Making Passwords Secure and Usable
HCI 97 Proceedings of HCI on People and Computers XII
Estimation of entropy and mutual information
Neural Computation
The domino effect of password reuse
Communications of the ACM - Human-computer etiquette
Password security: an empirical study
Journal of Management Information Systems
A large-scale study of web password habits
Proceedings of the 16th international conference on World Wide Web
Improving password security and memorability to protect personal and organizational information
International Journal of Human-Computer Studies
A comprehensive simulation tool for the analysis of password policies
International Journal of Information Security
The true cost of unusable password policies: password use in the wild
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Encountering stronger password requirements: user attitudes and behaviors
Proceedings of the Sixth Symposium on Usable Privacy and Security
Where do security policies come from?
Proceedings of the Sixth Symposium on Usable Privacy and Security
Testing metrics for password creation policies by attacking large sets of revealed passwords
Proceedings of the 17th ACM conference on Computer and communications security
The security of modern password expiration: an algorithmic framework and empirical analysis
Proceedings of the 17th ACM conference on Computer and communications security
Popularity is everything: a new approach to protecting passwords from statistical-guessing attacks
HotSec'10 Proceedings of the 5th USENIX conference on Hot topics in security
SP 800-63-1. Electronic Authentication Guideline
SP 800-63-1. Electronic Authentication Guideline
Rational security: Modelling everyday password use
International Journal of Human-Computer Studies
Correct horse battery staple: exploring the usability of system-assigned passphrases
Proceedings of the Eighth Symposium on Usable Privacy and Security
How does your password measure up? the effect of strength meters on password creation
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Password entry usability and shoulder surfing susceptibility on different smartphone platforms
Proceedings of the 11th International Conference on Mobile and Ubiquitous Multimedia
Building better passwords using probabilistic techniques
Proceedings of the 28th Annual Computer Security Applications Conference
Linguistic properties of multi-word passphrases
FC'12 Proceedings of the 16th international conference on Financial Cryptography and Data Security
FC'12 Proceedings of the 16th international conference on Financial Cryptography and Data Security
Preventing the revealing of online passwords to inappropriate websites with logininspector
lisa'12 Proceedings of the 26th international conference on Large Installation System Administration: strategies, tools, and techniques
Effect of grammar on security of long passwords
Proceedings of the third ACM conference on Data and application security and privacy
Proceedings of the third ACM conference on Data and application security and privacy
Statistical metrics for individual password strength
SP'12 Proceedings of the 20th international conference on Security Protocols
Using simulation to engineer cybersecurity requirements
Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop
A measurement study of insecure javascript practices on the web
ACM Transactions on the Web (TWEB)
Does my password go up to eleven?: the impact of password meters on password selection
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Optimizing password composition policies
Proceedings of the fourteenth ACM conference on Electronic commerce
Exploring capturable everyday memory for autobiographical authentication
Proceedings of the 2013 ACM international joint conference on Pervasive and ubiquitous computing
CASA: context-aware scalable authentication
Proceedings of the Ninth Symposium on Usable Privacy and Security
On the ecological validity of a password study
Proceedings of the Ninth Symposium on Usable Privacy and Security
Quantifying the security of graphical passwords: the case of android unlock patterns
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Measuring password guessability for an entire university
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Passwords and interfaces: towards creating stronger passwords by using mobile phone handsets
Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
Proceedings of the 2013 ACM workshop on Artificial intelligence and security
Pitfalls in the automated strengthening of passwords
Proceedings of the 29th Annual Computer Security Applications Conference
Useful password hashing: how to waste computing cycles with style
Proceedings of the 2013 workshop on New security paradigms workshop
Hi-index | 0.01 |
Text-based passwords are the most common mechanism for authenticating humans to computer systems. To prevent users from picking passwords that are too easy for an adversary to guess, system administrators adopt password-composition policies (e.g., requiring passwords to contain symbols and numbers). Unfortunately, little is known about the relationship between password-composition policies and the strength of the resulting passwords, or about the behavior of users (e.g., writing down passwords) in response to different policies. We present a large-scale study that investigates password strength, user behavior, and user sentiment across four password-composition policies. We characterize the predictability of passwords by calculating their entropy, and find that a number of commonly held beliefs about password composition and strength are inaccurate. We correlate our results with user behavior and sentiment to produce several recommendations for password-composition policies that result in strong passwords without unduly burdening users.