Revisiting password rules: facilitating human management of passwords

Title Revisiting password rules: facilitating human management of passwords
Author
Keywords
Abstract

Password rules were established in the context of past security concerns. Recent work in computer security challenges the conventional wisdom of expert password advice, such as change your passwords often, do not reuse your passwords, or do not write your passwords down. The effectiveness of these rules for protecting user accounts against real world attacks is questioned. We review the latest research examining password rules for general-purpose user authentication on the web, and discuss the arguments behind the continued acceptance or the rejection of the rules based on empirical evidence and solid justifications. Following the review, we recommend an updated set of password rules.

Year of Conference
2016
Conference Name
APWG symposium on electronic crime research (eCrime)
Publisher
Institute of Electrical and Electronics Engineers (IEEE)
URL
https://doi.org/10.1109/ECRIME.2016.7487945
DOI
10.1109/ECRIME.2016.7487945
Related files apwg2016-password-rules.pdf
Download citation