Association for Computing Machinery
Passwords are a ubiquitous and critical component of many security systems. As the information and access guarded by passwords become more necessary, the authors become ever more dependent upon the security passwords provide. The creation and management of passwords is crucial, and for this they must develop and deploy password policies. This paper focuses on defining and modeling password policies for the entire password policy lifecycle. The paper first discusses a language for specifying password policies. Then, a simulation model is presented with a comprehensive set of variables and the algorithm for simulating a password policy and its impact. Finally, the paper presents several simulation results using the password policy simulation tool.