Password Entropy and Password Quality

Wanli Ma, John Campbell, Dat Tran, Dale Kleeman

Research output: A Conference proceeding or a Chapter in BookConference contributionpeer-review

61 Citations (Scopus)
286 Downloads (Pure)


Passwords are the first line of defense for many computerized systems. The quality of these passwords decides the security strength of these systems. Many studies advocate using password entropy as an indicator for password quality where lower entropy suggests a weaker or less secure password. However, a closer examination of this literature shows that password entropy is very loosely defined. In this paper, we first discuss the calculation of password entropy and explain why it is an inadequate indicator of password quality. We then establish a password quality assessment scheme: password quality indicator (PQI). The PQI of a password is a pair \lambda = (D, L) , where D is the Levenshtein's editing distance of the password in relation to a dictionary of words and common mnemonics, and L is the effective password length. Finally, we propose to use PQI to prescribe the characteristics of good quality passwords.
Original languageEnglish
Title of host publicationFourth International Conference on Network and System Security (NSS 2010)
Place of PublicationUSA
PublisherIEEE, Institute of Electrical and Electronics Engineers
Number of pages5
ISBN (Print)9780769541594
Publication statusPublished - 2010
EventFourth International Conference on Network and System Security (NSS 2010), - Melbourne, Australia
Duration: 1 Sept 20103 Sept 2010


ConferenceFourth International Conference on Network and System Security (NSS 2010),


Dive into the research topics of 'Password Entropy and Password Quality'. Together they form a unique fingerprint.

Cite this