Password policy: the good, the bad, and the ugly

Authors:
Wayne C. Summers;Edward Bosworth
Affiliations:
Columbus State University, Columbus, GA;Columbus State University, Columbus, GA
Venue:
WISICT '04 Proceedings of the winter international synposium on Information and communication technologies
Year:
2004

Citing 3
Cited 9

Active Defense: A Comprehensive Guide to Network Security

Active Defense: A Comprehensive Guide to Network Security
Web Security, Privacy and Commerce

Web Security, Privacy and Commerce
Principles of Information Security

Principles of Information Security

A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords

SOUPS '06 Proceedings of the second symposium on Usable privacy and security
State based authentication

Proceedings of the 43rd annual Southeast regional conference - Volume 2
The usability of passphrases for authentication: An empirical field study

International Journal of Human-Computer Studies
Password policy simulation and analysis

Proceedings of the 2007 ACM workshop on Digital identity management
Encountering stronger password requirements: user attitudes and behaviors

Proceedings of the Sixth Symposium on Usable Privacy and Security
A field study of user behavior and perceptions in smartcard authentication

INTERACT'11 Proceedings of the 13th IFIP TC 13 international conference on Human-computer interaction - Volume Part IV
Password exhaustion: predicting the end of password usefulness

ICISS'06 Proceedings of the Second international conference on Information Systems Security
How does your password measure up? the effect of strength meters on password creation

Security'12 Proceedings of the 21st USENIX conference on Security symposium
A hybrid approach for highly available and secure storage of Pseudo-SSO credentials

NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

"We're secure! We use passwords!" How many of us have heard this claim? Or even -- "We're secure! We have a password policy!" Using a password or having a password policy in today's world of computing is not enough. Passwords provide a first line of defense in most cases, but there is much more. "A recent survey by Rainbow Technologies Inc. indicates that the use of insecure passwords can be costly -- and potentially risky -- for corporate data. "[Rosencrance] This paper focuses on the use of passwords and password policy and looks at the good, the bad and the ugly scenarios that arise.