. Other elements are also possible and will not be described in detail here. And filtering out passwords which do not meet the password strength constraint condition.
S500, performing weak password collision test on a target system by using the account to be processed and the password dictionary command to obtain a test result;
s600, when the test result represents that the target system is successfully logged in, determining that the password corresponding to the account to be processed is a weak password.
And after the password dictionary is obtained, carrying out weak password collision test on the target system by using the password dictionary. For example, a login test is performed by using the account to be processed and any password in the password dictionary, if the login is returned successfully, the test result is determined to represent that the target system is successfully logged in, and at the moment, the password corresponding to the account to be processed is determined to be a weak password.
In actual use, a scanning module can be arranged to complete the process, and multithreading is used for carrying out weak password collision test on the account number to be processed according to different application types.
Therefore, according to the technical scheme of the invention, the password dictionary can be recombined according to the personal information and the weak password basic database, so that the targeted monitoring can be carried out on each account to be processed on the premise of not acquiring the personal password, the privacy of the user can be ensured not to be leaked, the personalized monitoring can be carried out, the monitoring accuracy of the weak password is further improved, and the safety of the account of the user is ensured.
The foregoing describes that the personal information corresponding to the account to be processed and the password in the preprocessed weak password list are password-combined according to the preset password format template, which is described in detail below.
In the embodiment of the present invention, the combining the personal information corresponding to the account to be processed and the password in the list of the preprocessed weak passwords according to a preset password format template to obtain a plurality of test passwords for performing a login test includes:
disassembling each weak password in the preprocessed weak password list according to a disassembling rule to obtain a main password and a secondary password;
writing the subject password and the personal information into a first temporary list;
writing the secondary password into a second temporary list;
and calling a preset password format template, and combining the passwords in the first temporary list and the passwords in the second temporary list to obtain a plurality of test passwords.
In the embodiment of the invention, two temporary basic element lists, namely a first temporary list and a second temporary list, can be newly established, keywords of the account to be processed, such as name pinyin, mobile phone numbers, birthdays and the like, are included in the first temporary list, and the secondary password disassembled from the weak password list is preprocessed to the second temporary list.
The disassembling according to the disassembling rule may refer to a disassembling method in the generating method of the preset password format template. For example, the unraveling rules may include: and splitting the weak password into a main password and a secondary password by taking the special character or the special character string as a splitting point, wherein the main password is a part before the special character or the special character string, and the secondary password is a part after the special character or the special character string. For example: the main password disassembled at xxqiye @123 is xxqiye, and the secondary password is 123. The subject password disassembled from Xxqiye @ qew is Xxqiye, and the secondary subject password is qew. The first temporary list includes: xxqiye and xqiye, in a second temporary list of 123 and qew.
It can be understood that, the combining priority is included in the preset password format template, the calling the preset password format template and combining the passwords in the first temporary list and the passwords in the second temporary list to obtain a plurality of test passwords includes:
sequencing each password in the first temporary list and the second temporary list according to the hit times to obtain a sequenced first temporary list and a sequenced second temporary list;
and combining each password in the first temporary list with each password in the second temporary list respectively according to the combination priority to obtain a plurality of test passwords.
In the embodiment of the invention, the passwords in the first temporary list and the second temporary list are sequenced. For example, the elements in the history hit list are compared one by one, whether the elements are included is judged, the hit times are counted, and the elements are sorted according to the hit times.
The sequencing has the function that when the password combination is carried out, the priority combination with high priority is carried out, when the password dictionary is adopted for carrying out weak password collision test, and when the test result is successfully represented, the test is stopped, and the timeliness is improved.
In an embodiment of the present invention, the monitoring method further includes:
if the password corresponding to the account to be processed is determined to be a weak password, generating and sending alarm information to an information receiving address corresponding to the account to be processed;
and taking the weak password corresponding to the account to be processed as a history hit weak password to update the weak password basic database.
In the embodiment of the invention, if the password set by the account to be processed is determined to be the weak password, the history hit weak password list is updated, and the updating operation is executed on the weak password basic database.
In the embodiment of the invention, if the same number of weak passwords corresponding to different account numbers to be processed reaches a certain number, the weak password is used as an internal common weak password to update the weak password basic database.
