812 KB | 3 files | PDF
Requiring users to set strong passwords shores up one aspect of your network security, but it also may encourage other bad password management practices. This research report details the findings of a survey of 5,000 users who were asked to create passwords in various strength and application scenarios.
Passwords remain one of the most important, and yet most mismanaged, of IT security measures. No matter how many times you tell them not to, users share their passwords with other people, post them on sticky notes next to their monitors, or just set them to be so obvious that hackers can easily guess them.
In this paper, researchers from the National Institute of Standards and Technology and Carnegie Mellon University present their findings from a survey-based study of 5,000 online users who were asked to create passwords based on a variety of composition models and use scenarios. The researchers then go on to evaluate the results by various criteria, including entropy (the number of brute-force guesses it would take to break the password) and where users are likely to store passwords created for various scenarios.
Included in this zip file are:
This publication provides guidelines for establishing and participating in cyber threat information sharing relationships. ... More >>
This document provides recommendations and guidelines for enhancing trust in email, including transmission and content security recommendations. ... More >>
This excerpt focuses on the conceptual aspects of defect management, including the basic concepts of a defect, how to manage defects, and an analysis of the root causes of defects. ... More >>