The Good and Not So Good of Enforcing Password Composition Rules

John Campbell, Dale Kleeman, Wanli Ma

    Research output: Contribution to journalArticlepeer-review

    18 Citations (Scopus)

    Abstract

    Many systems rely on password composition rules to force users to choose more secure passwords. The findings discussed here are from a study on the enforcement of good password practice in the form of password composition rules. The results show that the enforcement of password composition rules does not discourage users from using meaningful information in passwords. While composition rules reduce password reuse, the overall incidence remains high. Passwords created under these conditions are also perceived to be more difficult to remember. Nevertheless, the enforcement of password composition rules does significantly improve protection against dictionary-based attack
    Original languageEnglish
    Pages (from-to)2-8
    Number of pages7
    JournalInformation Systems Security
    Volume16
    Issue number1
    DOIs
    Publication statusPublished - 2007

    Fingerprint

    Dive into the research topics of 'The Good and Not So Good of Enforcing Password Composition Rules'. Together they form a unique fingerprint.

    Cite this