Do Strong Web Passwords Accomplish Anything?

  title={Do Strong Web Passwords Accomplish Anything?},
  author={Dinei A. F. Flor{\^e}ncio and Cormac Herley and Baris Coskun},
We find that traditional password advice given to users is somewhat dated. Strong passwords do nothing to protect online users from password stealing attacks such as phishing and keylogging, and yet they place considerable burden on users. Passwords that are too weak of course invite brute-force attacks. However, we find that relatively weak passwords, about 20 bits or so, are sufficient to make brute-force attacks on a single account unrealistic so long as a “three strikes” type rule is in… CONTINUE READING
Highly Cited
This paper has 144 citations. REVIEW CITATIONS

From This Paper

Topics from this paper.
90 Citations
13 References
Similar Papers


Publications citing this paper.
Showing 1-10 of 90 extracted citations

145 Citations

Citations per Year
Semantic Scholar estimates that this publication has 145 citations based on the available data.

See our FAQ for additional information.


Publications referenced by this paper.
Showing 1-10 of 13 references

Tjostheim. Case Study: Online banking Security

  • K. J. Hole, T. V. Moen
  • IEEE Security & Privacy Magazine,
  • 2006
2 Excerpts

Similar Papers

Loading similar papers…