• Skip to main content
  • Skip to after header navigation
  • Skip to site footer
ERN: Emerging Researchers National Conference in STEM

ERN: Emerging Researchers National Conference in STEM

  • About
    • About AAAS
    • About the NSF
    • About the Conference
    • Partners/Supporters
    • Project Team
  • Conference
  • Abstracts
    • Undergraduate Abstract Locator
    • Graduate Abstract Locator
    • Abstract Submission Process
    • Presentation Schedules
    • Abstract Submission Guidelines
    • Presentation Guidelines
  • Travel Awards
  • Resources
    • Award Winners
    • Code of Conduct-AAAS Meetings
    • Code of Conduct-ERN Conference
    • Conference Agenda
    • Conference Materials
    • Conference Program Books
    • ERN Photo Galleries
    • Events | Opportunities
    • Exhibitor Info
    • HBCU-UP/CREST PI/PD Meeting
    • In the News
    • NSF Harassment Policy
    • Plenary Session Videos
    • Professional Development
    • Science Careers Handbook
    • Additional Resources
    • Archives
  • Engage
    • Webinars
    • ERN 10-Year Anniversary Videos
    • Plenary Session Videos
  • Contact Us
  • Login

Password Construction Policies and Password Strength

Undergraduate #231
Discipline: Computer Sciences and Information Management
Subcategory: Computer Science & Information Systems

Antwane Lewis - Philander Smith College
Co-Author(s): Tamara Bates, Latavia Hill, Jacques Iragena, and Samar Swaid, Philander Smith College, Little Rock, AR



With computers and smartphones being equipped with applications known as “apps” for online banking, shopping, and social networking sites, it’s is a common practice for users to create accounts with passwords. Therefore, websites provide passwords construction policies that help and guide users in their password creation. A number of studies indicate passwords generated are easy to guess and thereby can be easily hacked. This project would contribute to area of computer security, human-computer interaction and security policy making. This research aims to explore the impact of passwords construction policies on passwords strength. The research questions we are addressing are: (i) what are readability measures of passwords construction policies and; (ii) what are passwords strength measured by password entropy that are generated based on guidelines of password construction policies? Our hypothesis is that passwords construction policies would differ by website type and would have impact on password entropy. We began by selecting top 20 sites in different categories. We mainly focused on health, media, online gaming, social networking, software and telecommunication websites. Each member of the group was assigned a set of website to analyze. We obtained the readability score using test of Flech reading ease formula and Flech-Kincaid readability score test. We also recorded the website Alexa’s rank in order to gather website analytics information such as rank and traffic. Next, we calculated the entropy of each of the sites using information provided by each sites’ password policy. Content analysis of password construction policies reveals that readability measures of these password is high and only users with education level of at least 12th grade would understand and comprehend the content of password construction policies. We also found that limited number of these websites include password meters that would guide the users to create strong password. Password entropy calculations indicate that policies of password construction differ based on website categories. For example, password policies of gaming do not result in strong passwords. On the other hand, websites that includes sensitive information such as social networking (e.g., Facebook) provide users with rules to generate strong passwords. Data analysis did not find significant link between websites rank and quality of password construction policies. Our future research will focus on including other websites to confirm our findings. We also would use other measures for quality of passwords policies such as password meters used, password combination mix, password age and other formulas of password entropy.

References: Acker, S., Hausknecht, D., Joosen, W., Sabelfeld, A. 2015. Password Meters and Generators on the Web: From Large-Scale Empirical Study to Getting it Right. CODASPY’15, March2-4.

Funder Acknowledgement(s): National Science Foundation HBCU-UP Award No. 1238895

Faculty Advisor: Samar Swaid, sswaid@philander.edu

Role: We began by selecting top 20 sites in different categories. We mainly focused on health, media, online gaming, social networking, software and telecommunication websites. I was assigned to look up websites following the categories of online gaming and web content. From there, I had to identify objects to improve the password security and then calculate the readability scores of the password policy text. Then, I calculated the entropy of the passwords strength.

Sidebar

Abstract Locators

  • Undergraduate Abstract Locator
  • Graduate Abstract Locator

This material is based upon work supported by the National Science Foundation (NSF) under Grant No. DUE-1930047. Any opinions, findings, interpretations, conclusions or recommendations expressed in this material are those of its authors and do not represent the views of the AAAS Board of Directors, the Council of AAAS, AAAS’ membership or the National Science Foundation.

AAAS

1200 New York Ave, NW
Washington,DC 20005
202-326-6400
Contact Us
About Us

  • LinkedIn
  • Facebook
  • Instagram
  • Twitter
  • YouTube

The World’s Largest General Scientific Society

Useful Links

  • Membership
  • Careers at AAAS
  • Privacy Policy
  • Terms of Use

Focus Areas

  • Science Education
  • Science Diplomacy
  • Public Engagement
  • Careers in STEM

Focus Areas

  • Shaping Science Policy
  • Advocacy for Evidence
  • R&D Budget Analysis
  • Human Rights, Ethics & Law

© 2023 American Association for the Advancement of Science