Of Passwords and People: Measuring the Effect of Password-Composition Policies

812 KB | 3 files | null PDF

Requiring users to set strong passwords shores up one aspect of your network security, but it also may encourage other bad password management practices. This research report details the findings of a survey of 5,000 users who were asked to create passwords in various strength and application scenarios.

Passwords remain one of the most important, and yet most mismanaged, of IT security measures. No matter how many times you tell them not to, users share their passwords with other people, post them on sticky notes next to their monitors, or just set them to be so obvious that hackers can easily guess them.

In this paper, researchers from the National Institute of Standards and Technology and Carnegie Mellon University present their findings from a survey-based study of 5,000 online users who were asked to create passwords based on a variety of composition models and use scenarios. The researchers then go on to evaluate the results by various criteria, including entropy (the number of brute-force guesses it would take to break the password) and where users are likely to store passwords created for various scenarios.

Included in this zip file are:

  • Of Passwords and People.pdf
  • Intro Doc.pdf
  • Terms and Conditions.pdf
IT Downloads help you save time and money while executing essential IT management tasks. Download this useful resource now and put it to work for your business.

This Download is provided by:

Partner logo

NIST is a non-regulatory federal agency within the U.S. Department of Commerce. NIST's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards and technology in ways that enhance economic security and improve our quality of life.

All IT Downloads from National Institute of Standards and Technology» | Visit National Institute of Standards and Technology »
Related IT Downloads

Compliance2 Building a GRC Program: Assessing Stakeholder Needs and Readiness

This table outlines the top needs of each stakeholder group that can help guide your conversations on priorities and needs for the GRC program. ...  More >>

Security95 Guide to Cyber Threat Information Sharing

This publication provides guidelines for establishing and participating in cyber threat information sharing relationships. ...  More >>

email9 Trustworthy Email

This document provides recommendations and guidelines for enhancing trust in email, including transmission and content security recommendations. ...  More >>

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.