Lost in Disclosure: On The Inference of Password Composition Policies

arXiv:2003.05846v2 Announce Type: replace
Abstract: Large-scale password data breaches are becoming increasingly commonplace, which has enabled researchers to produce a substantial body of password security research utilising real-world password datasets, which often contain numbers of records in the tens or even hundreds of millions. While much study has been conducted on how password composition policies (sets of rules that a user must abide by when creating a password) influence the distribution of user-chosen passwords on a system, much less research …

arxiv body breaches cs.cr data data breaches datasets disclosure large lost millions numbers password password security policies real records research researchers scale security security research study world