The Good and Not So Good of Enforcing Password Composition Rules

John Campbell, Dale Kleeman, Wanli Ma

    Research output: Contribution to journalArticle

    15 Citations (Scopus)

    Abstract

    Many systems rely on password composition rules to force users to choose more secure passwords. The findings discussed here are from a study on the enforcement of good password practice in the form of password composition rules. The results show that the enforcement of password composition rules does not discourage users from using meaningful information in passwords. While composition rules reduce password reuse, the overall incidence remains high. Passwords created under these conditions are also perceived to be more difficult to remember. Nevertheless, the enforcement of password composition rules does significantly improve protection against dictionary-based attack
    Original languageEnglish
    Pages (from-to)2-8
    Number of pages7
    JournalInformation Systems Security
    Volume16
    Issue number1
    DOIs
    Publication statusPublished - 2007

    Fingerprint

    Chemical analysis
    Glossaries

    Cite this

    @article{24836216f7da49b88c6e77c00e4f8c9a,
    title = "The Good and Not So Good of Enforcing Password Composition Rules",
    abstract = "Many systems rely on password composition rules to force users to choose more secure passwords. The findings discussed here are from a study on the enforcement of good password practice in the form of password composition rules. The results show that the enforcement of password composition rules does not discourage users from using meaningful information in passwords. While composition rules reduce password reuse, the overall incidence remains high. Passwords created under these conditions are also perceived to be more difficult to remember. Nevertheless, the enforcement of password composition rules does significantly improve protection against dictionary-based attack",
    author = "John Campbell and Dale Kleeman and Wanli Ma",
    year = "2007",
    doi = "10.1080/10658980601051375",
    language = "English",
    volume = "16",
    pages = "2--8",
    journal = "Information Systems Security",
    issn = "1065-898X",
    publisher = "Taylor & Francis",
    number = "1",

    }

    The Good and Not So Good of Enforcing Password Composition Rules. / Campbell, John; Kleeman, Dale; Ma, Wanli.

    In: Information Systems Security, Vol. 16, No. 1, 2007, p. 2-8.

    Research output: Contribution to journalArticle

    TY - JOUR

    T1 - The Good and Not So Good of Enforcing Password Composition Rules

    AU - Campbell, John

    AU - Kleeman, Dale

    AU - Ma, Wanli

    PY - 2007

    Y1 - 2007

    N2 - Many systems rely on password composition rules to force users to choose more secure passwords. The findings discussed here are from a study on the enforcement of good password practice in the form of password composition rules. The results show that the enforcement of password composition rules does not discourage users from using meaningful information in passwords. While composition rules reduce password reuse, the overall incidence remains high. Passwords created under these conditions are also perceived to be more difficult to remember. Nevertheless, the enforcement of password composition rules does significantly improve protection against dictionary-based attack

    AB - Many systems rely on password composition rules to force users to choose more secure passwords. The findings discussed here are from a study on the enforcement of good password practice in the form of password composition rules. The results show that the enforcement of password composition rules does not discourage users from using meaningful information in passwords. While composition rules reduce password reuse, the overall incidence remains high. Passwords created under these conditions are also perceived to be more difficult to remember. Nevertheless, the enforcement of password composition rules does significantly improve protection against dictionary-based attack

    U2 - 10.1080/10658980601051375

    DO - 10.1080/10658980601051375

    M3 - Article

    VL - 16

    SP - 2

    EP - 8

    JO - Information Systems Security

    JF - Information Systems Security

    SN - 1065-898X

    IS - 1

    ER -