Finally: A usable and secure password policy backed by science

Finally: a usable and secure password policy backed by science.
Researchers in CyLab developed a policy for creating passwords that maintains balance between security and usability — one backed by hard science.

https://www.cylab.cmu.edu/news/2020/10/20-passwordpolicy.html

This thread was posted by one of our members via one of our automated news source trackers.

2 Likes

Corresponding tweet for this thread:

Share link for this tweet.

1 Like

From their demo:

Strategies for Making a Strong Password:

  • Do not reuse any of your existing passwords for any accounts you care about! Password reuse is very insecure! If it’s too much to remember, write the passwords down in a secure place or use a password manager.
    Attackers commonly try to log into many different websites with the usernames and passwords they obtain from other sites’ data breaches.

  • Make your password at least 12 characters, and consider including uppercase letters, digits, and/or symbols in unpredictable places.
    Attackers know that people often put numbers and symbols at the end of their password and uppercase letters at the beginning. Be different!

  • One way to make a strong password is to create a sentence that no one’s ever said before and use the first letter or two of each word as your password, mixing in other types of characters.

  • Avoid basing your password around the names of people or pets, things you like (e.g., favorite songs, cars), sports, or birthdates.
    Many other people do the same, making it easy for attackers to guess.

This is a good one :nerd_face:

  • One way to make a strong password is to create a sentence that no one’s ever said before and use the first letter or two of each word as your password, mixing in other types of characters.