Please use this identifier to cite or link to this item:
http://arks.princeton.edu/ark:/88435/dsp01hh63t000z
Title: | Real Password Composition Policies: Collection, Analysis and Security-Usability Performance of PCPs on the Web |
Authors: | Sjoberg, Sten |
Advisors: | Narayanan, Arvind |
Contributors: | Lee, Kevin |
Department: | Computer Science |
Class Year: | 2021 |
Abstract: | This paper is the first to provide quantitative insights into the state of Password Composition Policies currently in use on the internet today. The process of designing and implementing a data collection approach using Mechanical Turk is detailed along with the subsequent data analysis and a novel security and usability performance measurement framework based on understanding PCPs as classifiers of strong and weak passwords. We find that PCPs deployed on the internet are generally of poor quality, either too stringent or too lenient, and that recommendations from government and research are suffering from slow adoption. We also find that all character class PCPs collected in our study suffer from a linear relationship between strong passwords accepted and weak passwords rejected, indicating that they are poor classifiers of password strength. |
URI: | http://arks.princeton.edu/ark:/88435/dsp01hh63t000z |
Type of Material: | Princeton University Senior Theses |
Language: | en |
Appears in Collections: | Computer Science, 1987-2023 |
Files in This Item:
File | Size | Format | |
---|---|---|---|
SJOBERG-STEN-THESIS.pdf | 1.39 MB | Adobe PDF | Request a copy |
Items in Dataspace are protected by copyright, with all rights reserved, unless otherwise indicated.