UWSpace is currently experiencing technical difficulties resulting from its recent migration to a new version of its software. These technical issues are not affecting the submission and browse features of the site. UWaterloo community members may continue submitting items to UWSpace. We apologize for the inconvenience, and are actively working to resolve these technical issues.
 

Revisiting Password Rules: Facilitating Human Management of Passwords

Simple item page
dc.contributor.authorZhang-Kennedy, Leah
dc.contributor.authorChiasson, Sonia
dc.contributor.authorvan Oorschot, Paul
dc.date.accessioned2022-03-08T21:40:26Z
dc.date.available2022-03-08T21:40:26Z
dc.date.issued2016-06
dc.description© 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other worksen
dc.description.abstractPassword rules were established in the context of past security concerns. Recent work in computer security challenges the conventional wisdom of expert password advice, such as change your passwords often, do not reuse your passwords, or do not write your passwords down. The effectiveness of these rules for protecting user accounts against real world attacks is questioned. We review the latest research examining password rules for general-purpose user authentication on the web, and discuss the arguments behind the continued acceptance or the rejection of the rules based on empirical evidence and solid justifications. Following the review, we recommend an updated set of password rules.en
dc.identifier.urihttps://doi.org/10.1109/ECRIME.2016.7487945
dc.identifier.urihttp://hdl.handle.net/10012/18096
dc.language.isoenen
dc.publisherIEEEen
dc.relation.ispartofseries2016 APWG Symposium on Electronic Crime Research (eCrime);
dc.subjectsecurityen
dc.subjectusabilityen
dc.subjectcognitive scienceen
dc.subjectelectronic mailen
dc.subjectbiological system modellingen
dc.subjectdictionariesen
dc.subjectcomputer scienceen
dc.titleRevisiting Password Rules: Facilitating Human Management of Passwordsen
dc.typeArticleen
dcterms.bibliographicCitationZhang-Kennedy, L., Chiasson, S., & van Oorschot, P. (2016). Revisiting password rules: Facilitating human management of passwords. 2016 APWG Symposium on Electronic Crime Research (ECrime), 1–10. https://doi.org/10.1109/ECRIME.2016.7487945en
uws.contributor.affiliation1Stratford School of Interaction Design and Businessen
uws.contributor.affiliation2Stratford School of Interaction Design and Businessen
uws.peerReviewStatusRevieweden
uws.scholarLevelFacultyen
uws.typeOfResourceTexten

Files

Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
Revisiting Password Rules - Facilitating Human Management of Passwords.pdf
Size:
155.86 KB
Format:
Adobe Portable Document Format
Description:
Download
License bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
4.47 KB
Format:
Item-specific license agreed upon to submission
Description:
Download

Collections

Waterloo Research
Computer Science
Stratford School of Interaction Design and Business