@inproceedings{70a608b6aa514ffaad637b9499f75488,
title = "Optimizing password composition policies",
abstract = "A password composition policy restricts the space of allowable passwords to eliminate weak passwords that are vulnerable to statistical guessing attacks. Usability studies have demonstrated that existing password composition policies can sometimes result in weaker password distributions; hence a more principled approach is needed. We introduce the first theoretical model for optimizing password composition policies. We study the computational and sample complexity of this problem under different assumptions on the structure of policies and on users' preferences over passwords. Our main positive result is an algorithm that - with high probability - constructs almost optimal policies (which are specified as a union of sub- sets of allowed passwords), and requires only a small number of samples of users' preferred passwords. We complement our theoretical results with simulations using a real-world dataset of 32 million passwords.",
keywords = "Computational complexity, Password composition policy, Sampling",
author = "Jeremiah Blocki and Saranga Komanduri and Procaccia, {Ariel D.} and Or Sheffet",
year = "2013",
doi = "10.1145/2492002.2482552",
language = "אנגלית",
isbn = "9781450319621",
series = "Proceedings of the ACM Conference on Electronic Commerce",
publisher = "Association for Computing Machinery",
pages = "105--122",
booktitle = "EC 2013 - Proceedings of the 14th ACM Conference on Electronic Commerce",
note = "14th ACM Conference on Electronic Commerce, EC 2013 ; Conference date: 16-06-2013 Through 20-06-2013",
}