This study tests metrics for password creation policies by focusing on actual attack methodologies and real user passwords.
In this paper the authors attempt to determine the effectiveness of using entropy, as defined in NIST SP800-63, as a measurement of the security provided by various password creation policies. This focus on actual attack methodologies and real user passwords quite possibly makes this one of the largest studies on password security to date. In addition the authors examine what these results mean for standard password creation policies, such as minimum password length, and character set requirements. The authors model the success rate of current password cracking techniques against real user passwords. These data sets were collected from several different websites, the largest one containing over 32 million passwords. (Published Abstract Provided)
Downloads
Similar Publications
- Two-Dimensional Correlation Spectroscopy Analysis of Bloodstain Aging Using Fluorescence Spectral Data
- Development of a spectral X-ray fluorescence database to strengthen the scientific foundations for the forensic analysis and interpretation of modern soda-lime glass
- NPS Discovery Q3 2025 Trend Reports: NPS Benzodiazepines, NPS Opioids, NPS Stimulants &