Emerging Researchers National (ERN) Conference

nsf-logo[1]

  • About
    • About AAAS
    • About the NSF
    • About the Conference
    • Partners/Supporters
    • Project Team
  • Registration
    • Conference Registration
    • Exhibitor Registration
    • Hotel Reservations
  • Abstracts
    • Abstract Submission Process
    • Presentation Schedules
    • Abstract Submission Guidelines
    • Presentation Guidelines
    • Undergraduate Abstract Locator (2020)
    • Graduate Abstract Locator (2020)
    • Faculty Abstract Locator (2020)
  • Travel Awards
  • Resources
    • App
    • Award Winners
    • Code of Conduct-AAAS Meetings
    • Code of Conduct-ERN Conference
    • Conference Agenda
    • Conference Materials
    • Conference Program Books
    • ERN Photo Galleries
    • Events | Opportunities
    • Exhibitor Info
    • HBCU-UP/CREST PI/PD Meeting
    • In the News
    • NSF Harassment Policy
    • Plenary Session Videos
    • Professional Development
    • Science Careers Handbook
    • Additional Resources
    • Archives
  • Engage
    • Webinars
    • Video Contest
    • Video Contest Winners
    • ERN 10-Year Anniversary Videos
    • Plenary Session Videos
  • Contact Us
  • App View

Password Construction Policies and Password Strength

Undergraduate #231
Discipline: Computer Sciences and Information Management
Subcategory: Computer Science & Information Systems

Antwane Lewis - Philander Smith College
Co-Author(s): Tamara Bates, Latavia Hill, Jacques Iragena, and Samar Swaid, Philander Smith College, Little Rock, AR



With computers and smartphones being equipped with applications known as “apps” for online banking, shopping, and social networking sites, it’s is a common practice for users to create accounts with passwords. Therefore, websites provide passwords construction policies that help and guide users in their password creation. A number of studies indicate passwords generated are easy to guess and thereby can be easily hacked. This project would contribute to area of computer security, human-computer interaction and security policy making. This research aims to explore the impact of passwords construction policies on passwords strength. The research questions we are addressing are: (i) what are readability measures of passwords construction policies and; (ii) what are passwords strength measured by password entropy that are generated based on guidelines of password construction policies? Our hypothesis is that passwords construction policies would differ by website type and would have impact on password entropy. We began by selecting top 20 sites in different categories. We mainly focused on health, media, online gaming, social networking, software and telecommunication websites. Each member of the group was assigned a set of website to analyze. We obtained the readability score using test of Flech reading ease formula and Flech-Kincaid readability score test. We also recorded the website Alexa’s rank in order to gather website analytics information such as rank and traffic. Next, we calculated the entropy of each of the sites using information provided by each sites’ password policy. Content analysis of password construction policies reveals that readability measures of these password is high and only users with education level of at least 12th grade would understand and comprehend the content of password construction policies. We also found that limited number of these websites include password meters that would guide the users to create strong password. Password entropy calculations indicate that policies of password construction differ based on website categories. For example, password policies of gaming do not result in strong passwords. On the other hand, websites that includes sensitive information such as social networking (e.g., Facebook) provide users with rules to generate strong passwords. Data analysis did not find significant link between websites rank and quality of password construction policies. Our future research will focus on including other websites to confirm our findings. We also would use other measures for quality of passwords policies such as password meters used, password combination mix, password age and other formulas of password entropy.

References: Acker, S., Hausknecht, D., Joosen, W., Sabelfeld, A. 2015. Password Meters and Generators on the Web: From Large-Scale Empirical Study to Getting it Right. CODASPY’15, March2-4.

Funder Acknowledgement(s): National Science Foundation HBCU-UP Award No. 1238895

Faculty Advisor: Samar Swaid, sswaid@philander.edu

Role: We began by selecting top 20 sites in different categories. We mainly focused on health, media, online gaming, social networking, software and telecommunication websites. I was assigned to look up websites following the categories of online gaming and web content. From there, I had to identify objects to improve the password security and then calculate the readability scores of the password policy text. Then, I calculated the entropy of the passwords strength.

ERN Conference

Celebrating 10 years of ERN!

What’s New

  • Webinars
  • Events|Opportunities
  • AAAS CEO Comments on Social Unrest, Racism, and Inequality
  • Maintaining Accessibility in Online Teaching During COVID-19
  • In the News
  • #ShutDownSTEM
  • HBCU/CREST PI/PD Meeting

Conference Photos

ERN Conference Photo Galleries

Awards

ERN Conference Award Winners

Checking In

Navigation

  • About the ERN Conference
  • Partners/Supporters
  • Abstracts
  • Travel Awards
  • Conference Registration
  • Exhibitor Registration
  • Hotel Reservations

nsf-logo[1]

This material is based upon work supported by the National Science Foundation (NSF) under Grant No. DUE-1930047. Any opinions, findings, interpretations, conclusions or recommendations expressed in this material are those of its authors and do not represent the views of the AAAS Board of Directors, the Council of AAAS, AAAS’ membership or the National Science Foundation.

AAAS

1200 New York Ave, NW Washington,DC 20005
202-326-6400
Contact Us
About Us

The World's Largest General Scientific Society

Useful Links

  • Membership
  • Careers at AAAS
  • Privacy Policy
  • Terms of Use

Focus Areas

  • Science Education
  • Science Diplomacy
  • Public Engagement
  • Careers in STEM

 

  • Shaping Science Policy
  • Advocacy for Evidence
  • R&D Budget Analysis
  • Human Rights, Ethics & Law
© 2021 American Association for the Advancement of Science