Select Page
Research library

Encountering stronger password requirements

Despite the advent of sophisticated authentication systems, text-based passwords remain the most widely adopted method of securing information systems. Seizing a unique opportunity that arose following a substantial shift in Carnegie Mellon University’s (CMU) password policy, which necessitated password changes by users, we conducted a survey with 470 CMU computer users. This survey enabled us to gather data on user behaviors, practices, and opinions concerning password use and creation, particularly in response to the more stringent policy requirements. While the majority of users expressed frustration at the need for complex passwords, they also acknowledged an increased sense of security. We additionally carried out an entropy analysis and explored how our insights align with the NIST’s guidelines for password policy formulation. We also delved into user responses to queries specific to their passwords. The outcomes of our study can assist in crafting improved password policies that take into account not just the technical ramifications of individual policy rules, but also how users react to these rules.

You May Also Like