Back in beautiful Berlin for the first time since EuroClojure 2017, over the last few days I've been attending the 4th IEEE Workshop on Reliability and Security Data Analysis co-located with the 30th International Symposium on Software Reliability Engineering to present our paper Lost in Disclosure: On The Inference of Password Composition Poliies. In this work, we present and explore a straightfoward way of reverse-engineering password composition policy rules from large password data dumps. This information can then be used to clean up those datasets by removing non-password artifacts which are not compliant with the policies under which they were created. This is an important step in some of our other upcoming publications, which rely on high-quality real-world password data.
The paper and slides from my website.