Litcius/Paper detail

Practical Recommendations for Stronger, More Usable Passwords Combining Minimum-strength, Minimum-length, and Blocklist Requirements

Joshua Tan, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor

202050 citationsDOIOpen Access PDF

Abstract

Multiple mechanisms exist to encourage users to create stronger passwords, including minimum-length and character-class requirements, prohibiting blocklisted passwords, and giving feedback on the strength of candidate passwords. Despite much research, there is little definitive, scientific guidance on how these mechanisms should be combined and configured to best effect. Through two online experiments, we evaluated combinations of minimum-length and character-class requirements, blocklists, and a minimum-strength requirement that requires passwords to exceed a strength threshold according to neural-network-driven password-strength estimates.

Topics & Concepts

PasswordUSableComputer scienceCharacter (mathematics)Class (philosophy)Password policyPassword strengthComputer securityArtificial intelligenceMathematicsOne-time passwordWorld Wide WebGeometryUser Authentication and Security SystemsAdvanced Malware Detection TechniquesInnovative Human-Technology Interaction