This website requires JavaScript.

A Survey on Password Guessing

Lam TranThuc NguyenChangho SeoHyunil KimDeokjai Choi
Dec 2022
Text password has served as the most popular method for user authenticationso far, and is not likely to be totally replaced in foreseeable future.Password authentication offers several desirable properties (e.g., low-cost,highly available, easy-to-implement, reusable). However, it suffers from acritical security issue mainly caused by the inability to memorize complicatedstrings of human. Users tend to choose easy-to-remember passwords which are notuniformly distributed in the key space, and are susceptible to guessing attack.In order to encourage and support users to use strong passwords, it isnecessary to simulate automate password guessing methods to determine thepasswords' strength and identify weak passwords. A large number of passwordguessing models have been proposed in the literature. However, little attentionwas paid on the task of providing a systematic survey which is necessary toreview the state-of-the-art approaches, identify gaps, and avoid duplicatestudy. Motivated from that, we conduct a comprehensive survey on all passwordguessing studies presented in the literature from 1979 to 2022. We propose ageneric methodology map of existing models to present an overview of thisfield, then, subsequently explain each approach in detail. The experimentalprocedures and available datasets used for evaluating password guessing modelsare summarized, along with the reported performances of representative studies.Finally, the current limitations and the open problems as future researchdirections are discussed. We believe that this survey is helpful to both theexperts and newcomers who are interested in password security.