We propose to evaluate the security and usability of the current PNC employee password policy and compare it with alternative policies.Our focus will be on the guessability and memorability of the passwords created under each policy alternative. Policies will be evaluated through an online study in which a random sample of PNC employees are asked to participate. We will work with our PNC contact to select policy alternatives to explore. Factors that we expect to investigateinclude password expiration rules and requirements for password length, complexity, and dictionary checks.

Project Lead

Lujo Bauer

Project Lead

Nicholas Christin

Project Lead