Title: A Mathematical Model for Resolving Minimum Password Length Controversy

Issue Number: Vol. 7, No. 1
Year of Publication: Jan - 2018
Page Numbers: 1-9
Authors: S. Agholor, A. S. Sodiya and D. O. Aborisade
Journal Name: International Journal of Cyber-Security and Digital Forensics (IJCSDF)
- Hong Kong
DOI:  http://dx.doi.org/10.17781/P002310


Information Security has become one of the most pressing issues facing businesses in today’s competitive e-commerce that is driven by online transactions. User authentication serves as the first line of defence against security breaches, which predominantly uses passwords. There have been growing controversies as per the minimum length of a password required to make the password withstand guessing and hacking attacks. For example, a password can receive a rating as “strong” with only six characters on Facebook but not on Gmail where it must have at least eight characters. There is, therefore, the urgent need to address these minimum password length controversies in view of its negative consequences on the security of the end-users’ web accounts. In this paper, a mathematical model for determining minimum password length was developed. A combination of entropy formula and the bit strength threshold were used in developing the mathematical model, which was implemented using PHP. This was tested and a table of minimum password length needed for different character sets was generated. It is hoped that software developers as well as web account owners will find the table useful