Abstract or Summary:
Typically the impact of constraints on the maximum number of permutations for a password is not considered much-the-less quantified. Password policies that require a minimum character length and mandate the use of lowercase letters, uppercase letters, numbers and symbols may reduce the number of viable passwords by more than 60% of the unconstrained character set. Mandating 12 character password length immediately eliminates 9511 potential passwords. Every combination of character constraints reduces the number of viable passwords even further. Websites with maximum character lengths and character set constraints can easily eliminate over 50% of the viable eight character password for the allowed and required character sets. In this paper we will quantify the effects of multiple combinations of constraints on 8, 12, and 16 character passwords, and provide the Python script used in our calculations and as a starting point for further analysis by others.

PasswordResearch.com Note: Video of presentation: https://www.youtube.com/watch?v=EKkLg9dP_ZY