A Second Look at Password Composition Policies in the Wild: Comparing Samples from 2010 and 2016
Date: July 12 2017
Publication: Proceedings of the 13th Symposium on Usable Privacy and Security (SOUPS 2017)
Source 1: https://www.usenix.org/conference/soups2017/technical-sessions/presentation/mayer
Source 2: https://www.researchgate.net/publication/319702476_A_Second_Look_at_Password_Composition_Policies_in_the_Wild_Comparing_Samples_from_2010_and_2016
Source 3: https://www.semanticscholar.org/paper/A-Second-Look-at-Password-Composition-Policies-in-Mayer-Kirchner/ed4e26cd99579252246a0a3f40280889481ec37d
Abstract or Summary:
In this paper we present a replication and extension of the study performed by Florêncio and Herley published at SOUPS 2010. They investigated a sample of US websites, examining different website features' effects on the strength of the website's password composition policy (PCP). Using the same methodology as in the original study, we re-investigated the same US websites to identify differences over time. We then extended the initial study by investigating a corresponding sample of German websites in order to identify differences across countries. Our findings indicate that while the website features mostly retain their predicting power for the US sample, only one feature affecting PCP strength translates to the German sample: whether users can choose among multiple alternative websites providing the same service. Moreover, German websites generally use weaker PCPs and, in particular, PCPs of German banking websites stand out for having generally low strength PCPs.
PasswordResearch.com Note: Audio of presentation: https://www.usenix.org/conference/soups2017/technical-sessions/presentation/mayer
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.