Carnegie Mellon University (CMU) researchers examined the passwords that 25,000 faculty, staff, and students used to access grades, email, financial transcripts, and other sensitive data, and then analyzed how guessable the passwords would be during an offline attack. The researchers subjected the passwords to a cracking algorithm with a complex password policy, and found differences in the quality of the passwords chosen by various subgroups within the university population. For example, those associated with CMU's computer science and technology schools chose passwords that were more than 1.8 times stronger than those used by people in the business school.
"This kind of experiment can't tell us anything about why this effect is going on, just that it is," says CMU's Michelle L. Mazurek. The researchers also found that with the addition of each lowercase letter or digit, a password is 70 percent as likely to be guessed. Adding special symbols or uppercase letters strengthened passwords even more, lowering the likelihood of guessing to 56 percent and 46 percent, respectively. Men in the study also used slightly stronger passwords than women, while people who choose stronger passwords have higher rates of failed login attempts.
The researchers presented their study at the recent ACM Conference on Computer and Communications Security in Berlin.
From Ars Technica
View Full Article
Abstracts Copyright © 2013 Information Inc., Bethesda, Maryland, USA
No entries found