{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T15:17:27Z","timestamp":1742915847179,"version":"3.40.3"},"publisher-location":"Cham","reference-count":42,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030630850"},{"type":"electronic","value":"9783030630867"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-63086-7_24","type":"book-chapter","created":{"date-parts":[[2020,12,11]],"date-time":"2020-12-11T08:07:25Z","timestamp":1607674045000},"page":"446-466","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["ByPass: Reconsidering the Usability of Password Managers"],"prefix":"10.1007","author":[{"given":"Elizabeth","family":"Stobert","sequence":"first","affiliation":[]},{"given":"Tina","family":"Safaie","sequence":"additional","affiliation":[]},{"given":"Heather","family":"Molyneaux","sequence":"additional","affiliation":[]},{"given":"Mohammad","family":"Mannan","sequence":"additional","affiliation":[]},{"given":"Amr","family":"Youssef","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,12,12]]},"reference":[{"key":"24_CR1","unstructured":"CloudFlare - The Web Performance & Security Company. https:\/\/www.cloudflare.com\/en-ca\/"},{"key":"24_CR2","unstructured":"NIST Special Publication 800\u201363b: Digital Identity Guidelines. SP-800-63b Section 5.1.1.2"},{"key":"24_CR3","doi-asserted-by":"crossref","unstructured":"Alkaldi, N., Renaud, K.: Why do people adopt, or reject, smartphone password managers. EuroUSEC\u201916 (2016)","DOI":"10.14722\/eurousec.2016.23011"},{"key":"24_CR4","doi-asserted-by":"crossref","unstructured":"Alkaldi, N., Renaud, K., Mackenzie, L.: Encouraging password manager adoption by meeting adopter self-determination needs. In: Hawaii International Conference on System Sciences, pp. 4824\u20134833 (2019)","DOI":"10.24251\/HICSS.2019.582"},{"key":"24_CR5","doi-asserted-by":"crossref","unstructured":"Aurigemma, S., Mattson, T., Leonard, L.: So much promise, so little use: what is stopping home end-users from using password manager applications. 50th Hawaii International Conference on System Sciences (2017)","DOI":"10.24251\/HICSS.2017.490"},{"issue":"2","key":"24_CR6","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1016\/j.clsr.2012.01.006","volume":"28","author":"J Ausloos","year":"2012","unstructured":"Ausloos, J.: The \u2018right to be forgotten\u2019 - worth remembering. Comput. Law Secur. Rev. 28(2), 143\u2013152 (2012)","journal-title":"Comput. Law Secur. Rev."},{"key":"24_CR7","doi-asserted-by":"crossref","unstructured":"Barbosa, N.M., Hayes, J., Wang, Y.: UniPass: design and evaluation of a smart device-based password manager for visually impaired users. In: ACM UbiComp (2016)","DOI":"10.1145\/2971648.2971722"},{"key":"24_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1007\/978-3-319-20901-2_13","volume-title":"Human-Computer Interaction: Design and Evaluation","author":"N Bevan","year":"2015","unstructured":"Bevan, N., Carter, J., Harker, S.: ISO 9241-11 Revised: what have we learnt about usability since 1998? In: Kurosu, M. (ed.) HCI 2015. LNCS, vol. 9169, pp. 143\u2013151. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-20901-2_13"},{"key":"24_CR9","unstructured":"Blanchou, M., Youn, P.: Password managers: exposing passwords everywhere. White Paper, iSEC Partners, pp. 1\u20136 (2013)"},{"key":"24_CR10","doi-asserted-by":"crossref","unstructured":"Bonneau, J., Herley, C., Van Oorschot, P.C., Stajano, F.: The quest to replace passwords: a framework for comparative evaluation of web authentication schemes. In: IEEE Symposium on Security and Privacy, pp. 553\u2013567. IEEE (2012)","DOI":"10.1109\/SP.2012.44"},{"key":"24_CR11","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"265","DOI":"10.1007\/978-3-030-58201-2_18","volume-title":"ICT Systems Security and Privacy Protection","author":"M Carr","year":"2020","unstructured":"Carr, M., Shahandashti, S.F.: Revisiting security vulnerabilities in commercial password managers. In: H\u00f6lbl, M., Rannenberg, K., Welzer, T. (eds.) SEC 2020. IAICT, vol. 580, pp. 265\u2013279. