The present invention relates to the field of password security, more particularly to calculating a password strength score using heuristics measuring character proximity and relative position.
Passwords are commonly used to secure content from unwanted access. Typically passwords are associated with a username or login. Because passwords are used so commonly, secure passwords are required to maintain an acceptable level of security. Users are often allowed to create their own passwords when using certain services. Because of this, the passwords they create are prone to human error. Some users choose easy to remember passwords to avoid forgetting. Easy to remember passwords can be very insecure because they can sometimes be names or phrases other people that are related to the user can guess easily. Because users can come up with insecure passwords, guidelines are often created to aid users in creating a secure password. For example, a password can have a minimum length and require the use of certain characters (i.e. mixed-cases characters, numbers, punctuation characters).
Although these guidelines can help, they can still allow the creation of insecure passwords. For example, a password must be a minimum of eight characters and must contain at least one number. The user creating the password decides on the password “123qweasd” which fits the stated guidelines. Although the password fits the guidelines, the chosen password fits a common pattern on a standard keyboard layout. The characters that make up the password forms 3 groups of adjacent characters: “123,” “qwe,” and “asd.” Because the motion to type this password is very simple, when the user types the password, someone nearby can notice the pattern and understand the user's password. In addition to “shoulder surfing,” brute force attacks become more feasible as software can be written to favor tests of passwords that contain characters close to one another. A more secure set of guidelines is required to aid users in creating secure passwords for improved security.