Passwords, particularly text-based, are the most common authentication mechanisms across all platforms and services like computers, mobiles, web and network services. Existing password strength evaluators and online service providers (Gmail, Yahoo, Paypal, Twitter, etc) password strength estimators determine the effectiveness of passwords chosen by user based on entropy techniques or a similar function of the parameters: length, complexity and predictability. Such implementations often ignore passwords part of publicly available password dictionaries and password leaks which are often the primary choice for malicious adversaries and particularly script kiddies. This paper presents an application that would help in preventing the use of such passwords thereby reducing the impact of dictionary based password attacks significantly. The application maintains a database of unique passwords by gathering publicly available password dictionaries and passwords leaked over the Internet. The application provides users with an interface to query the database and verify if their passwords are already available on the Internet thereby preventing them from the use of such passwords.
Library of Congress Subject Headings
Computers--Access control--Passwords; Computer crimes--Prevention; Data protection
Computing Security (MS)
Department, Program, or Center
Department of Computing Security (GCCIS)
Madiraju, Tarun, "Dictionary Attacks and Password Selection" (2014). Thesis. Rochester Institute of Technology. Accessed from
RIT – Main Campus