助记口令创建策略综述  

作　　者：陈佳敏 蒋惠萍[1] CHEN Jiamin;JIANG Huiping(School of Information Engineering,Minzu University of China,Beijing 100081,China)

机构地区：[1]中央民族大学信息工程学院,北京100081

出　　处：《计算机科学》2024年第S02期808-818,共11页Computer Science

摘　　要：口令身份验证因其简单性和可部署性而成为当今最常见的身份验证方式。随着口令猜测攻击算法的不断改进,对口令强度的要求也越来越高。强口令虽然能够提高安全性,但往往难以记忆,而易记口令则容易受到破解的威胁,因此选择既强大又易于记忆的口令成为一项挑战。随着每个用户的账户数量不断增加,需要记住的口令数量也在增加,这给人类记忆带来了明显的压力,因此寻找生成易记强口令的方法成为必须。在过去的二十多年里,许多研究者提出了基于不同助记工具的助记口令创建策略。故对现有的助记口令创建策略进行综述,首先针对口令创建背景、口令强度进行概况总结,其次根据助记工具的特点,将其分为基于句子、基于单词、基于键盘和其他特殊类型4类,并对每种类型进行了深入综述;最后,对助记口令创建策略进行了总结和展望,并指出了未来的研究方向和发展趋势。Password authentication is the most common authentication method today due to its good simplicity and nice deployability.As algorithms for password guessing attacks continue to improve,the requirement for strong passwords is also increasing.Strong passwords,while improving security,are often difficult to memorize,while easy-to-remember passwords are vulnerable to cracking threats,making it a challenge to choose passwords that are both strong and easy to remember.As the number of accounts per user continues to grow,so does the number of passphrases that need to be memorized,placing a noticeable strain on human memory and making it necessary to find ways to generate strong passphrases that are easy to remember.Over the past two decades,many researchers have proposed strategies for creating mnemonic passphrases based on different mnemonic tools.Therefore,a review of existing mnemonic password creation strategies is conducted.Firstly,an overview is summarized for the background of password creation and the strength of the password.Secondly,according to the characteristics of mnemonic tools,they are categorized into four types:sentence-based,word-based,keyboard-based and other special types,and each type is reviewed in depth.Finally,the strategies for creating mnemonic passphrases are summarized and outlooked,and future research directions and development trends are pointed out.

关 键 词：助记口令 口令强度 口令策略 可记忆性 安全性 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]