all InfoSec news
Skeptic: Automatic, Justified and Privacy-Preserving Password Composition Policy Selection
March 18, 2024, 4:11 a.m. | Saul Johnson, Jo\~ao F. Ferreira, Alexandra Mendes, Julien Cordry
cs.CR updates on arXiv.org arxiv.org
Abstract: The choice of password composition policy to enforce on a password-protected system represents a critical security decision, and has been shown to significantly affect the vulnerability of user-chosen passwords to guessing attacks. In practice, however, this choice is not usually rigorous or justifiable, with a tendency for system administrators to choose password composition policies based on intuition alone. In this work, we propose a novel methodology that draws on password probability distributions constructed from large …
arxiv attacks automatic critical cs.cr decision password passwords policy practice privacy security system vulnerability
More from arxiv.org / cs.CR updates on arXiv.org
Jobs in InfoSec / Cybersecurity
Senior Security Officer
@ eSimplicity | Remote
Senior - Automated Cyber Attack Engineer
@ Deloitte | Madrid, España
Public Key Infrastructure (PKI) Senior Engineer
@ Sherwin-Williams | Cleveland, OH, United States
Consultant, Technology Consulting, Cyber Security - Privacy (Senior) (Multiple Positions) (1502793)
@ EY | Chicago, IL, US, 60606
Principal Associate, CSOC Analyst
@ Capital One | McLean, VA
Real Estate Portfolio & Corporate Security Lead
@ Lilium | Munich