I. Passwords are an important security measure that require complexity to prevent unauthorized access. Standards recommend passwords be at least 8 characters including 3 of 4 character types and not based on dictionary words.
II. Passwords should be complex, unique, and not related to the user. Common substitutions like 0 for o don't strengthen passwords.
III. Passwords must be kept secret, changed if compromised, and different for different accounts and levels of access. Secure transmission is also important.
This document summarizes a study on analyzing password strength through support vector machines. It introduces password strength and support vector machines. Features are extracted from passwords, like length, mixture of characters. A support vector machine is trained on these features to classify passwords as very weak, weak, moderate, strong or very strong. The system aims to help organizations enforce stronger password policies and improve security.
PortalGuard’s Password Management will increase the security of passwords by adding features such as more granular password quality rules, history, expiration and lockout due to incorrect logins. This is especially beneficial for applications failing to meet compliance requirements, such as homegrown web applications or custom SQL user repositories. Administrators can easily manage multiple password policies while users are given usability features such as password meters and password expiration reminders synched with their email client calendar.
Watch tutorial here: http://pg.portalguard.com/configurable_password_management_tutorial
I. Passwords are an important security measure that require complexity to prevent unauthorized access. Standards recommend passwords be at least 8 characters including 3 of 4 character types and not based on dictionary words.
II. Passwords should be complex, unique, and not related to the user. Common substitutions like 0 for o don't strengthen passwords.
III. Passwords must be kept secret, changed if compromised, and different for different accounts and levels of access. Secure transmission is also important.
This document summarizes a study on analyzing password strength through support vector machines. It introduces password strength and support vector machines. Features are extracted from passwords, like length, mixture of characters. A support vector machine is trained on these features to classify passwords as very weak, weak, moderate, strong or very strong. The system aims to help organizations enforce stronger password policies and improve security.
PortalGuard’s Password Management will increase the security of passwords by adding features such as more granular password quality rules, history, expiration and lockout due to incorrect logins. This is especially beneficial for applications failing to meet compliance requirements, such as homegrown web applications or custom SQL user repositories. Administrators can easily manage multiple password policies while users are given usability features such as password meters and password expiration reminders synched with their email client calendar.
Watch tutorial here: http://pg.portalguard.com/configurable_password_management_tutorial
2. Session: CAPTCHAs and Password Strength
• Security and Usability Challenges of Moving-Object
CAPTCHAs: Decoding Codewords in Motion
– Y. Xu, University of North Carolina at Chapel Hill; G.
Reynaga and S. Chiasson, Carleton University; J.-M. Frahm
and F. Monrose, University of North Carolina at Chapel
Hill; P. van Oorschot, Carleton University
• How Does Your Password Measure Up? The Effect of
Strength Meters on Password Creation
– Blase Ur, Patrick Gage Kelley, Saranga Komanduri, Joel
Lee, Michael Maass, Michelle L. Mazurek, Timothy Passaro,
Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin,
and Lorrie Faith Cranor, Carnegie Mellon University
• I Forgot Your Password: Randomness Attacks Against PHP
Applications
– George Argyros and Aggelos Kiayias, University of Athens
2012/9/18 USENIX Security '12 勉強会 2
3. SECURITY AND USABILITY CHALLENGES OF MOVING-
OBJECT CAPTCHAS: DECODING CODEWORDS IN MOTION
Y. Xu, University of North Carolina at Chapel Hill; G. Reynaga and
S. Chiasson, Carleton University; J.-M. Frahm and F. Monrose,
University of North Carolina at Chapel Hill; P. van Oorschot,
Carleton University
2012/9/18 USENIX Security '12 勉強会 3
14. HOW DOES YOUR PASSWORD MEASURE UP? THE
EFFECT OF STRENGTH METERS ON PASSWORD
CREATION
Blase Ur, Patrick Gage Kelley, Saranga Komanduri, Joel Lee,
Michael Maass, Michelle L. Mazurek, Timothy Passaro, Richard Shay,
Timothy Vidas, Lujo Bauer, Nicolas Christin, and Lorrie Faith
Cranor, Carnegie Mellon University
2012/9/18 USENIX Security '12 勉強会 14
20. I FORGOT YOUR PASSWORD: RANDOMNESS
ATTACKS AGAINST PHP APPLICATIONS
George Argyros and Aggelos Kiayias, University of Athens
2012/9/18 USENIX Security '12 勉強会 20