[摘要] We demonstrate the use of a systematic decision-making methodology to support an informed choice of a password policy. Our approach uses an executable system model, grounded with empirical data, to compare, using simulations, two options. The basis of the comparison is a notion of organizational utility. Using our results, we are able to explore trade-offs between breaches of system security, users' productivity, and investment in support operations.