Special Characters Usage and Its Effect On Password Security

Daojing He; Zhiyong Liu; Shanshan Zhu; Sammy Chan; Mohsen Guizani

doi:10.1109/JIOT.2024.3367323

Special Characters Usage and Its Effect On Password Security

Daojing He^*, Zhiyong Liu, Shanshan Zhu, Sammy Chan, Mohsen Guizani

^*Corresponding author for this work

Department of Electrical Engineering

Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review

7 Citations (Scopus)

Abstract

Continuously preventing weak password attacks is one of the most important initiatives to secure IoT and smart contract platforms. Despite their significance as crucial components of passwords, special character segments have been overlooked. This study systematically studies the basic characteristics and semantic patterns of special character segments. We assess the efficacy of special character segment characteristics in cracking trials through assimilation into the latest Probabilistic Context-Free Grammar (PCFG_v4) method for password cracking by updating the pre-terminal structure or performing special character segment transformation. Experimental findings demonstrate that a mere 6% transformation rate improves the cracking rate by 3.72% under the optimal assimilation combination. Our investigation reveals that the current password creation policies of mainstream IoT platforms and smart contract wallets overestimate the strength of passwords with special characters. To enhance their passwords, users can employ low-frequency special character semantic strings. For IoT platforms or smart contract wallets, the use of blacklist constructed from special character segment characteristics can effectively mitigate the risk of overestimating the strength of passwords with special characters. © 2024 IEEE.

Original language	English
Pages (from-to)	19440-19453
Journal	IEEE Internet of Things Journal
Volume	11
Issue number	11
Online published	19 Feb 2024
DOIs	https://doi.org/10.1109/JIOT.2024.3367323
Publication status	Published - 1 Jun 2024

Funding

This work was supported in part by the National Natural Science Foundation of China under Grant 62376074; in part by the National Key Research and Development Program of China under Grant 2021YFB2700900; in part by the Shenzhen Science and Technology Program under Grant KCXST20221021111404010, Grant JSGG20220831103400002, Grant JSGGKQTD20221101115655027, Grant KJZD20230923114405011, and Grant SGDX20230116091244004; in part by the Fok Ying Tung Education Foundation of China under Grant 171058; and in part by the University Grants Committee of the Hong Kong Special Administrative Region, China, under Project CityU 11201421.

Research Keywords

Dictionaries
Internet of Things
IoT platforms security
password analysis
password protection
Passwords
Probabilistic logic
Security
Semantics
smart contract wallet security
Smart contracts
weak password attack
Internet of Things (IoT) platforms security

RGC Funding Information

RGC-funded

Access Output

10.1109/JIOT.2024.3367323

Other Access Options

Check CityUHK Library

Permanent Link

Right click to copy link

Cite this

@article{2ddfcf17fa834586bee7ed7895573d71,

title = "Special Characters Usage and Its Effect On Password Security",

abstract = "Continuously preventing weak password attacks is one of the most important initiatives to secure IoT and smart contract platforms. Despite their significance as crucial components of passwords, special character segments have been overlooked. This study systematically studies the basic characteristics and semantic patterns of special character segments. We assess the efficacy of special character segment characteristics in cracking trials through assimilation into the latest Probabilistic Context-Free Grammar (PCFGv4) method for password cracking by updating the pre-terminal structure or performing special character segment transformation. Experimental findings demonstrate that a mere 6% transformation rate improves the cracking rate by 3.72% under the optimal assimilation combination. Our investigation reveals that the current password creation policies of mainstream IoT platforms and smart contract wallets overestimate the strength of passwords with special characters. To enhance their passwords, users can employ low-frequency special character semantic strings. For IoT platforms or smart contract wallets, the use of blacklist constructed from special character segment characteristics can effectively mitigate the risk of overestimating the strength of passwords with special characters. {\textcopyright} 2024 IEEE.",

keywords = "Dictionaries, Internet of Things, IoT platforms security, password analysis, password protection, Passwords, Probabilistic logic, Security, Semantics, smart contract wallet security, Smart contracts, weak password attack, Internet of Things (IoT) platforms security",

