Password authentication security and strength analysis of Finnish passwords

Abstract

Password authentication security is a two-sided problem. On the other side are the providers of certain services. These providers have to be able to mitigate the possibility of security breaches happening and handle the aftermath of such events. They also have to provide the users with secure ways to authenticate to their services. The user, on the other hand, has to be able to create strong passwords to reduce the effectiveness of possible attacks. They must also have a firm understanding of how to store their passwords and be willing to use additional security mechanisms. Both parties are equally responsible for the authentication security and have many ways to fail it. This is why password authentication is such a tricky subject.

The purpose of this thesis is twofold. Firstly, a research is done on password authentication in general to find shortcomings in it and how to possibly fix these problems. Several aspects of password authentication are gone through to get a broad picture of the subject. The second part of this thesis is to analyze Finnish passwords that do not contain Finnish dictionary words. This is done to observe any recurring patterns in these passwords and could these passwords be considered strong in general. The results of this analysis are compared to other password studies to see how the passwords differ between different datasets.