Abstract Password composition policies are used to prevent users from picking weak passwords. A website usually provides a unified password policy for each user but ignores the fact that people have a variety of preferences due to individual differences, which makes it difficult to achieve the expected strong password goals. In order to improve the effectiveness of password composition policies, we propose a dynamic personalized password policy (DPPP), which can personally recommend different password policies according to the user’s personality traits. We conduct an online study to evaluate the security and usability of DPPP and the two common password composition policies Basic8 and 3class8. The study results show that DPPP is more effective than Basic8 and 3class8 in resisting online and offline guessing attacks. DPPP is inferior to Basic8 and 3class8 only in the creation time and outperforms 3class8 in creating difficulty with significant differences.

中文翻译：

---

通过了解用户的个性来推动个性化密码策略

摘要 密码组合策略用于防止用户选择弱密码。网站通常为每个用户提供统一的密码策略，却忽略了人们因个体差异而有多种偏好的事实，这使得难以实现预期的强密码目标。为了提高密码组合策略的有效性，我们提出了一种动态个性化密码策略（DPPP），它可以根据用户的个性特征个性化推荐不同的密码策略。我们进行了一项在线研究，以评估 DPPP 的安全性和可用性以及两种常见的密码组合策略 Basic8 和 3class8。研究结果表明，DPPP在抵抗在线和离线猜测攻击方面比Basic8和3class8更有效。