Evaluating the strength of a multilingual passphrase policy

This study investigated the security gains of using a multilingual passphrase policy in user generated passphrases that are based on African and Indo-European languages. The research on passwords has been largely focused on the Global North where English is often the first or only language. Targeted password guessing of English and Chinese-based passwords shows that a user’s mother tongue language can influence password structure, something that reflects on security. Given a multilingual user group, for example in Africa, it is interesting to establish whether such a population can generate secure multilingual passphrases. Accordingly, the findings of this study could be extrapolated to other contexts with multilingual users. The results show that English language-oriented passwords dominated the short password corpora. Moreover, the use of a multilingual passphrase policy reduced the dominance of English language-oriented passwords. Further analysis shows that short passwords oriented towards an Indo-European language were easier to guess when compared to short passwords based on African languages. Hence, this study encourages orienting passwords to other languages, with the use of a multilingual passphrase policy expected to offer more security.