How viable is password cracking in digital forensic investigation? Analyzing the guessability of over 3.9 billion real-world accounts

Passwords have been and still remain the most common method of authentication in computer systems. From accessing your smartphone, to setting up your online banking account or social identification, there is a plethora of passwords users are required to set and remember in hundreds of websites. While the sheer volume of different passwords makes it almost impossible for users to remember them, it also makes the job of law enforcement engaged in a digital investigation more difficult, especially since time is of the essence. Oftentimes, a password can be the crucial piece of the puzzle to prevent future crime activity or swiftly resolve a criminal investigation. To this end, this paper presents an analysis of the passwords associated with over 3.9 billion real-world accounts. To the best of our knowledge, an analysis of this scale has not been conducted before. This analysis includes statistics on use and most common patterns found in passwords as well as an advanced analysis of the constituent fragments of passwords and a classification of the fragments according to their semantic meaning. Finally, we provide an in depth study on the guessability of the dataset of passwords.

KANTA Aikaterini;  CORAY Sein;  COISEL Iwen;  SCANLON Mark; 

2021-08-30

ELSEVIER SCI LTD

JRC122235

2666-2817 (online),   

https://www.sciencedirect.com/science/article/pii/S2666281721000949?via%3Dihub,    https://publications.jrc.ec.europa.eu/repository/handle/JRC122235,   

10.1016/j.fsidi.2021.301186 (online),