This study tests metrics for password creation policies by focusing on actual attack methodologies and real user passwords.
In this paper the authors attempt to determine the effectiveness of using entropy, as defined in NIST SP800-63, as a measurement of the security provided by various password creation policies. This focus on actual attack methodologies and real user passwords quite possibly makes this one of the largest studies on password security to date. In addition the authors examine what these results mean for standard password creation policies, such as minimum password length, and character set requirements. The authors model the success rate of current password cracking techniques against real user passwords. These data sets were collected from several different websites, the largest one containing over 32 million passwords. (Published Abstract Provided)
Downloads
Similar Publications
- DNA Purification in Microfluidic Systems for Clinical and Forensic Application
- A Multi-Stream Fusion Approach with One-Class Learning for Audio-Visual Deepfake Detection
- Enhancing Fault Ride-Through Capacity of DFIG-Based WPs by Adaptive Backstepping Command Using Parametric Estimation in Non-Linear Forward Power Controller Design