This project has moved. For the latest updates, please go here.
There have been plenty of research done about passwords but much less about passphrases. This page will be a reference page of academic papers about passphrases.

Effect of Grammar on Security of Long Passwords - study on how password crackers can use grammar to reduce effort required to crack passphrases. (Alternate version). Yes, using grammar structure results in simpler phrases than just random words. But that does not effect the combinations reported in the Readable Passphrase Generator.

Correct horse battery staple - Exploring the usability of system-assigned passphrases - study on usability of generated passphrases. They find, surprisingly, that passphrases aren't that much easier to remember. Although my anecdotal experience says otherwise.

Of Passwords and People: Measuring the Effect of Password-Composition Policies - not specificly about passphrases, but how additional complexity requirements (upper / lower case, numbers, symbols, etc) affects password usability and entropy. They find a 16 character password with no restrictions is easier to create than an 8 character one requiring upper, lower, numbers and symbols. And the longer passwords have more entropy as well. Although, they also found both complex 8 and simple 16 character passwords cause users more frustration and difficulty in making them up. I recommend generating passwords!

Last edited Jun 29, 2013 at 2:33 AM by ligos, version 3


No comments yet.