%0 Journal Article %J Computers and Software Engineering %D 2007 %T Password Changes: Empirical Results %A Michel Cukier %A Sharma,A. %X This paper focuses on a detailed analysis of oneaspect of password evolution based on empirical data: password changes. Passwords can be divided into weak and strong based on how easy it is to crack them. We present a model of password changes and analyze passwords collected during 21 months from a large network of an average of 770 users. The results include tracking the percentage of users with weak passwords over time and the percentage of users changing between weak and strong passwords. Based on the data analysis, the distribution of users switching between weak and strong passwords was characterized and two parameters of the model were estimated. %B Computers and Software Engineering %8 2007/// %G eng %U http://isastorganization.org/ISAST_CS_1_2007.pdf#page=10