Corpus ID: 33758939

A Second Look at Password Composition Policies in the Wild: Comparing Samples from 2010 and 2016

  title={A Second Look at Password Composition Policies in the Wild: Comparing Samples from 2010 and 2016},
  author={Peter Mayer and Jana Kirchner and M. Volkamer},
In this paper we present a replication and extension of the study performed by Florencio and Herley published at SOUPS 2010. They investigated a sample of US websites, examining different website features' effects on the strength of the website's password composition policy (PCP). Using the same methodology as in the original study, we re-investigated the same US websites to identify differences over time. We then extended the initial study by investigating a corresponding sample of German… Expand
Lost in Disclosure: On the Inference of Password Composition Policies
Attack on Students' Passwords, Findings and Recommendations
The Effectiveness of Fear Appeals in Increasing Smartphone Locking Behavior among Saudi Arabians


Where do security policies come from?
A survey of passwords from 2007 to 2009
An Administrator's Guide to Internet Password Research
Designing Password Policies for Strength and Usability
The Password Game: Negative Externalities from Weak Password Practices
Do Differences in Password Policies Prevent Password Reuse?
Of passwords and people: measuring the effect of password-composition policies
Can long passwords be secure and usable?
The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords
  • Joseph Bonneau
  • Computer Science
  • 2012 IEEE Symposium on Security and Privacy
  • 2012
Guess Again (and Again and Again): Measuring Password Strength by Simulating Password-Cracking Algorithms