This study tests metrics for password creation policies by focusing on actual attack methodologies and real user passwords.
In this paper the authors attempt to determine the effectiveness of using entropy, as defined in NIST SP800-63, as a measurement of the security provided by various password creation policies. This focus on actual attack methodologies and real user passwords quite possibly makes this one of the largest studies on password security to date. In addition the authors examine what these results mean for standard password creation policies, such as minimum password length, and character set requirements. The authors model the success rate of current password cracking techniques against real user passwords. These data sets were collected from several different websites, the largest one containing over 32 million passwords. (Published Abstract Provided)
Downloads
Similar Publications
- Understanding and Reducing Deaths in Custody: Final Research Report
- Post-burn and Post-blast Rapid Detection of Trace and Bulk Energetics by 3D-printed Cone Spray Ionization Mass Spectrometry
- A Self-assessment Tool for Helping Identify Police Burnout Among Investigators of Child Sexual Abuse Material