This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Password Policy Purgatory
September/October 2008 (vol. 12 no. 5)
pp. 84-87
Stephen Farrell, Trinity College Dublin
IT system users, (all of us), and administrators, (increasingly large numbers of us), must all manage some passwords. In this article, the author reviews some issues related to password policies and concludes that managing passwords, in any sensible manner, is becoming more and more of a nuisance for users, a factor that should be to the forefront when administrators are creating password policies.

1. J. Richards, A.G. Lowe-Norris, and R. Allen, Active Directory, 3rd ed., O'Reilly Media, 2006.
2. M. Crispin, Internet Message Access Protocol —Version 4, Revision 1, IETF RFC 3501, March 2003; ftp://ftp.rfc-editor.org/in-notes/rfc3501.txt.
3. J. Klensin, ed., Simple Mail Transfer Protocol, IETF RFC 2821, 2001; www.ietf.org/rfcrfc2821.txt.
4. S. Gaw and E.W. Felten, "Password Management Strategies for Online Accounts," Proc. 2nd Symp. Usable Privacy and Security (SOUPS 06), vol. 149, ACM Press, 2006; http://doi.acm.org/10.11451143120.1143127 .
5. W.C. Summers and E. Bosworth, "Password Policy: The Good, the Bad, and the Ugly," Proc. Winter Int'l Symp. Information and Comm. Technologies, ACM Int'l Conf. Proc. Series, vol. 58, 2004, pp. 1–6.
6. E. Maler and D. Reed, "The Venn of Identity: Options and Issues in Federated Identity Management," IEEE Security &Privacy, vol. 6, no. 2, 2008, pp. 16–23.

Index Terms:
password management, authentication, security
Citation:
Stephen Farrell, "Password Policy Purgatory," IEEE Internet Computing, vol. 12, no. 5, pp. 84-87, Sept.-Oct. 2008, doi:10.1109/MIC.2008.108
Usage of this product signifies your acceptance of the Terms of Use.