主权项 |
1. A method for evaluating a password policy, comprising:
receiving at an evaluation system, from a user, password policy data regarding a password policy, including a password constraint; analyzing, by the evaluation system, said password policy data to determine a usability index and a password strength index for said password policy; determining, by the evaluation system, a usability index and a password strength index for a plurality of modified password policies having password constraints different from said password policy; creating, by the evaluation system, a curve of the usability against the password strength index for said password policy and said modified password policies; determining, by the evaluation system, one or more inflection points in said curve where a change in the password strength index has an increased effect on the usability index; and providing to the user, a graphical representation of the usability index and the password strength for said password policy and said modified password policies, and providing to the user a recommended password policy constraint based on the one or more inflection points. |