An Explainable Password Strength Meter Addon via Textual Pattern Recognition

Abstract EN

Textual passwords are still dominating the authentication of remote file sharing and website logins, although researchers recently showed several vulnerabilities about this authentication mechanism.

When a user creates or changes a password, a website usually leverages a password strength meter (PSM for short) to show the strength of the password.

When the password is evaluated as a weak one, the user may replace the password with a stronger or securer one.

However, the user is usually confused when the password, especially a frequently used password, is shown as a weak one.

We argue that an explainable password strength meter addon, which could show the reasons of weak, may help users to more effectively create a secure password.

Unfortunately, we find few sites in Alexa global top 100 showing these details.

Motivated to help users with an explainable PSM, this paper proposes an addon to PSMs providing feedbacks in the form of pattern passwords explaining why a password is weak.

This PSM addon can detect twelve types of patterns, which cover a very large proportion among 70 million of leaked real passwords from high-profile websites.

According to our evaluation and user study, our PSM addon, which leverages textual pattern passwords, can effectively detect these popular patterns and effectively help users create securer passwords.