Measuring password guessability for an entire university

@article{Mazurek2013MeasuringPG,
  title={Measuring password guessability for an entire university},
  author={Michelle L. Mazurek and Saranga Komanduri and Timothy Vidas and L. Bauer and N. Christin and L. Cranor and P. Kelley and R. Shay and B. Ur},
  journal={Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security},
  year={2013}
}
  • Michelle L. Mazurek, Saranga Komanduri, +6 authors B. Ur
  • Published 2013
  • Computer Science
  • Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
  • Despite considerable research on passwords, empirical studies of password strength have been limited by lack of access to plaintext passwords, small data sets, and password sets specifically collected for a research study or from low-value accounts. Properties of passwords used for high-value accounts thus remain poorly understood. We fill this gap by studying the single-sign-on passwords used by over 25,000 faculty, staff, and students at a research university with a complex password policy… CONTINUE READING
    185 Citations
    Designing Password Policies for Strength and Usability
    • 78
    • PDF
    User practice in password security: An empirical study of real-life passwords in the wild
    • 38
    Can long passwords be secure and usable?
    • 117
    • PDF
    Supporting Password-Security Decisions with Data
    • B. Ur
    • Computer Science
    • 2016
    • 5
    • PDF
    Password Creation in the Presence of Blacklists
    • 23
    • PDF
    General Framework for Evaluating Password Complexity and Strength
    • 1
    • PDF
    pASSWORD tYPOS and How to Correct Them Securely
    • 27
    • PDF
    1 Zipf ’ s Law in Passwords
    • PDF

    References

    SHOWING 1-9 OF 9 REFERENCES
    Testing metrics for password creation policies by attacking large sets of revealed passwords
    • 370
    • Highly Influential
    • PDF
    Password Cracking Using Probabilistic Context-Free Grammars
    • 384
    • Highly Influential
    • PDF
    The Benefits of Understanding Passwords
    • 60
    • Highly Influential
    • PDF
    Visualizing semantics in passwords: the role of dates
    • 59
    • Highly Influential
    • PDF
    Electronic Authentication Guideline
    • 291
    • Highly Influential
    • PDF
    LinkedIn passwords lifted. http://www.rapid7. com/resources/infographics/linkedInpasswords-lifted .html
    • LinkedIn passwords lifted. http://www.rapid7. com/resources/infographics/linkedInpasswords-lifted .html
    • 2012
    Report: Analysis of the Stratfor password list. The Tech Herald http://www.thetechherald.com/articles/Report- Analysis-of-the-Stratfor-Password-List
    • Report: Analysis of the Stratfor password list. The Tech Herald http://www.thetechherald.com/articles/Report- Analysis-of-the-Stratfor-Password-List
    • 2012
    Sony hacked yet again, plaintext passwords, e-mails, DOB posted. Ars Technica http: //arstechnica.com/tech-policy/2011/06/sony- hacked-yet-again-plaintext-passwords-posted
    • Sony hacked yet again, plaintext passwords, e-mails, DOB posted. Ars Technica http: //arstechnica.com/tech-policy/2011/06/sony- hacked-yet-again-plaintext-passwords-posted
    • 2011
    The Gawker hack: how a million passwords were lost. Light Blue Touchpaper blogthe-gawker-hack-how-a-million-passwords- were-lost
    • The Gawker hack: how a million passwords were lost. Light Blue Touchpaper blogthe-gawker-hack-how-a-million-passwords- were-lost
    • 2010