Twitter
Facebook
LinkedIn
Google+
YouTube
Keep it Simple, Stupid: Why the Usual Password Policies Don't Work, and What to Do About It
Abe Singer, Laser Interferometer Gravitational Wave Observatory, Caltech, and Warren Anderson, University of Wisconsin, Milwaukee
Common password policies don’t really work; they’re annoying and users still end up with bad passwords. How does one devise a password policy that both manages risk yet remains usable by its users? We present the fundamental problem with common password policies, and how we approached a solution, looking at the effectiveness of password strength rules in combination with human factors. Our result gives us measurable strength and improves usability, without password aging.
The talk will look at the history of password policies, a formal view of password attacks, the usability issues of passwords, and our experiences with our solution.
Abe Singer is the Chief Security Officer for the Laser Interferometer Gravitational Wave Observatory and the LIGO Scientific Collaboration, and formerly the Chief Security Officer of the San Diego Supercomputer Center. He has been at times a programmer, system administrator, security geek, consultant, and expert witness. He is based at the California Institute of Technology in Pasadena.
Warren Anderson is a Visiting Assistant Professor in the Department of Physics at the University of Wisconsin–Milwaukee and a member of the LIGO Scientific Collaboration, and is effectively the project manager for the LIGO Identity and Access Management Infrastructure. His publications are primarily on black holes and gravitational waves; he has just begun his foray into the world of computer security.
Abe Singer, Laser Interferometer Gravitational Wave Observatory, Caltech
Abe Singer is the Chief Security Officer for the Laser Interferometer Gravitational Wave Observatory and the LIGO Scientific Collaboration, and formerly the Chief Security Officer of the San Diego Supercomputer Center. At times he has been a programmer, system administrator, security geek, consultant, and expert witness. He is based at the California Institute of Technology in Pasadena.
Warren Anderson, University of Wisconsin, Milwaukee
Warren Anderson is a Visiting Assistant Professor in the Department of Physics at the University of Wisconsin–Milwaukee and a member of the LIGO Scientific Collaboration, and is effectively the project manager for the LIGO Identity and Access Management Infrastructure. His publications are primarily on black holes and gravitational waves; he has just begun his foray into the world of computer security.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Abe Singer and Warren Anderson},
title = {Keep it Simple, Stupid: Why the Usual Password Policies Don{\textquoteright}t Work, and What to Do About It},
year = {2014},
address = {Seattle, WA},
publisher = {{USENIX} Association},
month = nov,
}
connect with us