Entry Shay:2016:DPP from tissec.bib

Last update: Sun Oct 15 02:58:48 MDT 2017                Valid HTML 3.2!

Index sections

Top | Symbols | Numbers | Math | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

BibTeX entry

@Article{Shay:2016:DPP,
  author =       "Richard Shay and Saranga Komanduri and Adam L. Durity
                 and Phillip (Seyoung) Huh and Michelle L. Mazurek and
                 Sean M. Segreti and Blase Ur and Lujo Bauer and Nicolas
                 Christin and Lorrie Faith Cranor",
  title =        "Designing Password Policies for Strength and
                 Usability",
  journal =      j-TISSEC,
  volume =       "18",
  number =       "4",
  pages =        "13:1--13:??",
  month =        may,
  year =         "2016",
  CODEN =        "ATISBQ",
  DOI =          "https://doi.org/10.1145/2891411",
  ISSN =         "1094-9224 (print), 1557-7406 (electronic)",
  ISSN-L =       "1094-9224",
  bibdate =      "Sat May 21 08:19:26 MDT 2016",
  bibsource =    "http://portal.acm.org/;
                 http://www.math.utah.edu/pub/tex/bib/tissec.bib",
  abstract =     "Password-composition policies are the result of
                 service providers becoming increasingly concerned about
                 the security of online accounts. These policies
                 restrict the space of user-created passwords to
                 preclude easily guessed passwords and thus make
                 passwords more difficult for attackers to guess.
                 However, many users struggle to create and recall their
                 passwords under strict password-composition policies,
                 for example, ones that require passwords to have at
                 least eight characters with multiple character classes
                 and a dictionary check. Recent research showed that a
                 promising alternative was to focus policy requirements
                 on password length instead of on complexity. In this
                 work, we examine 15 password policies, many focusing on
                 length requirements. In doing so, we contribute the
                 first thorough examination of policies requiring longer
                 passwords. We conducted two online studies with over
                 20,000 participants, and collected both usability and
                 password-strength data. Our findings indicate that
                 password strength and password usability are not
                 necessarily inversely correlated: policies that lead to
                 stronger passwords do not always reduce usability. We
                 identify policies that are both more usable and more
                 secure than commonly used policies that emphasize
                 complexity rather than length requirements. We also
                 provide practical recommendations for service providers
                 who want their users to have strong yet usable
                 passwords.",
  acknowledgement = ack-nhfb,
  articleno =    "13",
  fjournal =     "ACM Transactions on Information and System Security",
  journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J789",
}

Related entries