Passwords, particularly text-based, are the most common authentication mechanisms across all platforms and services like computers, mobiles, web and network services. Existing password strength evaluators and online service providers (Gmail, Yahoo, Paypal, Twitter, etc) password strength estimators determine the effectiveness of passwords chosen by user based on entropy techniques or a similar function of the parameters: length, complexity and predictability. Such implementations often ignore passwords part of publicly available password dictionaries and password leaks which are often the primary choice for malicious adversaries and particularly script kiddies. This paper presents an application that would help in preventing the use of such passwords thereby reducing the impact of dictionary based password attacks significantly. The application maintains a database of unique passwords by gathering publicly available password dictionaries and passwords leaked over the Internet. The application provides users with an interface to query the database and verify if their passwords are already available on the Internet thereby preventing them from the use of such passwords.

Library of Congress Subject Headings

Computers--Access control--Passwords; Computer crimes--Prevention; Data protection

Publication Date


Document Type


Student Type


Degree Name

Computing Security (MS)

Department, Program, or Center

Department of Computing Security (GCCIS)


Bill Stackpole

Advisor/Committee Member

Daryl Johnson

Advisor/Committee Member

Yin Pan


Physical copy available from RIT's Wallace Library at QA76.9.A25 M345 2014


RIT – Main Campus

Plan Codes