The Security of Modern Password Expiration: An Algorithmic Framework and Empirical Analysis

[Sean Flattery]

Found an interesting article and thought I'd share it.  The study shows that requiring users to frequently change their passwords tends to generate new passwords in predictable patterns that make them easy to break if you have a previous one. That mitigates the advantage of limiting compromised accounts to the forced reset period. 

http://www.cs.unc.edu/~reiter/papers/2010/CCS.pdf

Sean Flattery

sean.r....@gmail.com

[Tom Conley [President]]

Thanks Sean.  Excellent info!!

Tom

 

 

Tom M. Conley, CPP, CISM, CMAS

President & CEO

The Conley Group, Inc.

2867 104th Street

Des Moines, Iowa 50322

Voice: (515) 277-7437

FAX: (515) 277-7275

Government Secure E-mail 1: tco...@atix.riss.net

Government Secure E-mail 2: tom.m....@infragard.org

Web: www.theconleygroup.com

Secure IP Video Teleconferencing Available

 

           

 

NOTICE: This message and any accompanying documents or attachments are covered by the Electronic Communications Privacy Act, 18 U.S.C. §§ 2510-2521, and contain information intended for the specified individual(s) only. This information is confidential.  If you are not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, copying, or the taking of any action based on the contents of this information is strictly prohibited.  If you have received this communication in error, please notify us immediately by e-mail, and delete the original message.

 

P Please consider the environment before printing this e-mail