System and methods for analyzing and modifying passwords

摘要

A system for analyzing and modifying passwords in a manner that provides a user with a strong and usable/memorable password. The user would propose a password that has relevance and can be remembered. The invention would evaluate the password to ascertain its strength. The evaluation is based on a probabilistic password cracking system that is trained on sets of revealed passwords and that can generate password guesses in highest probability order. If the user's proposed password is strong enough, the proposed password is accepted. If the user's proposed password is not strong enough, the system will reject it. If the proposed password is rejected, the system modifies the password and suggests one or more stronger passwords. The modified passwords would have limited modifications to the proposed password. Thus, the user has a tested strong and memorable password.

主权项

1. A computer-implemented method of analyzing and modifying a first proposed password chosen by a user for a secured user account, said method comprising the steps of:
generating a probabilistic context-free grammar from an array of control passwords aggregated from real-user passwords; establishing a threshold complexity value based on effort required to crack said array of control passwords, said first proposed password including a base structure containing a plurality of components, wherein the step of establishing said threshold complexity value includes
setting a lower bound for a number of password guesses for said first proposed password until said threshold complexity value is reached, wherein said password guesses do not need to be generated,estimating a number of components in said base structure that are greater than said threshold complexity value, andestimating and establishing said threshold complexity value based on the forgoing steps; receiving said first proposed password as inputted by said user into a computer interface of a computer system connected to a network; deriving a complexity value of said first proposed password based on said context-free grammar; comparing said complexity value of said first proposed password and said threshold complexity value, wherein said first proposed password is accepted as sufficiently complex as a result of said first proposed password meeting said threshold complexity value, wherein in the alternative, said first proposed password is rejected as not sufficiently complex as a result of said first proposed password failing to meet said threshold complexity value; generating a second proposed password by limited modifications of said first proposed password as a result of said first proposed password being rejected as not sufficiently complex, said limited modifications resulting in said second proposed password, wherein said limited modifications have an edit distance of one (1) or two (2), where said edit distance is used to generate said second proposed password in a manner that is memorable to said user based on said user's first proposed password; deriving a modified complexity value of said second proposed password based on said context-free grammar; comparing said modified complexity value of said second proposed password and said threshold complexity value, said second proposed password accepted as sufficiently complex as a result of said second proposed password meeting said threshold complexity value, said second proposed password rejected as not sufficiently complex as a result of said second proposed password failing to meet said threshold complexity value; and suggesting said second proposed password to said user as a result of said second proposed password accepted as sufficiently complex.