Quantifying the Security Advantage of Password Expiration Policies
Author(s): Sonia Chiasson, P.C. van Oorschot

Date: December 2015
Publication: Designs, Codes and Cryptography, Volume 77, Issue 2
Page(s): 401 - 408
Publisher: Springer
Source 1: http://people.scs.carleton.ca/~paulv/papers/expiration-authorcopy.pdf
Source 2: http://dx.doi.org/10.1007/s10623-015-0071-9 - Subscription or payment required

Abstract or Summary:
Many security policies force users to change passwords within fixed intervals, with the apparent justification that this improves overall security. However, the implied security benefit has never been explicitly quantified. In this note, we quantify the security advantage of a password expiration policy, finding that the optimal benefit is relatively minor at best, and questionable in light of overall costs.

PasswordResearch.com Note: A video presentation on this paper is available here: http://research.microsoft.com/apps/video/default.aspx?id=250102 The associated slides are here: http://www.scs.carleton.ca/%7Epaulv/papers/Concordia-oct2015-talk.pdf

Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.

<-- Back to Authentication Research Paper Index

[Home] [About Us] [News] [Research]

Copyright © 2016 PasswordResearch.com