Esc

Strong Password Policy

Definition

Modifying system configuration to increase password strength.

How it works

Password strength guidelines include increasing password length, permitting passwords that contain ASCII or Unicode characters, and requiring systems to screen new passwords against lists of commonly used or compromised passwords.

Considerations

Extremely complex password requirements may lead users to saving passwords in text files or picking obvious passwords that meet the policy.

json

References

All

Guideline

Academic Paper

The following references were used to develop the Strong Password Policy knowledge-base article.

(Note: the consideration of references does not imply specific functionality exists in an offering.)

Digital Identity Guidelines

Reference Type: Guideline Organization: NIST Author: NIST

Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-3.pdf

Testing Metrics for Password Creation Policies by Attacking Large Sets of Revealed Passwords

Reference Type: Academic Paper Author: Matt Weir, Sudhir Aggarwal, Michael Collins, Henry Stern

Source: https://www.cs.umd.edu/~jkatz/security/downloads/passwords_revealed-weir.pdf

D3FEND^™

A knowledge graph of cybersecurity countermeasures