Despite the well-established problems facing password-based authentication, it continues to be the dominant form of authentication used on the web. Complex passwords that are difficult for an attacker to guess are also hard for users to remember which leads to users creating weaker passwords to avoid the burden of recalling them. In fact, with the increase in the number of passwords users are required to store, they often reuse passwords across websites.
Password managers can help users more effectively manage their passwords. They reduce the cognitive burden placed upon the user by generating strong passwords, storing those passwords, and then filling in the appropriate password when a site is visited. The user is now able to follow the latest security advice regarding passwords without placing a high cognitive burden on themselves.
But password managers are still vulnerable to other forms of attack. For instance, some browser-based password managers like LastPass and RoboForm have been shown to be vulnerable to cross-site scripting attacks and network injection attacks because of their autofill features.
Another vulnerability lies in the password generation stage which some password managers offer, where the generated password is not strong and can be easily guessed through various forms of password cracking like
a dictionary attack, rainbow table attack, or rule-based attack.
In this project, you will evaluate various password generators and the strength of the password they generate – not the bit quality but the resistance to guessability through various password cracking mechanisms.
Comments are closed.