And after a specific time interval after the alarm information is sent, the weak password is adopted again to carry out weak password collision test, and the repair state of the weak password is monitored. If the account number is still repaired, the administrator of the target system is informed to lock or otherwise operate the account number so as to guarantee the safety of the account number to be processed.
In actual use, an alarm module can be arranged to realize the process.
According to the embodiment of the invention, the account risk discovery capability can be increased.
According to the technical scheme, the embodiment of the invention has the following effects:
the weak password not only contains insufficient strength of the password, but also needs to consider the risk of leaking parts, a high-strength password is very dangerous when not included in a detection range after being leaked, and an attacker tries to break the authentication of other business systems through the leaked password which can be obtained by the attacker, so that secondary information leakage is caused. The compromised password should also be included in the detection range.
The focusing capability of the password dictionary is improved. And removing obviously irrelevant password elements of the account user, maintaining a blacklist, specially marking a list with obvious personal characteristics, and adding no password combination if the password element is contained and is not in the account history weak password list. In addition, the password containing special characters such as p @ ssw0rd should not be split, so that a white list is maintained, the system is regarded as a whole, splitting is not performed, and a large number of invalid combinations are avoided.
The hit rate is improved. The method is characterized in that the combination modes of a plurality of password lists from multiple channel sources are more, a dictionary is larger, and the hit rate is improved more importantly. And after the hit, the scanning of the subsequent list is interrupted, and the time efficiency is improved.
Even if the random password prevails later, the method can exert the value thereof, the leaked password is not strong or weak, and the monitoring continuously plays a role.
And a password dictionary is constructed to the maximum from the perspective of social engineering, and the risk discovery capability of the account is improved.
The weak passwords in the weak password basic database are decomposed to form a unified password format template, a template list has historical hit statistics, the favorite combination form of the employees in the enterprise can be well embodied, a new password dictionary is generated based on the combination form, and the hit probability is greatly improved.
The process of generating the password dictionary is realized by an automatic program, and enterprise security personnel can easily obtain a high-efficiency dictionary only by maintaining a plurality of database tables.
Corresponding to the monitoring device for the weak password, the embodiment of the invention also provides a monitoring device for the weak password.
Referring to fig. 2, fig. 2 is a schematic structural diagram of a weak password monitoring apparatus according to an embodiment of the present invention.
The invention provides a monitoring device of weak password, comprising:
the acquisition module 1 is used for acquiring an account to be processed;
the preprocessing module 2 is used for screening weak passwords in the weak password basic database according to the screening conditions to obtain a preprocessed weak password list;
the password recombination module 3 is configured to perform password combination on the personal information corresponding to the account to be processed and the passwords in the preprocessed weak password list according to a preset password format template to obtain a plurality of test passwords for performing login testing, where each test password includes partial characters in the personal information and partial characters in the weak password;
the dictionary generation module 4 is used for adding the plurality of test passwords to the preprocessing weak password list to obtain a password dictionary;
the test module 5 is used for performing weak password collision test on the target system by using the account to be processed and the password dictionary command to obtain a test result;
and the output module 6 is used for determining that the password corresponding to the account to be processed is a weak password when the test result represents that the target system is successfully logged in.
The password restructuring module 3 is specifically configured to:
disassembling each weak password in the preprocessed weak password list according to a disassembling rule to obtain a main password and a secondary password;
writing the subject password and the personal information into a first temporary list;
writing the secondary password to a second temporary list;
and calling a preset password format template, and combining the passwords in the first temporary list and the passwords in the second temporary list to obtain a plurality of test passwords.
The preset password format template comprises a combination priority, the preset password format template is called, the passwords in the first temporary list and the passwords in the second temporary list are combined to obtain a plurality of test passwords, and the method comprises the following steps:
sequencing each password in the first temporary list and the second temporary list according to the hit times to obtain a sequenced first temporary list and a sequenced second temporary list;
and combining each password in the first temporary list with each password in the second temporary list respectively according to the combination priority to obtain a plurality of test passwords.
The device further comprises:
an exclusive module, configured to remove exclusive information in the preprocessed weak password list, where the exclusive information is: and the weak password is not matched with the personal information of the account to be processed.
