A Survey on Security and Attack Aspects of Passwords

Abstract

Despite many weaknesses, passwords are still mainly used, and will continue to be used in the near future, for the user authentication process. Passwords remain one of the important pillars of the protection structure even though they are not sufficiently robust against well-designed attacks. Thus, users need to select and protect robust passwords. The consequences of password disclosure to adversaries might have disastrous results, which in turn would increase the need to focus extensively on security factors in order to strengthen and protect passwords. Humans usually create far from random passwords that are vulnerable to attack. One important factor in estimating the impact of attacks and the strength of created passwords is to understand the ability of attackers to deduce passwords. Unfortunately, many efforts at strength estimation have failed. The main reason for this failure is that these efforts specifically focus on protection against Brute Force attacks. Other attempts have tried to design attacks against user passwords in order to test their strength and to accordingly improve them. This idea is expensive and insufficient to uncover or perhaps to identify professionally designed attacks. Another technique is to assign robust randomly generated passwords which could provide higher security. Assigning passwords by systems ensures that the users do not reuse the same passwords for different applications. On the other hand, it is challenging for users to remember such passwords. This has eventually led to the idea of using software management tools specifically designed for storing user passwords; however, the single point of failure will be the main drawback of such a method. Since password are remain the popular method for authentication, and will continue to be in the future, password security problems have become a global issue. Thus, designing robust, secure, and efficient password creation techniques needs to be urgently undertaken and with the utmost care. This paper briefly summarizes the most common attacks against passwords as well as some related works that have been conducted in the field of security and usability of passwords.