Enhanced Evaluation Model of Security Strength for Passwords Using Integrated Korean and English Password Dictionaries

Abstract

In the field of information security, passwords are a means of authenticating users. Passwords with weak security cannot perform the role of user authentication and personal information protection because confidentiality is easily violated. To ensure confidentiality, it is important to evaluate the strength of the password and choose a very secure password. Due to this fact, security evaluation models for various passwords have been presented. However, existing evaluation models evaluate security based on the English alphabet. Passwords depend on the memory of the user and are closely related to the language or environment used by the user. In this regard, there are limitations in applying the existing security evaluation models to passwords chosen by non-English speakers. We compose a non-English, Korean language-based password dictionary and propose a password security evaluation model based on this for Korean users. In addition, to verify the effectiveness of the proposed model, we conducted experiments to evaluate the security of Korean language-based passwords using a database of passwords that have been actually leaked. As a result, the proposed model showed 99.38% accuracy for Korean language-based leaked passwords. This is superior to the 80.06% accuracy shown by the existing model. In conclusion, the use of the Korean language-based password security evaluation model proposed in this paper will contribute to choosing more secure passwords for Korean language-based sites or users.