About PasswordResearch.com

Our Mission

The PasswordResearch.com Web site is operated with three goals in mind. First, we seek to raise awareness of password problems among technical and non-technical computer users. Our site identifies the threats to passwords, provides real examples of authentication attacks, and offers training and advice to combat these challenges.

Second, we publish the research and opinions of PasswordResearch.com staff and other security professionals on industry practices for password and authentication system management. This includes the Shared Secrets newsletter which discusses new authentication technologies, products, and news. A comprehensive library offers you an index of published authentication research or studies.

Third, we offer services and products designed to improve password and authentication security. Our password cracking and analysis services help you identify how to improve poor password selection practices. Or if you have given up on passwords have us provide you with an assessment of the cheap and effective authentication alternatives.

The PasswordResearch.com Web site went live in June of 2002. Our continued aim is to serve you as the most valuable source of password information and services.

About Bruce K. Marshall

Mr. Marshall is a researcher and consultant dedicated to improving general knowledge of authentication technologies, products, and good practices. He founded PasswordResearch.com in pursuit of the goals previously mentioned. Mr. Marshall first began conducting and publishing his own research on passwords in 1996.

He has shared his expertise through dozens of conference sessions at InfoSec World, SANS, WebSec, the Annual Conference on the Control & Audit of IT, the Black Hat Briefings, and the Microsoft Government Platform Deployment Conference. Mr. Marshall also is a frequent speaker for chapters of the ISSA and AITP.

His industry experience includes work as a Senior Security Consultant for Security PS, Principal Consultant for INS, and a Distinguished Member of Consulting Staff at Lucent Technologies. He has led information security projects for organizations like Microsoft, American Express, Conoco-Phillips, Radio Shack, and Sprint PCS. Among his accomplishments is the achievement of the CISSP, NSA IAM, and MCSE: Security certifications.

Mr. Marshall can be contacted through email at bkmarshall@passwordresearch.com or by phone at 913-484-7233.

What You Can Do to Help

We need everyone's help to change the appalling status of our worldwide password crisis. So, we offer the following steps that you or your organization can follow to improve security and discourage attackers:

Home or Corporate Computer Users

Educate yourself on the common threats associated with passwords and other authenticators

IT Administrators or Security Professionals

Educate yourself on the common threats associated with passwords and other authenticators

Assess the quality of your passwords and learn about proven ways to introduce easy to remember, yet difficult to crack passwords to users

Compare your password practices and standards with those of other organizations around the world

Security Researchers or Students

Review the password or authentication research of others. Make sure that your password or authentication related publications are indexed on this site

Check out the published list of ideas for new authentication research projects

If you enjoy PasswordResearch.com, please spread the word.