Password Changes: Empirical Results

This paper focuses on a detailed analysis of oneaspect of password evolution based on empirical data: password
changes. Passwords can be divided into weak and strong based
on how easy it is to crack them. We present a model of password
changes and analyze passwords collected during 21 months from
a large network of an average of 770 users. The results include
tracking the percentage of users with weak passwords over time
and the percentage of users changing between weak and strong
passwords. Based on the data analysis, the distribution of users
switching between weak and strong passwords was characterized
and two parameters of the model were estimated.