UOIT PhD student presents paper on the meaning of passwords at security symposium

Rafael Veras, a Computer Science PhD student at the University of Ontario Institute of Technology (UOIT), recently presented the results of his master’s degree research at the Network and Distributed Systems Security Symposium 2014 in San Diego, California.

Veras’ 15-page article is the first to examine how the patterns in the choice of words of human-selected passwords may be exposing serious online security vulnerabilities. He did this by taking a close look at publicly available password leaks. He uncovered predictable tendencies in password composition and concluded knowledge of these semantic patterns can significantly improve the guessing performance of off-line programs designed to attack computer security.

“The security community has previously modelled how other kinds of patterns, such as structural patterns – for example, a digit before or after a word – lead to vulnerabilities,” said Veras. “However, no publication had addressed how prominent preferences for certain groups of words and their relationship can make the life of attackers easier. We're not the first to examine patterns in passwords, but so far, our work has been the deepest.”

The article was co-authored by Dr. Julie Thorpe, Assistant Professor, Faculty of Business and Information Technology (FBIT) and Dr. Christopher Collins, Assistant Professor, Faculty of Science (FSci) and Canada Research Chair in Linguistic Information Visualization at UOIT.

Veras is a member of the Visualization for Information Analysis lab (vialab), a UOIT research group led by Dr. Collins.