Evaluating Password Advice
Authors: Hazel Murray, David Malone

Date: June 2017
Publication: 2017 28th Irish Signals and Systems Conference (ISSC)
Page(s): 1 - 6
Publisher: IEEE
Source 1: https://arxiv.org/abs/1710.09789
Source 2: https://doi.org/10.1109/ISSC.2017.7983609 - Subscription or payment required

Abstract or Summary:
Password advice is constantly circulated by standards agencies, companies, websites and specialists. But there appears to be great diversity in terms of the advice that is given. Users have noticed that different websites are enforcing different restrictions. For example, requiring different combinations of uppercase and lowercase letters, numbers and special characters. We collected password advice and found that the advice distributed by one organization can directly contradict advice given by another. Our paper aims to illuminate interesting characteristics for a sample of the password advice distributed. We also create a framework for identifying the costs associated with implementing password advice. In doing so we identify a reason for why password advice is often both derided and ignored.

PasswordResearch.com Note: Video of presentation (at a different conference, PasswordsCon 2018 Stockholm): https://www.youtube.com/watch?v=0kZpOSpl8EE

Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.

<-- Back to Authentication Research Paper Index

[Home] [About Us] [News] [Research]

Copyright © 2019 PasswordResearch.com