Systems and methods for evaluating a password policy

摘要

Systems, methods and articles of manufacture for evaluating a password policy are disclosed. The password evaluation system receives password policy data regarding a password policy, including a password constraint. The system analyzes the password policy data to determine a usability index and a password strength index for the password policy, and also determines a usability index and password strength index for a plurality of modified password policies having password constraints different from the password policy. The system then provides a graphical representation of the usability index and the password strength for the password policy and the modified password policies, thereby allowing a password designer to optimize the tradeoffs between usability and security of a password policy.

主权项

1. A method for evaluating a password policy, comprising:
receiving at an evaluation system, from a user, password policy data regarding a password policy, including a password constraint; analyzing, by the evaluation system, said password policy data to determine a usability index and a password strength index for said password policy; determining, by the evaluation system, a usability index and a password strength index for a plurality of modified password policies having password constraints different from said password policy; creating, by the evaluation system, a curve of the usability against the password strength index for said password policy and said modified password policies; determining, by the evaluation system, one or more inflection points in said curve where a change in the password strength index has an increased effect on the usability index; and providing to the user, a graphical representation of the usability index and the password strength for said password policy and said modified password policies, and providing to the user a recommended password policy constraint based on the one or more inflection points.