Date Added: Dec 2011
Recent studies indicate that many users have difficulties managing online passwords for the increasing number of accumulated accounts. As a result, users often adopt strategies to simplify password management, such as selecting weak passwords and reusing passwords across multiple accounts, which unfortunately can cause security vulnerabilities. This problem is exacerbated by the fact that users have to deal with many variations of password policy requirements even when dealing with similar service. This paper investigates a set of password policies that a typical user would have to follow when selecting passwords for their various online services. The authors also investigate several authentication frameworks with regard to how they address password requirements as a function of authentication assurance levels.