The weak password base database comprises a history hit weak password, an internal commonly used weak password, a history leaked weak password and a domestic and foreign commonly used weak password;
the screening conditions comprise a first screening condition, a second screening condition and a third screening condition; the first screening condition is to obtain a history hit weak password, the second screening condition is to obtain a history hit weak password, an internal common weak password and a history leaked weak password, and the third screening condition is to obtain a history hit weak password, an internal common weak password, a history leaked weak password and a domestic and foreign common weak password.
The monitoring device further comprises an optimization module for:
filtering passwords which do not accord with the password strength constraint condition in the password dictionary; and/or
And carrying out deduplication operation on the filtered password dictionary.
The monitoring device further comprises an alarm module for:
if the password corresponding to the account to be processed is determined to be a weak password, generating and sending alarm information to an information receiving address corresponding to the account to be processed;
and taking the weak password corresponding to the account to be processed as a history hit weak password to update the weak password basic database.
It can be understood that, for implementation of each module in the weak password monitoring apparatus disclosed in the embodiment of the present invention, reference may be made to each step in the foregoing weak password monitoring method, which is not described herein again.
Therefore, according to the technical scheme of the invention, the password dictionary can be recombined according to the personal information and the weak password basic database, so that the targeted monitoring can be carried out on each account to be processed on the premise of not acquiring the personal password, the privacy of the user can be ensured not to be leaked, the personalized monitoring can be carried out, the monitoring accuracy of the weak password is further improved, and the safety of the account of the user is ensured.
The weak password monitoring device comprises a processor and a memory, wherein the acquisition module, the preprocessing module, the password recombination module, the dictionary generation module, the test module, the output module and the like are stored in the memory as program units, and the processor executes the program units stored in the memory to realize corresponding functions.
The processor comprises a kernel, and the kernel calls the corresponding program unit from the memory. The kernel can be set to be one or more than one, and the targeted monitoring can be carried out on each account to be processed on the premise of not acquiring the personal password by adjusting the kernel parameters, so that the privacy of the user can be ensured not to be revealed, and meanwhile, the personalized monitoring can be carried out, and the monitoring accuracy of the weak password is further improved.
An embodiment of the present invention provides a storage medium, on which a program is stored, and the program implements the weak password monitoring method when executed by a processor.
The embodiment of the invention provides a processor, which is used for running a program, wherein the monitoring method of the weak password is executed when the program runs.
The embodiment of the invention provides equipment, which comprises at least one processor 701, at least one memory 702 and a bus 703, wherein the memory 702 and the bus 703 are connected with the processor; the processor and the memory complete mutual communication through a bus; the processor is used for calling the program instructions in the memory to execute the weak password monitoring method. The device herein may be a server, a PC, a PAD, a mobile phone, etc.
The present application further provides a computer program product adapted to perform a program for initializing the following method steps when executed on a device:
obtaining an account to be processed; screening weak passwords in a weak password basic database according to screening conditions to obtain a preprocessed weak password list;
carrying out password combination on the personal information corresponding to the account to be processed and the password in the preprocessed weak password list according to a preset password format template to obtain a plurality of test passwords for logging test, wherein each test password comprises partial characters in the personal information and partial characters in the weak password;
adding a plurality of test passwords into the preprocessing weak password list to obtain a password dictionary;
carrying out weak password collision test on a target system by using the account to be processed and the password dictionary command to obtain a test result;
and when the test result represents that the target system is successfully logged in, determining that the password corresponding to the account to be processed is a weak password.
In some embodiments, the performing password combination on the personal information corresponding to the account to be processed and the passwords in the preprocessed weak password list according to a preset password format template to obtain a plurality of test passwords for performing login test includes:
disassembling each weak password in the preprocessed weak password list according to a disassembling rule to obtain a main password and a secondary password;
writing the subject password and the personal information into a first temporary list;
writing the secondary password to a second temporary list;
and calling a preset template, and combining the password in the first temporary list and the password in the second temporary list to obtain a plurality of test passwords.
In some embodiments, the preset template includes a combination priority, the invoking the preset template combines the password in the first temporary list and the password in the second temporary list to obtain a plurality of test passwords, including:
sequencing each password in the first temporary list and the second temporary list according to the hit times to obtain a sequenced first temporary list and a sequenced second temporary list;
and combining each password in the first temporary list with each password in the second temporary list respectively according to the combination priority to obtain a plurality of test passwords.
