METHOD AND MEANS OF THE TEXT PASSWORDS SECURITY IMPROVEMENT, UNDERSTANDABLE FOR THE USERS

Abstract

Paper contains the results of the analysis of users authentication process characteristic features, which enabled to substantiate the expediency of using the passwords as the authentication factors. The problem of generation of the strong password by the users who may not possess the sufficient competence in the sphere of cyber security has been considered. Known approaches to passwords generation, which can be applied for the solution of this problem, focusing the attention on the methods, allowing to generate the passwords, understandable for the users and hence are simpler for memorizing have been analyzed. The usage of learning samples or dictionaries, chosen, depending on the users that negatively influences the scalability of the methods application was considered as the common drawback. Method of improving the password strength, based on using words, wordforms or word combinations introduced by the users and their further modification was suggested. The proposed modifications are based on of the table of the symbols replacement, the table is suggested to form prior to method application. In particular, in the given research the formation of this table was performed on the base of users enquiry. The method, where the results of the enquiry were taken into account during the symbols replacement was described. For the improvement of the flexibility of the method application the control parameter was provided — probability of the modification of a certain symbol from the row, suggested by the user as a password. Algorithm, enabling to realize the proposed method, is presented. In order to substantiate the possibility of the realization, the developed platform-independent programming tool that realizes the suggested method, was described. The results of the tool testing were presented. On the base of the analysis of the presented results the characteristic features of the method and the impact of the replacements table on the output set of potential passwords, obtained as a result of the application operation were demonstrated. The conclusions were made from the research carried out, further development trends were outlined.