Open manncr opened 4 years ago
This paper discusses a few different attack approaches to passwords, a few metrics like entropy, Levenshtein distance, and complexity, and compares the password strength meters of several services like Paypal and FedEx:
https://www.researchgate.net/publication/318154948_On_Password_Strength_A_Survey_and_Analysis
this evaluates a really long list of password strength metes and lists their different criteria: https://dl.acm.org/doi/abs/10.1145/2739044
CMU's data driven password strength meter: https://www.cs.cmu.edu/~pemamina/publication/CHI'17/p3775-ur.pdf
Effects of password checkers on making your password: https://www.archive.ece.cmu.edu/~lbauer/papers/2012/usenix2012-meters.pdf
Article overviewing 5 algorithm approaches for testing password strength: https://nulab.com/blog/tech/password-strength/
For interpreting entropy score into a strength: http://iocane.com.au/talking-passwords-and-entropy/
Put them links in here