2009
DOI: 10.1007/s10207-009-0084-3
|View full text |Cite
|
Sign up to set email alerts
|

A comprehensive simulation tool for the analysis of password policies

Abstract: Modern organizations rely on passwords for preventing illicit access to valuable data and resources. A well designed password policy helps users create and manage more effective passwords. This paper offers a novel model and tool for understanding, creating, and testing password policies. We present a password policy simulation model which incorporates such factors as simulated users, accounts, and services. This model and its implementation enable administrators responsible for creating and managing password … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
7
0

Year Published

2010
2010
2023
2023

Publication Types

Select...
4
4
1

Relationship

0
9

Authors

Journals

citations
Cited by 20 publications
(7 citation statements)
references
References 10 publications
0
7
0
Order By: Relevance
“…We consider similar data, but for a much larger set of users, allowing us to evaluate the effectiveness of various requirements more comprehensively. Other findings suggest that too-strict policies (those that make creating and remembering passwords too difficult) induce coping strategies that can hurt both security and productivity [1,20,36,37,40]. Further, Florêncio and Herley found that the strictest policies are often used not by organizations with high-value assets to protect, but organizations that do not have to compete on customer service [17].…”
Section: Background and Related Workmentioning
confidence: 99%
“…We consider similar data, but for a much larger set of users, allowing us to evaluate the effectiveness of various requirements more comprehensively. Other findings suggest that too-strict policies (those that make creating and remembering passwords too difficult) induce coping strategies that can hurt both security and productivity [1,20,36,37,40]. Further, Florêncio and Herley found that the strictest policies are often used not by organizations with high-value assets to protect, but organizations that do not have to compete on customer service [17].…”
Section: Background and Related Workmentioning
confidence: 99%
“…Passwords that are more random (through composition policies or system generation) or contain more characters are harder for password crackers to guess [14]. However, users have trouble remembering random or complex passwords [7,16] and resort to insecure workarounds, such as writing down the password or following predictable patterns to meet password requirements [13,15,24,27,3,23].…”
Section: Related Workmentioning
confidence: 99%
“…There are a number of works which model user security behaviour in organisations, focusing on security policies such as password use [16] [17] and USB data transfer [15]. Model outputsrather than user reports -inform management decisions, with data that exposes the drivers for visible user behaviour.…”
Section: Related Workmentioning
confidence: 99%