Abstract:
Passwords are an important entity in website security. The first barrier
between the attacker and the host is the password.Password composition
policy (PCP) is the rule upon which a website lets its host or client to choose
a password. In this thesis we examine the password policies of 47 websites
of Pakistan and 40 websites of India. Our goal is to understand the effects
of password composition policies as well as observing the effects on website
security through a comparison between strong and weak password policies.
Surprisingly the results were very unique i.e. strong password policies do
not ensure maximum security other factors are also involved. Also as per
results some of the very secure websites allow their users to choose a more
simpler password as compared to other websites. The minimum password
length that websites accepts ranges from only six characters to complex states
i.e. password including uppercase letters, lowercase letters as well as special
characters.
