Measuring the Effect of Password-Composition Policies
812 KB | 3 files |
PDF
Requiring users to set strong passwords shores up one
aspect of your network security, but it also may encourage other bad
password management practices. This research report details the findings
of a survey of 5,000 users who were asked to create passwords in
various strength and application scenarios.
From National Institute of Standards and Technology | Sep 19, 2011
Passwords remain one of the most important, and yet most
mismanaged, of IT security measures. No matter how many times you tell
them not to, users share their passwords with other people, post them on
sticky notes next to their monitors, or just set them to be so obvious
that hackers can easily guess them.
In this paper, researchers
from the National Institute of Standards and Technology and Carnegie
Mellon University present their findings from a survey-based study of
5,000 online users who were asked to create passwords based on a variety
of composition models and use scenarios. The researchers then go on to
evaluate the results by various criteria, including entropy (the number
of brute-force guesses it would take to break the password) and where
users are likely to store passwords created for various scenarios.
Included in this zip file are:
- Of Passwords and People.pdf
- Intro Doc.pdf
- Terms and Conditions.pdf
LibreOffice
Firefox
No comments:
Post a Comment