In some embodiments, the method further comprises:
eliminating exclusive information in the preprocessed weak password list, wherein the exclusive information is as follows: and the weak password is not matched with the personal information of the account to be processed.
In some embodiments, the weak password base database includes weak passwords that are historically hit, weak passwords that are commonly used internally, weak passwords that are historically leaked, and weak passwords that are commonly used at home and abroad;
the screening conditions comprise a first screening condition, a second screening condition and a third screening condition; the first screening condition is to obtain a history hit weak password, the second screening condition is to obtain a history hit weak password, an internal common weak password and a history leaked weak password, and the third screening condition is to obtain a history hit weak password, an internal common weak password, a history leaked weak password and a domestic and foreign common weak password.
In some embodiments, the preset password format template includes rules for performing password combinations and a format of a password.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus, devices (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a device includes one or more processors (CPUs), memory, and a bus. The device may also include input/output interfaces, network interfaces, and the like.
The memory may include volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM), including at least one memory chip. The memory is an example of a computer-readable medium.
Computer-readable media, including both permanent and non-permanent, removable and non-removable media, may implement the information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (10)
1. A weak password monitoring method, comprising:
obtaining an account to be processed; screening weak passwords in a weak password basic database according to screening conditions to obtain a preprocessed weak password list;
carrying out password combination on the personal information corresponding to the account to be processed and the passwords in the weak password list according to a preset password format template to obtain a plurality of test passwords for login test, wherein each test password comprises partial characters in the personal information and partial characters in the weak passwords;
adding a plurality of test passwords to the preprocessing weak password list to obtain a password dictionary;
carrying out weak password collision test on a target system by using the account to be processed and the password dictionary command to obtain a test result;
and when the test result represents that the target system is successfully logged in, determining that the password corresponding to the account to be processed is a weak password.
2. The monitoring method according to claim 1, wherein the step of combining the personal information corresponding to the account to be processed and the passwords in the list of the preprocessed weak passwords according to a preset password format template to obtain a plurality of test passwords for performing the login test comprises:
disassembling each weak password in the preprocessed weak password list according to a disassembling rule to obtain a main password and a secondary password;
writing the subject password and the personal information into a first temporary list;
writing the secondary password to a second temporary list;
and calling a preset template, and combining the password in the first temporary list and the password in the second temporary list to obtain a plurality of test passwords.
3. The monitoring method according to claim 2, wherein the preset template includes a combination priority, and the invoking of the preset template combines the password in the first temporary list and the password in the second temporary list to obtain a plurality of test passwords includes:
sequencing each password in the first temporary list and the second temporary list according to the hit times to obtain a sequenced first temporary list and a sequenced second temporary list;
and combining each password in the first temporary list with each password in the second temporary list respectively according to the combination priority to obtain a plurality of test passwords.
4. The method of monitoring of claim 1, further comprising:
eliminating exclusive information in the preprocessed weak password list, wherein the exclusive information is as follows: and the weak password is not matched with the personal information of the account to be processed.
5. The monitoring method according to claim 1, wherein the weak password base database comprises weak passwords hit historically, weak passwords used internally, weak passwords leaked historically, and weak passwords used at home and abroad;
the screening conditions comprise a first screening condition, a second screening condition and a third screening condition; the first screening condition is to obtain a history hit weak password, the second screening condition is to obtain a history hit weak password, an internal common weak password and a history leaked weak password, and the third screening condition is to obtain a history hit weak password, an internal common weak password, a history leaked weak password and a domestic and foreign common weak password.
6. The monitoring method of claim 1, wherein the preset password format template includes a rule for performing password combination and a format of a password.
7. The monitoring method of claim 1, further comprising:
if the password corresponding to the account to be processed is determined to be a weak password, generating and sending alarm information to an information receiving address corresponding to the account to be processed;
and taking the weak password corresponding to the account to be processed as a history hit weak password to update the weak password basic database.
