Pushing on String: Adventures in the 'Don't Care' Regions of Password Strength
Author(s): Cormac Herley

Date: August 2015
Publication: Passwords15 Las Vegas
Source 1: http://research.microsoft.com/pubs/227130/pushingOnStringTCD.pdf

Abstract or Summary:
The gap between the effort needed to withstand online and offline password guessing attacks is enormous, and there's a large gap where increasing cracking resistance leads to no change in outcomes. On many networks there's also a snowball effect, where an attacker with x% of credentials controls much more than x% of network resources; this also gives a large region where increasing cracking resistance accomplishes nothing. This talk examines the administrator's task of defending a population of users from password cracking, what does and doesn't make sense, and where we are wasting our time (spoiler alert: almost everywhere.)

PasswordResearch.com Note: Video of presentation: https://www.youtube.com/watch?v=bhAWjQTigNY Slides were from a different presentation, but similar to what was presented. Associated with research published in paper An Administratorís Guide to Internet Password Research http://www.passwordresearch.com/papers/paper460.html

Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.

<-- Back to Authentication Research Paper Index

[Home] [About Us] [News] [Research]

Copyright © 2016 PasswordResearch.com