Abstract: In recent work on making PAKE protocols auditable, we identified the need for passwords that human users were extremely unlikely to make a mistake with. The context meant that users had to use different passwords for different purposes. While not solving that problem, the present paper finds a way to structure passwords to achieve the same effect while in general making password guessing attacks more detectable and less profitable. We propose a tool to help users pick compliant passwords, and then only treat compliant passwords as worth passing on to the server.

Key words: password, security, password criteria, two-folder verification, low false-warning probability

摘要： 在近期有关使PAKE协议具备可审计性的研究工作中，认识到需要对于人类用户极不可能出错的口令.这意味着用户针对不同用途必须使用不同的口令.提出一种构建口令的方式来达到同样的效果，尽管没有直接解决上述问题，但在总体上使口令猜测攻击更容易检测并使攻击获益降低.我们提出一种工具来帮助用户挑选合规口令，继而仅将合规口令作为值得传递给服务器的口令.

关键词: 口令, 安全, 口令格式, 双重检测, 低误警率