8. A weak password monitoring apparatus, comprising:
the acquisition module is used for acquiring the account to be processed;
the preprocessing module is used for screening weak passwords in the weak password basic database according to screening conditions to obtain a preprocessed weak password list;
the password recombination module is used for carrying out password combination on the personal information corresponding to the account to be processed and the passwords in the weak password list according to a preset password format template to obtain a plurality of test passwords for login test, wherein each test password comprises partial characters in the personal information and partial characters in the weak passwords;
the dictionary generation module is used for adding the test passwords into the preprocessing weak password list to obtain a password dictionary;
the test module is used for carrying out weak password collision test on the target system by using the account to be processed and the password dictionary command to obtain a test result;
and the output module is used for determining that the password corresponding to the account to be processed is a weak password when the test result represents that the target system is successfully logged in.
9. An apparatus comprising at least one processor, and at least one memory, bus connected to the processor; the processor and the memory are communicated with each other through the bus; the processor is used for calling the program instructions in the memory to execute the weak password monitoring method as claimed in any one of claims 1 to 7.
10. A storage medium having stored thereon computer-executable instructions which, when loaded and executed by a processor, carry out a method of weak password monitoring according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011534970.1A CN114722383A (en) | 2020-12-22 | 2020-12-22 | Weak password monitoring method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011534970.1A CN114722383A (en) | 2020-12-22 | 2020-12-22 | Weak password monitoring method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114722383A true CN114722383A (en) | 2022-07-08 |
Family
ID=82229862
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011534970.1A Pending CN114722383A (en) | 2020-12-22 | 2020-12-22 | Weak password monitoring method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114722383A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115314258A (en) * | 2022-07-13 | 2022-11-08 | 天翼云科技有限公司 | Application weak password detection method and device, electronic equipment and storage medium |
-
2020
- 2020-12-22 CN CN202011534970.1A patent/CN114722383A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115314258A (en) * | 2022-07-13 | 2022-11-08 | 天翼云科技有限公司 | Application weak password detection method and device, electronic equipment and storage medium |
| CN115314258B (en) * | 2022-07-13 | 2023-08-08 | 天翼云科技有限公司 | Method and device for detecting weak password, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107315968B (en) | A kind of data processing method and equipment | |
| US20210328969A1 (en) | Systems and methods to secure api platforms | |
| CN107301350B (en) | Data processing method and system | |
| Seymour et al. | Generative models for spear phishing posts on social media | |
| US10574658B2 (en) | Information security apparatus and methods for credential dump authenticity verification | |
| CN109829333B (en) | OpenID-based key information protection method and system | |
| CN109992986B (en) | Desensitization processing method and device for sensitive data | |
| JP2023515910A (en) | System and method for using relationship structure for email classification | |
| CN112115199A (en) | Data management system based on block chain technology | |
| CN107463839A (en) | A kind of system and method for managing application program | |
| CN108737094A (en) | A kind of method and relevant device of the detection of domain cipher safety | |
| CN112651039A (en) | Electric power data differentiation desensitization method and device fusing service scenes | |
| CN114372098A (en) | Platform and method for protecting and mining power data middling station private data based on privileged account management | |
| Mehmood et al. | Privilege escalation attack detection and mitigation in cloud using machine learning | |
| CN114722383A (en) | Weak password monitoring method, device, equipment and storage medium | |
| CN106130968A (en) | A kind of identity identifying method and system | |
| CN108540374B (en) | Information processing method, device, equipment and storage medium based on instant messaging | |
| CN110958236A (en) | Dynamic authorization method of operation and maintenance auditing system based on risk factor insight | |
| CN116108472A (en) | Data security processing method and system for power plant | |
| Liu et al. | Vaccine:: Obfuscating access pattern against file-injection attacks | |
| Mora et al. | Going a step beyond the black and white lists for URL accesses in the enterprise by means of categorical classifiers | |
| US11750371B1 (en) | Web domain correlation hashing method | |
| RU2812304C1 (en) | Method for ensuring integrity of electronic document | |
| US12028376B2 (en) | Systems and methods for creation, management, and storage of honeyrecords | |
| EP4398140A1 (en) | Privacy knowledge base |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: No. 05-501, 5th floor, No. 229, Middle North Fourth Ring Road (South podium building of Haitai building), Haidian District, Beijing 100083 Applicant after: Beijing guoshuangqianli Technology Co.,Ltd. Address before: No. 05-501, 5th floor, No. 229, Middle North Fourth Ring Road (South podium building of Haitai building), Haidian District, Beijing 100083 Applicant before: Beijing Qianli Richeng Technology Co.,Ltd. |