"Finally: A Usable and Secure Password Policy Backed by Science"

The password-focused research group at Carnegie Mellon's CyLab Security and Privacy Institute developed a scientifically-backed password policy said to maintain the balance between security and usability. The policy developed by the group does away with requirements about numbers, symbols, uppercase letters, and lowercase letters. Instead, a user's password would have to meet a minimum strength and a minimum length of 12 characters. The researchers developed an artificial neural network-driven password-strength meter that provides a strength score along with suggestions to users in real-time. Then they discovered a threshold between password strength and length that would allow users to create stronger and more usable passwords. This article continues to discuss the development and research behind the proposed password policy. 

CyLab reports "Finally: A Usable and Secure Password Policy Backed by Science"