ABSTRACT
The purpose of this entry is to provide research and analy-
sis of password attacks and the estimated effect of pre-
dicted changes to password composition. This analysis
includes both password policy controls, which directly
affect the strength of the password (e.g., password length,
history, and age), and external controls, which indirectly
affect the strength of the password (e.g., user awareness
training, encryption, screen savers). This entry details the
approach, analysis, findings, and recommendations for
specific tactical and strategic changes to internal and exter-
nal password policy.