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-58201-2_18"},{"key":"24_CR12","doi-asserted-by":"crossref","unstructured":"Chatterjee, R., Bonneau, J., Juels, A., Ristenpart, T.: Cracking-resistant password vaults using natural language encoders. In: IEEE Symposium on Security and Privacy. San Jose, CA, USA, May 2015","DOI":"10.1109\/SP.2015.36"},{"key":"24_CR13","unstructured":"Cheng, H., Zheng, Z., Li, W., Wang, P., Chu, C.H.: Probability model transforming encoders against encoding attacks. In: USENIX Security (2019)"},{"key":"24_CR14","unstructured":"Chiasson, S., van Oorschot, P.C., Biddle, R.: A usability study and critique of two password managers. In: USENIX Security, vol. 15 (2006)"},{"key":"24_CR15","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4842-0917-2","volume-title":"Pro REST API Development with Node. js","author":"F Doglio","year":"2015","unstructured":"Doglio, F.: Pro REST API Development with Node. js. Apress, New York (2015)"},{"key":"24_CR16","doi-asserted-by":"crossref","unstructured":"Golla, M., Beuscher, B., D\u00fcrmuth, M.: On the security of cracking-resistant password vaults. In: ACM CCS. ACM, Vienna Austria (2016)","DOI":"10.1145\/2976749.2978416"},{"key":"24_CR17","doi-asserted-by":"crossref","unstructured":"Habib, H., et al.: It\u2019s a scavenger hunt\u201d: usability of websites. In: ACM SIGCHI, Opt-Out and Data Deletion Choices (2020)","DOI":"10.1145\/3313831.3376511"},{"key":"24_CR18","doi-asserted-by":"crossref","unstructured":"Haekal, M., et al.: Token-based authentication using JSON web token on SIKASIR RESTful web service. In: 2016 International Conference on Informatics and Computing (ICIC), pp. 175\u2013179. IEEE (2016)","DOI":"10.1109\/IAC.2016.7905711"},{"issue":"1","key":"24_CR19","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1109\/MSP.2011.150","volume":"10","author":"C Herley","year":"2011","unstructured":"Herley, C., Van Oorschot, P.: A research agenda acknowledging the persistence of passwords. IEEE Secur. Priv. 10(1), 28\u201336 (2011)","journal-title":"IEEE Secur. Priv."},{"key":"24_CR20","doi-asserted-by":"crossref","unstructured":"Inglesant, P.G., Sasse, M.A.: The true cost of unusable password policies: password use in the wild. In: CHI\u201910, pp. 383\u2013392 (2010)","DOI":"10.1145\/1753326.1753384"},{"key":"24_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"233","DOI":"10.1007\/978-3-642-24209-0_16","volume-title":"Information Security and Cryptology - ICISC 2010","author":"A Karole","year":"2011","unstructured":"Karole, A., Saxena, N., Christin, N.: A comparative usability evaluation of traditional password managers. In: Rhee, K.H., Nyang, D. (eds.) ICISC 2010. LNCS, vol. 6829, pp. 233\u2013251. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-24209-0_16"},{"key":"24_CR22","doi-asserted-by":"crossref","unstructured":"Li, Z., He, W., Akhawe, D., Song, D.: The emperor\u2019s new password manager: security analysis of web-based password managers. In: USENIX Security (2014)","DOI":"10.21236\/ADA614474"},{"issue":"6","key":"24_CR23","doi-asserted-by":"publisher","first-page":"1173","DOI":"10.1109\/TVCG.2008.121","volume":"14","author":"Z Liu","year":"2008","unstructured":"Liu, Z., Nersessian, N., Stasko, J.: Distributed cognition as a theoretical framework for information visualization. IEEE Trans. Visual. Comput. Graph. 14(6), 1173\u20131180 (2008)","journal-title":"IEEE Trans. Visual. Comput. Graph."},{"key":"24_CR24","unstructured":"Lyastani, S.G., Schilling, M., Fahl, S., Backes, M., Bugiel, S.: Better managed than memorized. In: USENIX Security, Studying the Impact of Managers on Password Strength and Reuse (2018)"},{"key":"24_CR25","doi-asserted-by":"crossref","unstructured":"Maclean, R., Ophoff, J.: Determining key factors that lead to the adoption of password managers. In: 2018 International Conference on Intelligent and Innovative Computing Applications (ICONIC). IEEE (2018)","DOI":"10.1109\/ICONIC.2018.8601223"},{"key":"24_CR26","doi-asserted-by":"crossref","unstructured":"McCarney, D., Barrera, D., Clark, J., Chiasson, S., Van Oorschot, P.C.: Tapas: design, implementation, and usability evaluation of a password manager. In: ACSAC\u201912, pp. 89\u201398 (2012)","DOI":"10.1145\/2420950.2420964"},{"key":"24_CR27","unstructured":"Pearman, S., Zhang, S.A., Bauer, L., Christin, N., Cranor, L.F.: Why people (don\u2019t) use password managers effectively. In: SOUPS\u201919. USENIX (2019)"},{"issue":"8","key":"24_CR28","doi-asserted-by":"publisher","first-page":"816","DOI":"10.1016\/j.cose.2009.05.008","volume":"28","author":"HS Rhee","year":"2009","unstructured":"Rhee, H.S., Kim, C., Ryu, Y.U.: Self-efficacy in information security: its influence on end users\u2019 information security practice behavior. Comput. Secur. 28(8), 816\u2013826 (2009)","journal-title":"Comput. Secur."