The experts decided to establish what passwords (invented by users, randomly generated or compiled on the basis of passphrases) are the most reliable.
The experiment involved 300 students. The volunteers were divided into three groups ("red", "yellow" and "green") one hundred people each. Participants in the "red" team independently came up with a password consisting of 8 characters, at least one of which is not a letter. Students from the "yellow" group came up with a password consisting of the first letters and punctuation known phrases or sayings (such as a password «Wyc-swyg» turned out «What you see is what you get»). "Green" group received one hundred randomly generated passwords. Participants had to memorize them and destroy them.
Thus, the researchers wanted to find out how well users to remember passwords, as well as the degree of opportunity to pick up (crack) password. Results of the study were somewhat unexpected for the experts. They managed to successfully crack the 30% of the passwords, invented by members of the "Red" group, while the "yellow" and "green" groups, the figure was only 10%. This implies that a randomly generated passwords, and passwords by one of the phrases are relatively safe.
In addition, it appears that members of the "red" and "green" groups to easily remember their passwords, while students "yellow" group had some difficulty, however, all three groups, please contact support for password reset with about the same frequency .
Security Engineering: A Guide to Building Dependable Distributed Systems
Page Count: 1080
Books Online: Link to site
Ross J. Anderson: From Wikipedia