SamPass: Secure & Memorable Password recommendation system

27 December 2022, 14:00 
zoom & Room 206 
SamPass: Secure & Memorable Password recommendation system

Assaf Morag, student  Advisor: Prof. Eran Toch

Via Zoom click here


Organizations try to improve the strength of users’ passwords by asking them to adhere to password policies, which dictate different heuristics to strengthen a given password. Still, the passwords generated following these heuristics are predictable and can easily be guessed. Computer-generated passwords help users generate strong passwords, but they aren’t keen to use them since they are not memorable. We suggest a different approach, where we use massive datasets of passwords to provide online suggestions for stronger passwords based on users' own password choices. We utilize the PESrank model, which generates a strength score using a database of 1.4 Billion compromised passwords. The suggestions are generated using an optimization process that tries to maximize the strength of the password while keeping it easy to remember. A simulation-based study based on a sample of leaked password datasets has shown that our method delivers suggestions that have better strength and memorability than state-of-the-art password policy enforcement technologies. A validation study (n=400) that examined the strength and memorability of our feedback and suggestions showed that users who used our suggestions had stronger passwords. In an online experiment (n=404), we showed that our password suggestions interactions result in better performance than state-of-the-art password meters. I discuss how our findings can be applied to provide better organizational and personal security, even in an era of a gradual move to password alternatives.

With Prof. Avishai Wool and Liron David.



Assaf Morag is an M.Sc student at the department of industrial Engineering at Tel Aviv University. Assaf holds a B.Sc degree in Industrial Engineering and Management, from Tel Aviv University and B.A. degree in Psychology, Sociology and Anthropology, from Tel Aviv University. Assaf works as a cloud native Security researcher at Aqua Security. This work was conducted under the supervision of Prof. Eran Toch



• E-Mail:

• Linkedin


Tel Aviv University makes every effort to respect copyright. If you own copyright to the content contained
here and / or the use of such content is in your opinion infringing, Contact us as soon as possible >>