Random Passwords Aren’t Good Enough
Authors: Rob Yoder

Date: November 19 2018
Publication: PasswordsCon 2018 Stockholm
Source: Currently no known Internet copy of paper.

Abstract or Summary:
Most modern authentication systems have requirements for passwords beyond just the length. Password managers must be able to generate passwords that both meet these requirements and maintain a maximum level of entropy without causing their users confusion or frustration. Ideally, the generator could select characters completely at random from a set of allowed characters, but this approach will often yield passwords that do not conform to the system’s requirements. I’ll discuss possible solutions to this problem, which solution we chose at 1Password, and the entropy calculation algorithm that made that decision possible.

PasswordResearch.com Note: Video of presentation: https://www.youtube.com/watch?v=3IXx_6a_TPs Project page: https://github.com/1password/spg


Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.

<-- Back to Authentication Research Paper Index





[Home] [About Us] [News] [Research]

Copyright © 2019 PasswordResearch.com