The security of modern password expiration: an algorithmic framework and empirical analysis

@inproceedings{Zhang2010TheSO,
  title={The security of modern password expiration: an algorithmic framework and empirical analysis},
  author={Yinqian Zhang and Fabian Monrose and Michael K. Reiter},
  booktitle={ACM Conference on Computer and Communications Security},
  year={2010}
}
This paper presents the first large-scale study of the success of password expiration in meeting its intended purpose, namely revoking access to an account by an attacker who has captured the account's password. Using a dataset of over 7700 accounts, we assess the extent to which passwords that users choose to replace expired ones pose an obstacle to the attacker's continued access. We develop a framework by which an attacker can search for a user's new password from an old one, and design an… CONTINUE READING
Highly Cited
This paper has 139 citations. REVIEW CITATIONS
Recent Discussions
This paper has been referenced on Twitter 4 times over the past 90 days. VIEW TWEETS

Citations

Publications citing this paper.
Showing 1-10 of 93 extracted citations

140 Citations

0102030'12'14'16'18
Citations per Year
Semantic Scholar estimates that this publication has 140 citations based on the available data.

See our FAQ for additional information.

References

Publications referenced by this paper.
Showing 1-2 of 2 references

Similar Papers

Loading similar papers…