This study tests metrics for password creation policies by focusing on actual attack methodologies and real user passwords.
In this paper the authors attempt to determine the effectiveness of using entropy, as defined in NIST SP800-63, as a measurement of the security provided by various password creation policies. This focus on actual attack methodologies and real user passwords quite possibly makes this one of the largest studies on password security to date. In addition the authors examine what these results mean for standard password creation policies, such as minimum password length, and character set requirements. The authors model the success rate of current password cracking techniques against real user passwords. These data sets were collected from several different websites, the largest one containing over 32 million passwords. (Published Abstract Provided)
Downloads
Similar Publications
- The Cross-Reactivity of the Cannabinoid Analogs (delta-8-THC, delta-10-THC and CBD) and their metabolites in Urine of Six Commercially Available Homogeneous Immunoassays, Grant Report
- Restoring Promise: Positive Research Results from a Program that Aims to Transform Correctional Culture
- Developmental Variation in Amygdala Volumes: Modeling Differences Across Time, Age, and Puberty