Sciweavers

CHI
2011
ACM

Of passwords and people: measuring the effect of password-composition policies

13 years 3 months ago
Of passwords and people: measuring the effect of password-composition policies
Text-based passwords are the most common mechanism for authenticating humans to computer systems. To prevent users from picking passwords that are too easy for an adversary to guess, system administrators adopt password-composition policies (e.g., requiring passwords to contain symbols and numbers). Unfortunately, little is known about the relationship between password-composition policies and the strength of the resulting passwords, or about the behavior of users (e.g., writing down passwords) in response to different policies. We present a large-scale study that investigates password strength, user behavior, and user sentiment across four password-composition policies. We characterize the predictability of passwords by calculating their entropy, and find that a number of commonly held beliefs about password composition and strength are inaccurate. We correlate our results with user behavior and sentiment to produce several recommendations for password-composition policies that resu...
Saranga Komanduri, Richard Shay, Patrick Gage Kell
Added 25 Aug 2011
Updated 25 Aug 2011
Type Journal
Year 2011
Where CHI
Authors Saranga Komanduri, Richard Shay, Patrick Gage Kelley, Michelle L. Mazurek, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman
Comments (0)