Abstract: A password evaluation engine used to evaluate a user's password that redefines the concepts of password complexity and password strength is discussed. Password complexity may be calculated by the evaluation engine so as to take into account the amount of knowledge possessed by a potential attacker, seeking to crack the password, of the rules corresponding to a rule set used for generating the password. A determination of password strength by the evaluation engine may consider a potential attacker's computational resources, the protection function used to protect/store a password and the amount of time available to the attacker to crack the password with respect to an identified search space based on the attacker's knowledge. Embodiments also enable a password strength estimator to be evaluated and policy recommendations to be generated for an entity's password policy requirements.

Abstract: A password evaluation engine used to evaluate a user's password that redefines the concepts of password complexity and password strength is discussed. Password complexity may be calculated by the evaluation engine so as to take into account the amount of knowledge possessed by a potential attacker, seeking to crack the password, of the rules corresponding to a rule set used for generating the password. A determination of password strength by the evaluation engine may consider a potential attacker's computational resources, the protection function used to protect/store a password and the amount of time available to the attacker to crack the password with respect to an identified search space based on the attacker's knowledge. Embodiments also enable a password strength estimator to be evaluated and policy recommendations to be generated for an entity's password policy requirements.

Abstract: A password evaluation engine used to evaluate a user's password that redefines the concepts of password complexity and password strength is discussed. Password complexity may be calculated by the evaluation engine so as to take into account the amount of knowledge possessed by a potential attacker, seeking to crack the password, of the rules corresponding to a rule set used for generating the password. A determination of password strength by the evaluation engine may consider a potential attacker's computational resources, the protection function used to protect/store a password and the amount of time available to the attacker to crack the password with respect to an identified search space based on the attacker's knowledge. Embodiments also enable a password strength estimator to be evaluated and policy recommendations to be generated for an entity's password policy requirements.