A Study On Evaluation Of The Security Of Digit-only Passwords

Nowadays,the most convenient way to authenticate in network access is still to use a password.Digit-only password is also the primary form of authentication for ATM cards,credit cards,online payments,etc.However,at present,the research on password security mainly focuses on combined passwords,such as passwords that include both letters,numbers,and special characters.Relatively,little research has been done on the security of digit-only passwords and financial passwords.To fill this gap,we study the security of the digit-only passwords extracted from the leaked data set of Chinese websites in this paper.The main contributions are as follows:(1)Security analysis of digit-only passwords based on RNN.First,we verify that Chinese users’ digit-only passwords do not obey a uniform distribution using a Pearson chi-square test.Secondly,we reveal some regional conventions of Chinese digit-only passwords.Finally,we use recurrent neural networks(RNN)to design a password guessing attack model,explore how different size datasets and training methods impact neural networks’ guessing effectiveness.The experimental results show that the RNN model applies to digit-only passwords,it has better performance in terms of learning features and matching accuracy.(2)Analysis of financial digit-only passwords based on the FF3-1 algorithm.The analysis of about 130,000 passwords in the 12306 datasets to study the relationship between digit-only passwords and personal information found that personal information frequently appears in digit-only passwords,which seriously affects the security of passwords.So,in order to improve the password storage method,we proposed a password encryption authentication model based on the FF3-1.We experiment with ciphertext passwords and plaintext passwords using the three-three structure and four-two structure methods combined with Probabilistic Context-Free Grammars,respectively.The results show that the cracking success rate of the ciphertext password is 0.086% and 1.06%,and the encrypted candidate password can recover 59.83% and33.2% of the test set,respectively.In contrast,using plaintext passwords can recover 98% and85% of the test set.Therefore,the use of encrypted password storage can greatly reduce the attacker’s cracking rate.