[Chicago-talk] Password strength
John Kristoff
jtk at depaul.edu
Fri Aug 7 10:41:52 PDT 2015
On Fri, Aug 07, 2015 at 02:35:01PM +0000, richard at rushlogistics.com wrote:
> I am using perl dancer to create a new user login page. I was surfing
> arround to try to find how to create a password strength meter when I
> found this http://www.perlmonks.org/?node_id=948997 which has me
> second-guessing as to whether having one is even a good idea. Can
> anyone lend some insight in this matter and perhaps where to go get a
> good one if you believe they are a good idea?
A meter seems little more than eye candy if it doesn't do anything other
than just show the complexity. If the password must reach a certain
point on the meter, then that might be slightly more helpful. It is
unlikely to affect user behavior much if at all. As long as a password
satisifies the minimal constraints, most users won't exert much effort
to impress the meter.
USENIX and the IEEE Security & Privacy journals, to name just two, have
had numerous good articles related to passwords over the years that
might be useful references. For instance:
<https://www.usenix.org/sites/default/files/rethinking_password_policies_unabridged.pdf>
John
More information about the Chicago-talk
mailing list