Analyzing user password selection behavior for reduction of password space

Roman V. Yampolskiy, University of Louisville


This paper presents a comprehensive survey of recent literature on the topic of password dictionaries for alphanumeric and graphical user authentication approaches including some password schemas proposed by the author. After different methods used for reduction of password space are introduced, they are analyzed and compared with the intent of finding a common flaw of user authentication mechanisms, which allows for the development of such password dictionaries by hackers. Our conclusion is that any user authentication system, which allows users to exercise choice in selection of their passwords, is vulnerable to the password space reduction methods presented in this paper and so should not be utilized. © 2006 IEEE.