Authors:
Agnieszka Rucka
and
Wojciech Wodo
Affiliation:
Department of Fundamentals of Computer Science, Wroclaw University of Science and Technology, Wybrzeze Wyspianskiego 27, Wroclaw, Poland
Keyword(s):
Password, Password Meter, Password Strength, Security, LPSE, PCFG, zxcvbn.
Abstract:
The global dataset constantly grows, along with the number of online accounts. More and more data breaches occur, putting users’ data at risk. At the same time, users still commonly choose weak passwords. It has been shown that password strength meters can contribute to better user choices. As the problem of password strength estimation is nontrivial, a number of solutions have been proposed. One of them is the LPSE (Guo and Zhang, 2018), which, according to its authors, shows very promising performance. However, we observed a significantly worse performance of LPSE in a different dataset. In this paper we present an extensive investigation of these discrepancies. We describe our recreation of the original experiment and confront the obtained results with the original. We analyze the data distribution in our dataset, and compare performance of the LPSE with the widely known lightweight password meter zxcvbn. Lastly, we discuss possible reasons for observed discrepancies (including me
thodological differences) and draw final conclusions.
(More)