A New Multimodal Approach for Password Strength Estimation - Part I: Theory and Algorithms

Abstract

After more than two decades of research in the field of password strength estimation, one clear conclusion may be drawn: no password strength metric by itself is better than all other metrics for every possible password. Building upon this certainty and also taking advantage of the knowledge gained in the area of information fusion, in this paper, we propose a novel multimodal strength metric that combines several imperfect individual metrics to benefit from their strong points in order to overcome many of their weaknesses. The final multimodal metric comprises different modules based both on heuristics and statistics, which, after their fusion, succeed to provide in real time a realistic and reliable feedback regarding the 'guessability' of passwords. The validation protocol and the test results are presented and discussed in a companion paper.