A variety of password policies and guidelines are publicly available on the Internet. Most of them establish a set of rules which are either required or recommended for the user to follow when creating a password. Such rules include, but are not limited to, specifications for the length of the password, the character set(s) to be used, and whether or not dictionary words are allowed in the password. (A complete password policy also discusses many additional topics, such as how often passwords must be changed, but those additional aspects of password policies are not the subject of this paper.) This paper demonstrates that many published policies and guidelines will allow for the creation of weak passwords by lazy or inexperienced users. Such passwords may provide a relatively easy method of attack using custom dictionaries and readily available password cracking tools. This paper also makes recommendations by which the Security Administrator can improve the strength of the passwords.
Read Entire Paper
E-Mail Link
Your IP address will be sent with this e-mail
