personal.tex

\section{Personalisation}

Personal information make it into the passwords of many users. 136 out of the 250 most common passwords include names, cities, sport teams, brands or activities \cite{seclist}. Without knowing the people these passwords belong to, it is still safe to assume that these words have some kind of meaning to these users.

In the time of social networks and sharing all kinds of media online, it is often quite easy to collect information people might use to create their passwords. A person of interest who is an intensive Facebook user, gives potential attackers easy access to information about relatives, friends, birthdays, work, nicknames or interests. With a little more effort it is possible to create a web crawler that analyses posts and comments of that person and detects commonly used words.

CUPP is an open source command line tool written in Python \cite{cupp}. It allows attackers to enter different kinds of information about a person like names, dates, pets or family members. Afterwards it will generate a personalised password list based on these information. CUPP has many options to tweak the result. For example there's "1337 Mode" that will switch certain letters like "E" for numbers that look similar like "3".

Personalised password attacks sit on the other side of the spectrum when comparing them to high volume database attacks. They increase they likeliness of cracking a single users password at the cost of time spent on information gathering.

\newpage