},{"key":"24_CR29","unstructured":"Ross, B., Jackson, C., Miyake, N., Boneh, D., Mitchell, J.C.: Stronger password authentication using browser extensions. In: USENIX Security, p. 15 (2005)"},{"key":"24_CR30","doi-asserted-by":"crossref","unstructured":"Ruoti, S., Seamons, K.: End-to-end passwords. In: NSPW. ACM (2017)","DOI":"10.1145\/3171533.3171542"},{"key":"24_CR31","doi-asserted-by":"crossref","unstructured":"Seiler-Hwang, S., et al.: \u201c I don\u2019t see why I would ever want to use it\u201d analyzing the usability of popular smartphone password managers. In: ACM CCS\u201919 (2019)","DOI":"10.1145\/3319535.3354192"},{"key":"24_CR32","doi-asserted-by":"crossref","unstructured":"Shirvanian, M., Jareckiy, S., Krawczykz, H., Saxena, N.: SPHINX: a password store that perfectly hides passwords from itself. In: International Conference on Distributed Computing Systems (ICDCS\u201917). Atlanta, GA, USA, Jun 2017","DOI":"10.1109\/ICDCS.2017.64"},{"key":"24_CR33","unstructured":"Silver, D., Jana, S., Boneh, D., Chen, E., Jackson, C.: Password managers: attacks and defenses. In: USENIX Security (2014)"},{"key":"24_CR34","unstructured":"Smith, T., Ruoti, S., Seamons, K.: Augmenting centralized password management with application-specific passwords. In: SOUPS\u201917. USENIX (2017)"},{"key":"24_CR35","doi-asserted-by":"crossref","unstructured":"Stebila, D., Sullivan, N.: An analysis of TLS handshake proxying. In: 2015 IEEE Trustcom\/BigDataSE\/ISPA, vol. 1, pp. 279\u2013286. IEEE (2015)","DOI":"10.1109\/Trustcom.2015.385"},{"key":"24_CR36","doi-asserted-by":"crossref","unstructured":"Stobert, E., Biddle, R.: A password manager that doesn\u2019t remember passwords. In: NSPW. ACM (2014)","DOI":"10.1145\/2683467.2683471"},{"issue":"3","key":"24_CR37","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3183341","volume":"21","author":"E Stobert","year":"2018","unstructured":"Stobert, E., Biddle, R.: The password life cycle. ACM Trans. Priv. Secur. (TOPS) 21(3), 1\u201332 (2018)","journal-title":"ACM Trans. Priv. Secur. (TOPS)"},{"key":"24_CR38","doi-asserted-by":"crossref","unstructured":"Wang, D., Zhang, Z., Wang, P., Yan, J., Huang, X.: Targeted online password guessing: an underestimated threat. In: ACM CCS. Vienna Austria (2016)","DOI":"10.1145\/2976749.2978339"},{"key":"24_CR39","doi-asserted-by":"crossref","unstructured":"Wharton, C., Bradford, J., Jeffries, R., Franzke, M.: Applying cognitive walkthroughs to more complex user interfaces: experiences, issues, and recommendations. In: ACM SIGCHI (1992)","DOI":"10.1145\/142750.142864"},{"key":"24_CR40","unstructured":"Wheeler, D.L.: zxcvbn: low-budget password strength estimation. In: USENIX Security (2016)"},{"key":"24_CR41","unstructured":"Whitten, A., Tygar, J.D.: Why johnny can\u2019t encrypt: a usability evaluation of PGP 5.0. In: USENIX Security (1999)"},{"key":"24_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"245","DOI":"10.1007\/978-3-540-30574-3_17","volume-title":"Topics in Cryptology \u2013CT-RSA 2005","author":"FF Yao","year":"2005","unstructured":"Yao, F.F., Yin, Y.L.: Design and analysis of password-based key derivation functions. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 245\u2013261. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/978-3-540-30574-3_17"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Security and Privacy in Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-63086-7_24","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,24]],"date-time":"2021-04-24T21:36:24Z","timestamp":1619300184000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-63086-7_24"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030630850","9783030630867"],"references-count":42,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-63086-7_24","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"type":"print","value":"1867-8211"},{"type":"electronic","value":"1867-822X"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"12 December 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SecureComm","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Security and Privacy in Communication Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Washington, WA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 October 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 October 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"securecomm2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/securecomm.eai-conferences.org\/2020\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Confy","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"120","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"50","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"42% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2,86","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually due to COVID-19 pandemic.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}