Overview
Syllabus
The posswords
Current state of affairs Password Requirements
Measuring security
Weir et al.'s PCFG
Guess number graphs
Usability metrics
Collecting passwords
Real, high-value passwords
Accessing data responsibly
Collected vs. real passwords Real CMU passwords
Metrics for comparison
Characteristics vs. strength
Guessability by affiliation
Measuring password strength by simulating password-cracking algorithms
PCFG for long passwords
Long password policies
Visual differences
Scoring differences
Password strength meters
Ongoing work
The continuing quest for secure and usable passwords