Practical Recommendations for Stronger, More Usable Passwords Combining Minimum-strength, Minimum-length, and Blocklist Requirements
Joshua Tan, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor
Abstract
Multiple mechanisms exist to encourage users to create stronger passwords, including minimum-length and character-class requirements, prohibiting blocklisted passwords, and giving feedback on the strength of candidate passwords. Despite much research, there is little definitive, scientific guidance on how these mechanisms should be combined and configured to best effect. Through two online experiments, we evaluated combinations of minimum-length and character-class requirements, blocklists, and a minimum-strength requirement that requires passwords to exceed a strength threshold according to neural-network-driven password-strength estimates.
Topics & Concepts
PasswordUSableComputer scienceCharacter (mathematics)Class (philosophy)Password policyPassword strengthComputer securityArtificial intelligenceMathematicsOne-time passwordWorld Wide WebGeometryUser Authentication and Security SystemsAdvanced Malware Detection TechniquesInnovative Human-Technology Interaction