Abstract | ||
---|---|---|
Many security policies force users to change passwords within fixed intervals, with the apparent justification that this improves overall security. However, the implied security benefit has never been explicitly quantified. In this note, we quantify the security advantage of a password expiration policy, finding that the optimal benefit is relatively minor at best, and questionable in light of overall costs. |
Year | DOI | Venue |
---|---|---|
2015 | 10.1007/s10623-015-0071-9 | Designs, Codes and Cryptography |
Keywords | Field | DocType |
Authentication,Password security in digital systems,Password aging,Password expiration,Guessing attacks,94A62,68W40,68U35,68N25,94A60 | Discrete mathematics,Zero-knowledge password proof,Password strength,Computer security,Key stretching,S/KEY,One-time password,Password policy,Password,Cognitive password,Mathematics | Journal |
Volume | Issue | ISSN |
77 | 2-3 | 0925-1022 |
Citations | PageRank | References |
7 | 0.50 | 14 |
Authors | ||
2 |
Name | Order | Citations | PageRank |
---|---|---|---|
Sonia Chiasson | 1 | 919 | 58.49 |
P. C. van Oorschot | 2 | 4230 | 414.39 |