This paper presents an investigation into the development of an intelligent system to measure the strength of authentication. Many computer users do not have enough security knowledge to be able to select strong passwords. The term strong password is not well defined; usually considers the computational complexity of cracking by unwanted user or hacker. In other words, the quicker the crack can be achieved the weaker the password is. Many measurement tools exist to help users to measure their password strength before using it. It is noticed that available techniques have not taken into consideration all critical complexity issues that can affect the password strength. In this paper a new methodology and tool (PTool) using Fuzzy rules is presented to measure the password strength based on the three defined attacks together rather than one at a time; dictionary attack, time crack and shoulder surfing attacks (social engineering). The paper also presents a quantitative approach to the password strength to demonstrate the merits and capabilities of the proposed intelligent tool. To achieve a maximum level of security during the process of changing the password, an API function is deployed to assess the password securely and to limit the effect of spyware and hacking scripts.
|Published - Apr 2008
|3rd International Conference on Information and Communication Technologies: From Theory to Applications, 2008 - Damascus, Syria
Duration: 1 Apr 2008 → …
|3rd International Conference on Information and Communication Technologies: From Theory to Applications, 2008
|1/04/08 → …