Passwords are still the most commonly used mechanism for user authentication. However, they are vulnerable to dictionary attacks. In order to guard against such attacks, administrative policies force the use of complex rules to create passwords. One commonly used "trick" is to use keyboard patterns, i.e., key patterns on a keyboard, to create passwords that conform to the complex rules. This paper proposes an efficient and effective method to attack passwords generated from some special keyboard patterns. We create a framework to formally describe the commonly used keyboard patterns of adjacent keys and parallel keys, called AP patterns, to generate password databases. Our simulation results show that the password space generated using AP patterns is about 244.47 times smaller than that generated for a brute-force attack. We also design a hybrid password cracking system consisting of different attacking methods to verify the effectiveness. Our results show that the number of passwords cracked increases up to 114% on average than without applying AP patterns.
International Journal of Innovative Computing, Information and Control 8(1)pt.A, pp.387-402