scispace - formally typeset
Search or ask a question
Topic

Password policy

About: Password policy is a research topic. Over the lifetime, 2832 publications have been published within this topic receiving 77023 citations.


Papers
More filters
Journal ArticleDOI
Leslie Lamport1
TL;DR: A method of user password authentication is described which is secure even if an intruder can read the system's data, and can tamper with or eavesdrop on the communication between the user and the system.
Abstract: A method of user password authentication is described which is secure even if an intruder can read the system's data, and can tamper with or eavesdrop on the communication between the user and the system. The method assumes a secure one-way encryption function and can be implemented with a microcomputer in the user's terminal.

2,874 citations

Proceedings ArticleDOI
08 May 2007
TL;DR: The study involved half a million users over athree month period and gets extremely detailed data on password strength, the types and lengths of passwords chosen, and how they vary by site.
Abstract: We report the results of a large scale study of password use andpassword re-use habits. The study involved half a million users over athree month period. A client component on users' machines recorded a variety of password strength, usage and frequency metrics. This allows us to measure or estimate such quantities as the average number of passwords and average number of accounts each user has, how many passwords she types per day, how often passwords are shared among sites, and how often they are forgotten. We get extremely detailed data on password strength, the types and lengths of passwords chosen, and how they vary by site. The data is the first large scale study of its kind, and yields numerous other insights into the role the passwords play in users' online experience.

1,068 citations

Journal ArticleDOI
Robert Morris1, Ken Thompson1
TL;DR: The present design of the password security scheme was the result of countering observed attempts to penetrate the system and is a compromise between extreme security and ease of use.
Abstract: This paper describes the history of the design of the password security scheme on a remotely accessed time-sharing system. The present design was the result of countering observed attempts to penetrate the system. The result is a compromise between extreme security and ease of use.

1,015 citations

Proceedings ArticleDOI
20 May 2012
TL;DR: It is concluded that many academic proposals to replace text passwords for general-purpose user authentication on the web have failed to gain traction because researchers rarely consider a sufficiently wide range of real-world constraints.
Abstract: We evaluate two decades of proposals to replace text passwords for general-purpose user authentication on the web using a broad set of twenty-five usability, deployability and security benefits that an ideal scheme might provide. The scope of proposals we survey is also extensive, including password management software, federated login protocols, graphical password schemes, cognitive authentication schemes, one-time passwords, hardware tokens, phone-aided schemes and biometrics. Our comprehensive approach leads to key insights about the difficulty of replacing passwords. Not only does no known scheme come close to providing all desired benefits: none even retains the full set of benefits that legacy passwords already provide. In particular, there is a wide range from schemes offering minor security benefits beyond legacy passwords, to those offering significant security benefits in return for being more costly to deploy or more difficult to use. We conclude that many academic proposals have failed to gain traction because researchers rarely consider a sufficiently wide range of real-world constraints. Beyond our analysis of current schemes, our framework provides an evaluation methodology and benchmark for future web authentication proposals.

914 citations

Patent
23 Apr 2007
TL;DR: In this article, a password-based security system for protecting assets is described, including passwordbased security systems that can provide different levels of access responsive to entry of a primary or secondary password.
Abstract: Security systems for protecting assets are described, including password-based security systems that can provide different levels of access responsive to entry of a primary or secondary password. In some versions, user-configurable security rules can provide customized responses to entry of primary or secondary passwords, including feigned or limited access, security alerts, etc. Passwords comprising overt and covert components can be used to provide enhanced security and improved user control over system response. Improved security systems involving transactions between multiple parties are also considered, with options for user-customized security rules including primary and secondary passwords, and reverse challenge and response methods. Systems for Limited Use Credentials are also disclosed to reduce the risk of identity theft.

899 citations


Network Information
Related Topics (5)
Encryption
98.3K papers, 1.4M citations
88% related
Mobile computing
51.3K papers, 1M citations
84% related
Server
79.5K papers, 1.4M citations
83% related
Mobile device
58.6K papers, 942.8K citations
80% related
Wireless ad hoc network
49K papers, 1.1M citations
80% related
Performance
Metrics
No. of papers in the topic in previous years
YearPapers
202338
202280
202111
20209
201916
201821