Of Passwords and People: Measuring the Effect of Password-Composition Policies

NIST is a non-regulatory federal agency within the U.S. Department of Commerce. NIST's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards and technology in ways that enhance economic security and improve our quality of life.

All IT Downloads from National Institute of Standards and Technology » | Visit National Institute of Standards and Technology »

From National Institute of Standards and Technology | Sep 19, 2011

Passwords remain one of the most important, and yet most mismanaged, of IT security measures. No matter how many times you tell them not to, users share their passwords with other people, post them on sticky notes next to their monitors, or just set them to be so obvious that hackers can easily guess them.

In this paper, researchers from the National Institute of Standards and Technology and Carnegie Mellon University present their findings from a survey-based study of 5,000 online users who were asked to create passwords based on a variety of composition models and use scenarios. The researchers then go on to evaluate the results by various criteria, including entropy (the number of brute-force guesses it would take to break the password) and where users are likely to store passwords created for various scenarios.

Included in this zip file are:

• Of Passwords and People.pdf
• Intro Doc.pdf
• Terms and Conditions.pdf

Related IT Downloads

• 

  Top 10 Sources of Firewall Blocks - October 2009

  RESEARCH

  This table is taken from Network Box's report on Globalization of Malware Production.

• 

  SQL Injection Attacks and Defense Book Excerpt

  BOOK EXCERPTS

  Get a clear understanding of this emerging tactic for hackers to gain access to your precious data.

• 

  Physical Access Policy

  POLICIES

  Use this tool to set policies and enforce policies that govern access to your computer rooms.