Longitudinal password data set varying with policy

<p><strong>Purpose:</strong>  This data set can be used to investigate the effect of password policies on real-world passwords created by users under a variety of policies over time.</p> <p><strong>Data set primary file(s):</strong></p> <ul> <li>INSURE_Password_strength_analysis_Dataset_Dark.csv</li> </ul> <p><strong>Year data were collected:</strong></p> <p>The data were collected in 2015.</p> <p><strong>Data set description:</strong></p> <p>The data were collected as part of a password coping mechanism study. There were a total of 2434 passwords collected over seven iterations across three policies (Curnett, 2015).</p> <p>The password policies included:</p> <ul> <li>Comprehensive 8 (C8):  The password must be at least 8 characters long and contain at least 1 capital letter, 1 special character, and 1 number. 806 passwords were collected with this policy (Kelley et al., 2012).</li> <li>Blacklist Hard (BH):  The password must be at least 8 characters long and not be a word used in a 70000 word dictionary of commonly used words in the English language. 831 passwords were collected with this policy (Kelley et al., 2012).</li> <li>Basic 16 (B16):  The password must be at least 16 characters long. 797 passwords were collected with this policy (Kelley et al., 2012).</li> </ul> <p>Summary statistics of passwords collected by iteration (I1-7) (Curnett, 2015):</p> <p>I1 - 1030; I2 - 496; I3 - 312; I4 - 250; I5 - 140; I6 - 116; I7 - 92.</p> <p>Summary statistics of passwords collected by policy (C8, BH, and B16) and iteration (I1-7) (Curnett, 2015):</p> <ul> <li>C8I1 - 335; C8I2 - 164; C813 - 107; C8I4 - 85; C8I5 - 47; C8I6 - 38; C8I7 - 30.</li> <li>BHI1 - 343; BHI2 - 171; BHI3 - 107; BHI4 - 87; BHI5 - 49; BHI6 - 44; BHI7 - 30.</li> <li>B16I1 - 350; B16I2 - 161; B16I3 - 98; B16I4 - 78; B16I5 - 44; B16I5 - 34; B16I6 - 34; B16I7 - 32.</li> </ul> <p><strong>Data set supporting material(s):</strong></p> <p>The supporting materials included a definition list (INSURE_Definition_list_Supporting_materials_Dark.docx), a list of password policies and description (INSURE_Password_policies_Supporting_materials_Dark.docx), and specifications on the primary data set (INSURE_Specifications_Supporting_materials_Dark.xlsx).</p> <p><strong>References:</strong></p> <p>Curnett, B. (2015). Password Strength Analysis: User Coping Mechanisms in Password Selection. Purdue University.</p> <p>Kelley, P., Komanduri, S., Mazurek, M., Shay, R., Vidas, T., Bauer, L., Christin, N., Cranor, L., & Lopez, J. (2012). Guess Again (and again and again): Measuring password strength by simulating password-cracking algorithms. IEEE Symposium on Security and Privacy (pp. 523-537). IEEE.</p>