KIT | KIT-Bibliothek | Impressum | Datenschutz

A Second Look at Password Composition Policies in the Wild: Comparing Samples from 2010 and 2016

Mayer, Peter ORCID iD icon; Kirchner, Jan; Volkamer, Melanie


In this paper we present a replication and extension of the study performed by Flor^encio and Herley published at SOUPS 2010. They investigated a sample of US websites, examining different website features' effects on the strength of the website's password composition policy (PCP). Using the same methodology as in the original study, we re-investigated the same US websites to identify differences over time. We then extended the initial study by investigating a corresponding sample of German websites in order to identify differences across countries. Our findings indicate that while the website features mostly retain their predicting power for the US sample, only one feature affecting PCP strength translates to the German sample: whether users can choose among multiple alternative websites providing the same service. Moreover, German websites generally use weaker PCPs and, in particular, PCPs of German banking websites stand out for having generally low strength PCPs.

Verlagsausgabe §
DOI: 10.5445/IR/1000082001
Veröffentlicht am 20.08.2018
Cover der Publikation
Zugehörige Institution(en) am KIT Institut für Angewandte Informatik und Formale Beschreibungsverfahren (AIFB)
Kompetenzzentrum für angewandte Sicherheitstechnologie (KASTEL)
Publikationstyp Proceedingsbeitrag
Publikationsjahr 2017
Sprache Englisch
Identifikator ISBN: 978-1-931971-39-3
KITopen-ID: 1000082001
Erschienen in 13th Symposium on Usable Privacy and Security (SOUPS), Santa Clara, CA, USA, July 12–14, 2017
Verlag USENIX Assoc.
Seiten 13-28
KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft
KITopen Landing Page