Crunching the Top 10,000 Websites' Password Policies and Controls
Date: July 2013
Publication: Passwords13 Las Vegas
Source: Currently no known Internet copy of paper.
I will discuss a project to assess and rate password policies and controls from the top 10,000 websites by leveraging technology, volunteers, and low-cost marketplaces like Amazon Mechanical Turk.
A detailed analysis of password policies and authentication controls for widely-used websites appeared non-existent, so I sought to address that. Though some data could be collected programatically, many of the desired attributes are not easily collected in an automated fashion, and manual collection is time-consuming. To address this, I utilized low-cost marketplaces like Amazon Mechanical Turk and implemented a system to allow volunteers to add, update, and modify data. I will cover my methodology, an analysis of the collected data, challenges, lessons learned, and future plans. Ultimately, I hope the project will result in better awareness of poor password policies and controls, leading to positive change.
PasswordResearch.com Note: Video of presentation available: https://www.youtube.com/watch?v=EUsjs4X1aT4
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.