A comprehensive simulation tool for the analysis of password policies

International Journal of Information Security

Volumn 8, Issue 4, 2009, Pages 275-289

  Shay, Richard ^a   Bertino, Elisa ^b  

^a Purdue University ^*

^b Purdue University   (United States)

Author keywords

Management; Password; Policy; Simulation

Indexed keywords

HUMAN STUDY; HUMAN USERS; PASSWORD; POLICY; POLICY FACTORS; POLICY SIMULATION; SIMULATION; SIMULATION TOOL;

SIMULATORS;

EID: 68449088124     PISSN: 16155262     EISSN: 16155270     Source Type: Journal    
DOI: 10.1007/s10207-009-0084-3     Document Type: Article

References (13)

1. Bishop M., V.Klein D.: Improving system security via proactive password checking. Comput. Secur. 14 (3), 233-249 (1995)
2. Gehringer, E.FS: Choosing passwords: security and human factors. In: Technology and Society, 2002. (ISTAS'02), pp. 369373 (2002)
3. Kuo, C., Romanosky, S., Cranor, L.F.: Human selection of mnemonic phrase-based passwords. In: SOUPS '06: Proceedings of the Second Symposium on Usable Privacy and Security, pp. 67-78. ACM Press, New York (2006). doi: 10.1145/1143120.1143129
4. Leyden, J.: Office workers give away passwords for a cheap pen. The Register (2003). http://www.theregister.co.uk/2003/04/18/ office_workers_give_away_passwords/
5. Proctor R.W., Lien M.C., Vu K.P.L., Schultz E.E., Salvendy G.: Improving computer security for authentication of users: Influence of proactive password restrictions. Behav. Res. Methods Instrum. Comput. 34 (2), 163-169 (2002)
6. Robert M. Polstra, I.: A case study on how to manage the theft of information. In: InfoSecCD '05: Proceedings of the 2nd Annual Conference on Information Security Curriculum Development, pp. 135-138. ACM Press, New York (2005). doi: 10.1145/1107622.1107653
7. SafeNet: 2004 annual password survey results. SafeNet (2005). http:// www.safenet-inc.com/Library/10/2004passwordsurveyresults.pdf
8. Sasse M.A., Brostoff S., Weirich D.: Transforming the 'weakest link' - a human/computer interaction approach to usable and effective security. BT Technol. J. 19 (3), 122-131 (2001). doi: 10.1023/A:1011902718709
9. Shannon C.E.: Prediction and entropy of printed English. Bell Syst. Tech. J. 30, 50-64 (1951)
10. Shay, R., Bhargav-Spantzel, A., Bertino, E.: Password policy simulation and analysis. In: DIM '07: Proceedings of the 2007 ACM Workshop on Digital Identity Management, pp. 1-10. ACM, New York (2007). doi: 10.1145/1314403.1314405
11. Summers, W.T., Bosworth, E.: Password policy: the good, the bad, and the ugly. In: WISICT '04: Proceedings of the Winter International Symposium on Information and Communication Technologies, pp. 1-6. Trinity College, Dublin (2004)
12. Vu, K.P.L., Proctor, R.W., Bhargav-Spantzel, A., Tai, B.L.B., Cook, J.: Improving password security and memorability to protect personal and organizational information. Int. J. Hum. Comput. Stud. (2007)
13. Yan, J.J.: A note on proactive password checking. In: NSPW '01: Proceedings of the 2001 Workshop on New Security Paradigms, pp. 127-135. ACM Press, New York (2001). doi: 10.1145/508171.508194