Table of Contents Author Guidelines Submit a Manuscript
Security and Communication Networks
Volume 2018, Article ID 6160125, 12 pages
Research Article

An Alternative Method for Understanding User-Chosen Passwords

1School of Electronic and Computer Engineering, Peking University Shenzhen Graduate School, Shenzhen 518055, China
2School of Electronics Engineering and Computer Science, Peking University, Beijing 100871, China
3School of Software and Microelectronics, Peking University, Beijing 102600, China
4National Engineering Research Center for Software Engineering, Peking University, Beijing 100871, China
5Key Laboratory of High Confidence Software Technologies (PKU), Ministry of Education, Beijing 100871, China

Correspondence should be addressed to Ping Wang; nc.ude.ukp@gnawp

Received 30 August 2017; Revised 2 December 2017; Accepted 27 December 2017; Published 28 January 2018

Academic Editor: Qi Jiang

Copyright © 2018 Zhixiong Zheng et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.


We present in this paper an alternative method for understanding user-chosen passwords. In password research, much attention has been given to increasing the security and usability of individual passwords for common users. Few of them focus on the relationships between passwords; therefore we explore the relationships between passwords: modification-based, similarity-based, and probability-based. By regarding passwords as vertices, we shed light on how to transform a dataset of passwords into a password graph. Subsequently, we introduce some novel notions from graph theory and report on a number of inner properties of passwords from the perspective of graph. With the assistance of Python Graph-tool, we are able to visualize our password graph to deliver an intuitive grasp of user-chosen passwords. Five real-world password datasets are used in our experiments to fulfill our thorough experiments. We discover that some passwords in a dataset are tightly connected with each other; they have the tendency to gather together as a cluster like they are in a social network; password graph has logarithmic distribution for its degrees. Top clusters in password graph could be exploited to obtain the effective mangling rules for cracking passwords. Also, password graph can be utilized for a new kind of password strength meter.