Communications of the ACM
Stringent Password Policies Help Prevent Fraud, I Study Finds
Researchers at Indiana University have found that requiring longer, more complex passwords makes it less likely a password will be reused on multiple websites, enhancing security.
Credit: ashbycomputers.co.uk
Indiana University (IU) researchers have found that requiring longer and more complicated passwords results in a lower likelihood of password reuse on multiple websites.
The researchers analyzed password policies from 22 U.S. universities, and extracted sets of emails and passwords from two large datasets published online containing more than 1.3 billion email addresses and password combinations.
The team compared the passwords against each university's official password policy, and the results showed that stringent password rules significantly lower a university's risk of personal data breaches.
Specifically, passphrase requirements such as a 15-character minimum length deter 99.98% of users from reusing passwords or passphrases on other sites.
The team offered the following recommendations to safeguard passwords: increase the minimum length beyond eight characters; increase maximum password length; disallow the user's name or username inside passwords, and consider multi-factor authentication.
From IU Bloomington Newsroom
View Full Article
Abstracts Copyright © 2018 Information Inc., Bethesda, Maryland, USA
No entries found