Output details
11 - Computer Science and Informatics
University of Edinburgh
"Give Me Letters 2, 3 and 6!": Partial Password Implementations and Attacks
<18> Originality: The first paper to survey and measure security of partial passwords, introducing novel attacks. We show that attackers may be able to make accurate guesses, especially if they record a few observations (e.g. via key-logger malware).
Significance: Partial passwords are implemented by many banks and used by millions of consumers. We highlight some banks that have poor security.
Rigour: The paper defines a precise model based on parameters of real implementations; it measures attacks using known leaked password databases (known to correlate with real passwords even used for financial security), and uses combinatorial analysis on guessing unknown positions.