Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

zxcvbn - Low-Budget Password Strength Estimation

USENIX via YouTube

Overview

Explore a groundbreaking approach to password strength estimation in this 32-minute USENIX Security '16 conference talk. Delve into the limitations of traditional LUDS-based password requirements and discover zxcvbn, a more effective and user-friendly alternative. Learn how this small, fast, and easily adoptable estimator accurately predicts password strength using leaked password data and modern guessing attacks. Understand the technical aspects of zxcvbn's implementation, including its compressed storage capabilities, cross-platform compatibility, and millisecond-level performance. Gain insights into the estimator's effectiveness in mitigating online attacks and its potential to revolutionize password security practices across various platforms.

Syllabus

Intro
Verizon Wireless: Password Requirements
Password Policy: Frozen in 1979
Inconsistent Requirements
Inconsistent Feedback Input: correcthorsebatterystaple
Threat Model
Core estimator: minimum rank over top lists Input wheeler
Word transformations
Keyboard patterns
Sequence Patterns
Outline for today
Gold standard: PGS
Training data
Test data
Estimator size?
Minimum rank only?
Runtime Performance
Conclusion
Give it a try!
Proposal: keep UI simple

Taught by

USENIX

Reviews

Start your review of zxcvbn - Low-Budget Password Strength Estimation

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.