Password Policy: The Good, the Bad, and the Ugly
Publication: Proceedings of the Winter International Symposium on Information and Communication Technologies
Page(s): 1 - 6
Source 1: http://csc.colstate.edu/summers/Research/Password-Policy.doc
Source 2: http://portal.acm.org/citation.cfm?id=984720.984724 - Subscription or payment required
Abstract or Summary:
"We're secure! We use passwords!" How many of us have heard this claim? Or even -- "We're secure! We have a password policy!" Using a password or having a password policy in today's world of computing is not enough. Passwords provide a first line of defense in most cases, but there is much more. "A recent survey by Rainbow Technologies Inc. indicates that the use of insecure passwords can be costly -- and potentially risky -- for corporate data. "[Rosencrance] This paper focuses on the use of passwords and password policy and looks at the good, the bad and the ugly scenarios that arise.
PasswordResearch.com Note: Summers and Bosworth don't really bring any new research to the table with their paper, but they do a decent job of summarizing the problems with passwords and offering some tips you can transform into policies within your organization.
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.