Cyberspace security issues continue to receive widespread hot attention in the academic field and industry. In the complex and fierce attack and defense process in cyberspace, it is often accompanied by the cracking and reinforcement of password authentication systems. As the most commonly used identity authentication factor, user passwords are closely related to almost all network users and even closely related to national security. Current password-based authentication systems face serious challenges, including password guessing attacks and phishing attacks. Therefore, how to discover the weaknesses of user passwords and propose effective defense methods is a research hotspot in the field of cyberspace security. To this end, this project: 1. Systematically discovering a series of unique security weaknesses that have existed for a long time in Chinese user passwords has pointed out effective ways to ensure the password security of our users in cyberspace. This achievement builds a data-driven user password feature analysis method. It analyzes in depth more than 100 million real plaintext passwords and finds that Chinese user passwords have significant numerical preferences and regional characteristics such as Chinese Pinyin, and finds that user passwords are significantly correlated with email addresses, etc. Using these findings can greatly improve the attack efficiency of password guessing methods. The "2014-2015 Cryptography Discipline Development Report" compiled by China Cryptography Society included this achievement in ldquo; In recent years, Chinese researchers have made some international breakthroughs in the research of electronic authentication technology rdquo;. This achievement has been applied to the currently internationally popular password strength meter. 2. Two types of user password reuse behaviors, intra-site reuse and cross-site reuse, were proposed for the first time, and significant behavioral rules for users to reuse passwords were found. Through quantitative analysis of more than 4 million sets of real passwords, this result found that the probability of users reusing passwords within the site is significantly higher than that of about twice the behavioral rule of reusing cross-site passwords. This achievement provides basic data support and theoretical basis for revealing the harm of database collision attacks and effectively responding to the problem of password reuse. This achievement has been applied to the design of password reuse notification for popular websites. 3. Constructing a personal automatic white list method, a signature-based witch attack detection method, and a dynamic multi-factor binding method that quantifies risks and benefits have been found to effectively protect user passwords from common attacks such as phishing and guessing, and improve users 'digital identity security in cyberspace, including user passwords. IEEE Communications Surveys & Tutories (SCI Impact Factor 20.23, 2017) published a review paper, describing the proposed automatic whitelisting method as a representative achievement in the direction of anti-phishing attacks, and giving a detailed introduction on nearly an entire page. This project has published a total of 4 CCF A conference journal papers of China Computer Society (CCF A conference journals refer to the very few top journals and conferences in the world, which encourage Chinese scholars to break through the conference journals), and have been cited more than 300 times by authoritative conference journal papers in fields including ACM CCS, IEEE S amp;P, IEEE TIFS and other fields, including SCI, 54 times. Among the 8 representative other citations listed, 7 are CCF Class A conference journals, and the other is an authoritative journal with an SCI impact factor of 20.23. The representative paper published in USENIX Security 2014 won the Best Information Security Paper Award of the Shanghai City Computer Society in 2016. The two completers received funding from the National Thousand Youth Program. Existing results have been applied in relevant departments. On the basis of the above research work, this project has been supported by a number of scientific research projects such as the National Natural Science Foundation of China to further carry out research on user password security theory and technology.