Password security: a case history
Communications of the ACM
Password Memorability and Security: Empirical Results
IEEE Security and Privacy
Fast dictionary attacks on passwords using time-space tradeoff
Proceedings of the 12th ACM conference on Computer and communications security
ACSW '07 Proceedings of the fifth Australasian symposium on ACSW frontiers - Volume 68
Improving text passwords through persuasion
Proceedings of the 4th symposium on Usable privacy and security
Password Cracking Using Probabilistic Context-Free Grammars
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
So long, and no thanks for the externalities: the rational rejection of security advice by users
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Password exhaustion: predicting the end of password usefulness
ICISS'06 Proceedings of the Second international conference on Information Systems Security
CT-RSA'07 Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology
Attack on the GridCode one-time password
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Of passwords and people: measuring the effect of password-composition policies
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Using global knowledge of users' typing traits to attack keystroke biometrics templates
Proceedings of the thirteenth ACM multimedia workshop on Multimedia and security
Proceedings of the 2011 workshop on New security paradigms workshop
Correct horse battery staple: exploring the usability of system-assigned passphrases
Proceedings of the Eighth Symposium on Usable Privacy and Security
Distinguishing users with capacitive touch communication
Proceedings of the 18th annual international conference on Mobile computing and networking
How does your password measure up? the effect of strength meters on password creation
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Learning from early attempts to measure information security performance
CSET'12 Proceedings of the 5th USENIX conference on Cyber Security Experimentation and Test
The benefits of understanding passwords
HotSec'12 Proceedings of the 7th USENIX conference on Hot Topics in Security
Visualizing semantics in passwords: the role of dates
Proceedings of the Ninth International Symposium on Visualization for Cyber Security
Video-passwords: advertising while authenticating
Proceedings of the 2012 workshop on New security paradigms
Building better passwords using probabilistic techniques
Proceedings of the 28th Annual Computer Security Applications Conference
FC'12 Proceedings of the 16th international conference on Financial Cryptography and Data Security
Statistical metrics for individual password strength
SP'12 Proceedings of the 20th international conference on Security Protocols
Does my password go up to eleven?: the impact of password meters on password selection
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Optimizing password composition policies
Proceedings of the fourteenth ACM conference on Electronic commerce
On the ecological validity of a password study
Proceedings of the Ninth Symposium on Usable Privacy and Security
Usability and security evaluation of GeoPass: a geographic location-password scheme
Proceedings of the Ninth Symposium on Usable Privacy and Security
Measuring password guessability for an entire university
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Passwords and interfaces: towards creating stronger passwords by using mobile phone handsets
Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
Examining a Large Keystroke Biometrics Dataset for Statistical-Attack Openings
ACM Transactions on Information and System Security (TISSEC)
Pitfalls in the automated strengthening of passwords
Proceedings of the 29th Annual Computer Security Applications Conference
Useful password hashing: how to waste computing cycles with style
Proceedings of the 2013 workshop on New security paradigms workshop
Hi-index | 0.00 |
In this paper we attempt to determine the effectiveness of using entropy, as defined in NIST SP800-63, as a measurement of the security provided by various password creation policies. This is accomplished by modeling the success rate of current password cracking techniques against real user passwords. These data sets were collected from several different websites, the largest one containing over 32 million passwords. This focus on actual attack methodologies and real user passwords quite possibly makes this one of the largest studies on password security to date. In addition we examine what these results mean for standard password creation policies, such as minimum password length, and character set requirements.