Evaluating Password Advice
Date: June 2017
Publication: 2017 28th Irish Signals and Systems Conference (ISSC)
Page(s): 1 - 6
Source 1: https://arxiv.org/abs/1710.09789
Source 2: https://doi.org/10.1109/ISSC.2017.7983609 - Subscription or payment required
Abstract or Summary:
Password advice is constantly circulated by standards agencies, companies, websites and specialists. But there appears to be great diversity in terms of the advice that is given. Users have noticed that different websites are enforcing different restrictions. For example, requiring different combinations of uppercase and lowercase letters, numbers and special characters. We collected password advice and found that the advice distributed by one organization can directly contradict advice given by another. Our paper aims to illuminate interesting characteristics for a sample of the password advice distributed. We also create a framework for identifying the costs associated with implementing password advice. In doing so we identify a reason for why password advice is often both derided and ignored.
PasswordResearch.com Note: Video of presentation (at a different conference, PasswordsCon 2018 Stockholm): https://www.youtube.com/watch?v=0kZpOSpl8EE
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.