Adaptation of password strength estimators to a non-English environment—the Czech experience

Passwords are among the most commonly used methods of user authentication. Password strength estimators can significantly help users to choose passwords of reasonable strength. These estimates are, however, useful for end users and administrators only in those cases where they provide sufficiently p...

Full description

Saved in:
Bibliographic Details
Published in:Computers & security 2020-08, Vol.95, p.101757-11, Article 101757
Main Authors: Doucek, Petr, Pavlíček, Luboš, Sedláček, Jiří, Nedomová, Lea
Format: Article
Language:English
Subjects:
Dictionaries
Dictionary attack
Languages
Password strength estimators
Passwords
Security
Source code
Strength of password
User authentication
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Passwords are among the most commonly used methods of user authentication. Password strength estimators can significantly help users to choose passwords of reasonable strength. These estimates are, however, useful for end users and administrators only in those cases where they provide sufficiently precise password strength estimations. Tools for estimating password strength have mainly been tested against English, or in some cases Chinese or other widespread and global languages. Only very few studies can be found in the literature regarding how to adapt these tools for other, less widespread languages, and what results are produced by so adapted tools. This article presents the approach and reports the results of adapting the zxcvbn estimation engine for the Czech and Slovak languages. The results of this work – an adapted version of zxcvbn (including various dictionaries) – are available for download on GitHub as open-source software. For testing password strength estimation quality, we used a large set of leaked passwords from the Czech environment (approx. 3.1 million passwords), which we divided up into 12 categories. The main results are: (1) The password strength estimation improved for all 12 of the categories. (2) The overall size of zxcvbn did not increase significantly, thanks to adjustments and optimizations of both the original English dictionaries and the newly added Czech and Slovak ones. (3) The speed of operation increased by 4 to 12% depending on the version of the dictionaries used. (4) Besides the direct results for Czech and Slovak, the method described in the article can be utilized as a methodology for adapting zxcvbn for other less-widespread European languages.
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2020.101757