Netinfo Security ›› 2019, Vol. 19 ›› Issue (6): 37-44.doi: 10.3969/j.issn.1671-1122.2019.06.005

Previous Articles     Next Articles

Security Analysis of User Real Password under Different Password Composition Policies

Yajun GUO(), Bei YE, Wei ZHOU   

  1. School of Computer, Central China Normal University, Wuhan Hubei 430079, China
  • Received:2019-03-27 Online:2019-06-10 Published:2020-05-11

Abstract:

Password composition policies place requirements on the length and complexity of passwords created by users. Current studies have shown that using password composition policies can help improve user password strength, but these studies are mainly conducted in the laboratory or on the network by recruiting participants, and the passwords that participants are required to create may not appear in reality. Different from these studies, starting from the reality, this paper studies the impact of several password composition policies used in the real websites on the passwords created by users by using the real passwords leaked from the websites. This paper mainly compares some features of the real passwords in three scenes: no password policy, basic6 policy and 2class6 policy, and analyzes the security of these passwords. The study finds that password composition policy affects the length and character type of the password selected by the user, and policy which requires multiple character types increases the length of the password. The study also finds that none of the above three password composition policies can help users create strong passwords.

Key words: password, password composition policies, security

CLC Number: