Crunching the Top 10,000 Websites' Password Policies and Controls
Authors: Steve Werby

Date: July 2013
Publication: Passwords13 Las Vegas
Source: Currently no known Internet copy of paper.

Abstract or Summary:
I will discuss a project to assess and rate password policies and controls from the top 10,000 websites by leveraging technology, volunteers, and low-cost marketplaces like Amazon Mechanical Turk.

A detailed analysis of password policies and authentication controls for widely-used websites appeared non-existent, so I sought to address that. Though some data could be collected programatically, many of the desired attributes are not easily collected in an automated fashion, and manual collection is time-consuming. To address this, I utilized low-cost marketplaces like Amazon Mechanical Turk and implemented a system to allow volunteers to add, update, and modify data. I will cover my methodology, an analysis of the collected data, challenges, lessons learned, and future plans. Ultimately, I hope the project will result in better awareness of poor password policies and controls, leading to positive change. Note: Video of presentation:

Do you have additional information to contribute regarding this research paper? If so, please email with the details.

<-- Back to Authentication Research Paper Index

[Home] [About Us] [News] [Research]

Copyright © 2019