September 23, 2021

Research Study on Password Change Requirements

Hello, r/Cybersecurity! Posted with mod approval:

I am conducting a research study on password security and password change requirements. I’m looking to recruit users for an 8-week, 10-minute-a-week program starting on October 18th.

This study will compare different groups of users over several weeks to see if having a change policy actually results in, on average, more secure passwords. To do this, users will be given different password change requirements depending on their group to test if the average strength decreases over time and several iterations.

The goal will be to determine if there is a predictable decay in complexity and password security over time, as well as using a participant self-report survey at the end of the study to determine the frequency of usage of common patterns across the various groups in an attempt to validate the recommendations of NIST SP 800-63b (particularly section, published in 2017.

In the past, guidelines have been to force users to change their passwords every 90 to 180 days, but now the guidelines are to not require this change barring certain circumstances.

The study will have no connection to your Reddit account and username, and all data is fully anonymized. I’d like to give special thanks to the moderators of r/CyberSecurity for allowing me to post this.

If you’d like to participate, the website is []( If you have any other questions, please feel free to ask!

Thank you all for reading!

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.