Research On Password Security Enhancement Method Based On Multi-policy Fusion

Identity authentication technology is becoming more and more important as "Internet +" applications serve all walks of life.Password,as the most common and widely used authentication method,cannot be completely replaced in the short term.However,with the rapid development of computer computing power,the security threats faced by passwords have become more and more serious.Therefore,it is imperative to study password security enhancement methods.Password security enhancement methods mainly focus on password generation policies and password strength evaluators.The password generation policy is used to guide users to create stronger passwords,and the password strength evaluator is used to detect the strength of passwords created by users.This paper will focus on the password generation policy.The password generation policy has the problem of balancing security and usability.At present,the password generation policies commonly used on websites such as basic6(password must contain at least 6 characters)and 2class6(password must contain at least 6 characters and contain two or more character-types)are not sufficiently safe.The 3class8(password must contain at least 8 characters and contain 3 or more character-types)policy is not only difficult for users to remember,but may also allow users to generate weak passwords.On the basis of ensuring availability,how to encourage users to create stronger passwords,and how to increase the active defense capabilities of password sets to resist brute force attacks from existing powerful computing capabilities are issues that must be studied.This paper proposes a password security enhancement method based on multi-policy fusion.By analyzing the preferences of text password settings,this method proposes a wellused password generation policy VLDP-Recall based on the fusion of text and graphics to enhance the strength of user passwords;through the honeypot password generation method based on the VLDP-Recall policy,highly confusing fake passwords provide active defense for password sets and enhance the ability of passwords to resist guessing attacks.The security and usability of the password generation policy are evaluated through guessing attack experiments and password creation recall experiments,and the effectiveness of honeypot passwords is evaluated through generation comparison and guessing attack experiments.The experimental results show that the VLDP-Recall policy proposed in this paper can effectively improve the strength of the password and has good usability.With the current computing power of 1E+20,the cracking rate of the VLDP-Recall password is as low as 68.5%compared to the current policy cracking rate of about 100%.The VLDP-Recall honeypot password generation method can generate fake passwords that are very similar to real passwords and will not reveal user privacy.The method proposed in this paper can effectively enhance password security.