author = "Daojing He and Zhiyong Liu and Shanshan Zhu and Sammy Chan and Mohsen Guizani",

year = "2024",

month = jun,

day = "1",

doi = "10.1109/JIOT.2024.3367323",

language = "English",

volume = "11",

pages = "19440--19453",

journal = "IEEE Internet of Things Journal",

issn = "2327-4662",

publisher = "IEEE",

number = "11",

}

TY - JOUR

T1 - Special Characters Usage and Its Effect On Password Security

AU - He, Daojing

AU - Liu, Zhiyong

AU - Zhu, Shanshan

AU - Chan, Sammy

AU - Guizani, Mohsen

PY - 2024/6/1

Y1 - 2024/6/1

N2 - Continuously preventing weak password attacks is one of the most important initiatives to secure IoT and smart contract platforms. Despite their significance as crucial components of passwords, special character segments have been overlooked. This study systematically studies the basic characteristics and semantic patterns of special character segments. We assess the efficacy of special character segment characteristics in cracking trials through assimilation into the latest Probabilistic Context-Free Grammar (PCFGv4) method for password cracking by updating the pre-terminal structure or performing special character segment transformation. Experimental findings demonstrate that a mere 6% transformation rate improves the cracking rate by 3.72% under the optimal assimilation combination. Our investigation reveals that the current password creation policies of mainstream IoT platforms and smart contract wallets overestimate the strength of passwords with special characters. To enhance their passwords, users can employ low-frequency special character semantic strings. For IoT platforms or smart contract wallets, the use of blacklist constructed from special character segment characteristics can effectively mitigate the risk of overestimating the strength of passwords with special characters. © 2024 IEEE.

AB - Continuously preventing weak password attacks is one of the most important initiatives to secure IoT and smart contract platforms. Despite their significance as crucial components of passwords, special character segments have been overlooked. This study systematically studies the basic characteristics and semantic patterns of special character segments. We assess the efficacy of special character segment characteristics in cracking trials through assimilation into the latest Probabilistic Context-Free Grammar (PCFGv4) method for password cracking by updating the pre-terminal structure or performing special character segment transformation. Experimental findings demonstrate that a mere 6% transformation rate improves the cracking rate by 3.72% under the optimal assimilation combination. Our investigation reveals that the current password creation policies of mainstream IoT platforms and smart contract wallets overestimate the strength of passwords with special characters. To enhance their passwords, users can employ low-frequency special character semantic strings. For IoT platforms or smart contract wallets, the use of blacklist constructed from special character segment characteristics can effectively mitigate the risk of overestimating the strength of passwords with special characters. © 2024 IEEE.

KW - Dictionaries

KW - Internet of Things

KW - IoT platforms security

KW - password analysis

KW - password protection

KW - Passwords

KW - Probabilistic logic

KW - Security

KW - Semantics

KW - smart contract wallet security

KW - Smart contracts

KW - weak password attack

KW - Internet of Things (IoT) platforms security

UR - http://www.scopus.com/inward/record.url?scp=85186097440&partnerID=8YFLogxK

UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-85186097440&origin=recordpage

U2 - 10.1109/JIOT.2024.3367323

DO - 10.1109/JIOT.2024.3367323

M3 - RGC 21 - Publication in refereed journal

SN - 2327-4662

VL - 11

SP - 19440

EP - 19453

JO - IEEE Internet of Things Journal

JF - IEEE Internet of Things Journal

IS - 11

ER -

Special Characters Usage and Its Effect On Password Security

Abstract

Funding

Research Keywords

RGC Funding Information

Access Output

Other Access Options

Permanent Link

Other Files and Links

Fingerprint

GRF: Massive Access over an OFDM Platform

Cite this

Special Characters Usage and Its Effect On Password Security

Abstract

Funding

Research Keywords

RGC Funding Information

Access Output

Other Access Options

Permanent Link

Other Files and Links

Fingerprint

Projects

GRF: Massive Access over an OFDM Platform

Cite this