The good and not so good of enforcing password composition rules

Information Systems Security

Volumn 16, Issue 1, 2007, Pages 2-8

  Campbell, John ^a   Kleeman, Dale ^a   Ma, Wanli ^a  

^a UNIVERSITY OF CANBERRA   (Australia)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 67650124268     PISSN: 1065898X     EISSN: None     Source Type: Journal    
DOI: 10.1080/10658980601051375     Document Type: Article

References (20)

1. Bento, A., and Bento, R. (2004). Empirical Test of a Hacking Model: An Exploratory Study. Communications of the Association for Information Systems, 14:32, 678-690.
2. Boukhonine, S., Krotov, V., and Rupert, B. (2005). Future Security Approaches and Biometrics. Communications of the Association for Information Systems, 16:48, 937-966.
3. Carstens, D. S., McCauley-Bell, P., Malone, L. C., and DeMara, R. F. (2004). Evaluation of the Human Impact of Password Authentication Practices on Information Security. Informing Science Journal, 7:1, 67-85.
4. Conklin, A., White, G., Cothren, C., Williams, D., and Davis, R. L. (2004). Principles of Computer Security: Security+ and Beyond. New York: McGraw-Hill.
5. Fedora. (2006). Fedora Core 5, http://fedora.redhat.com/ (accessed February 2006).
6. Foltz, C. B., Cronan, T. P., and Jones, T. W. (2005). Have you met your organization's computer usage policy? Industrial Management & Data Systems, 105:2, 137-146.
7. Furnell, S. M., Dowland, P. S., Illingworth, H. M., and Reynolds, P. L. (2000). Authentication and Supervision: A Survey of User Attitudes. Computers & Security, 19:6, 529-539.
8. Haggerty, J., and Taylor, M. (2005). One born every minute. ITNOW, 47, 26-27.
9. Ives, B., Walsh, K. R., and Schneider, H. (2004). The Domino Effect of Password Reuse. Communications of the ACM, 47:4, 75-78.
10. Klein, D. V. (1999). Defending against the wily surfer — Web based attacks and defenses. Proceedings of the First Workshop on Intrusion Detection and Network Monitoring, April 9-12, Santa Clara, Calif., 81-92.
11. Levenshtein, V. (1965). Binary codes capable of correcting deletions, insertions, and reversals. Problems in Information Transmission, 1, 8-17.
12. Microsoft. (2006). Step-by-Step Guide to Enforcing Strong Password Policies. http://www.microsoft.com/technet/prodtechnol/ windowsserver2003/technologies/directory/activedirectory/ stepbystep/strngpw.mspx#EMD (accessed June 2006).
13. Piscitello, D., and Kent, S. (2003). The Sad And Increasingly Deplorable State Of Internet Security. Business Communications Review, Feb. 49-53.
14. Pfleeger, C. P., and Pfleeger, S. L. (2003). Security in Computing. Third ed. New York: Prentice Hall.
15. Stephen, G. (1994). String Searching Algorithms. Lecture Notes Series on Computing, 3, River Edge, NJ: World Scientific Publishing Co., Inc.
16. Symantec. (2006a). PPAuditor, http://securityresponse.symantec.com/ avcenter/venc/data/ppauditor.html (accessed June 20, 2006).
17. Symantec. (2006b). RainbowCrack, http://securityresponse.symantec. com/avcenter/venc/data/rainbowcrack.html (accessed June 20, 2006).
18. Yan, J., Blackwell, A., Anderson, R., and Grant, A. (2004). Password Memorability and Security: Empirical Results. IEEE Security and Privacy, September/October, 25-30.
19. Zhang, M. (2005). Breaking an Improved Password Authenticated Key Exchange Protocol for Imbalanced Wireless Networks. IEEE Communications Letters, 9:3, 276-278.
20. Zviran M., and Haga, W. J. (1999). Password Security: An Empirical Study. Journal of Management Information Systems, 15:4, 161-185.