{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T12:00:51Z","timestamp":1742990451791,"version":"3.40.3"},"publisher-location":"Cham","reference-count":21,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319073071"},{"type":"electronic","value":"9783319073088"}],"license":[{"start":{"date-parts":[[2014,1,1]],"date-time":"2014-01-01T00:00:00Z","timestamp":1388534400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-319-07308-8_24","type":"book-chapter","created":{"date-parts":[[2014,6,2]],"date-time":"2014-06-02T01:47:06Z","timestamp":1401673626000},"page":"240-251","source":"Crossref","is-referenced-by-count":2,"title":["Clear, Unambiguous Password Policies: An Oxymoron?"],"prefix":"10.1007","author":[{"given":"Michelle","family":"Steves","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kevin","family":"Killourhy","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mary F.","family":"Theofanos","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"issue":"12","key":"24_CR1","first-page":"41","volume":"42","author":"A. Adams","year":"1999","unstructured":"Adams, A., Sasse, M.A.: Users are not the enemy. Communcations of the ACM\u00a042(12), 41\u201346 (1999)","journal-title":"Communcations of the ACM"},{"key":"24_CR2","unstructured":"Bonneau, J., Preibusch, S.: The password thicket: Technical and market failures in human authentication on the web. In: 9th Workshop on the Economics of Information Security (WEIS 2010), Cambridge, MA, June 7-8 (2010), \n                    \n                      http:\/\/weis2010.econinfosec.org\/papers\/session3\/weis2010_bonneau.pdf\n                    \n                    \n                   (accessed January 2014)"},{"key":"24_CR3","unstructured":"Cheswick, B.: Rethinking passwords, Baltimore, MD. Presentation at the Solaris Security Summit (2014), \n                    \n                      http:\/\/www.cheswick.com\/ches\/talks\/baltimore.pdf\n                    \n                    \n                   (accessed January 2014)"},{"key":"24_CR4","first-page":"1","volume-title":"Proceedings of 29th IEEE Conference on Computer Communication (INFOCOM 2010)","author":"M. Dell\u2019Amico","year":"2010","unstructured":"Dell\u2019Amico, M., Michiardi, P., Roudier, Y.: Password strength: An empirical analysis. In: Proceedings of 29th IEEE Conference on Computer Communication (INFOCOM 2010), Mar 14-19, pp. 1\u20139. IEEE Press, San Diego (2010)"},{"issue":"5","key":"24_CR5","doi-asserted-by":"publisher","first-page":"84","DOI":"10.1109\/MIC.2008.108","volume":"12","author":"S. Farrell","year":"2008","unstructured":"Farrell, S.: Password policy purgatory. IEEE Internet Computing\u00a012(5), 84\u201387 (2008)","journal-title":"IEEE Internet Computing"},{"key":"24_CR6","doi-asserted-by":"crossref","unstructured":"Flor\u00eancio, D., Herley, C.: A large-scale study of web password habits. In: Proceedings of the 16th International World Wide Web Conference (WWW 2007), Banff, Alberta, May 8-12, pp. 657\u2013666 (2007)","DOI":"10.1145\/1242572.1242661"},{"key":"24_CR7","doi-asserted-by":"crossref","unstructured":"Flor\u00eancio, D., Herley, C.: Where do security policies come from? In. In: Proceedings of the 6th Symposium on Usable Privacy and Security (SOUPS 2010), Redmond, WA, July 14-16. ACM Press, New York (2010)","DOI":"10.1145\/1837110.1837124"},{"key":"24_CR8","doi-asserted-by":"publisher","first-page":"445","DOI":"10.1016\/j.cose.2007.09.001","volume":"26","author":"S. Furnell","year":"2007","unstructured":"Furnell, S.: An assessment of website password practices. Computers & Security\u00a026, 445\u2013451 (2007)","journal-title":"Computers & Security"},{"key":"24_CR9","first-page":"383","volume-title":"Proceedings of the 28th International Conference on Human Factors in Computer Systems","author":"G. Philip","year":"2010","unstructured":"Philip, G.: Inglesant and M. Angela Sasse. The true cost of unusable password policies: Password use in the wild. In: Proceedings of the 28th International Conference on Human Factors in Computer Systems, Atlanta, GA, April 10-15, pp. 383\u2013392. ACM Press, New York (2010)"},{"key":"24_CR10","volume-title":"Proceedings of the 6th Symposium on Usable Privacy and Security (SOUPS 2010)","author":"M. Johnson","year":"2010","unstructured":"Johnson, M., Karat, J., Karat, K.-M., Grueneberg, K.: Optimizing a policy authoring framework for security and privacy policies. In: Proceedings of the 6th Symposium on Usable Privacy and Security (SOUPS 2010), Redmond, WA, July 14-16, ACM Press, New York (2010)"},{"key":"24_CR11","doi-asserted-by":"crossref","unstructured":"Killourhy, K., Choong, Y.-Y., Theofanos, M.: Taxonomic rules for password policies: translating the informal to the formal language. National Institute of Standards and Technology, Gaithersburg, Maryland, NISTIR 7970 (December 2013)","DOI":"10.6028\/NIST.IR.7970"},{"key":"24_CR12","unstructured":"Klein, D.V.: Foiling the cracker; a survey of, and improvements to unix password security. In: Proceedings of the 2nd USENIX Security Symposium, Portland, OR, August 27-28, pp. 5\u201314. USENIX (1990)"},{"key":"24_CR13","first-page":"1","volume-title":"Proceedings of the New Security Paradigms Workshop (NSPW 2007)","author":"M. Mannan","year":"2007","unstructured":"Mannan, M., Oorschot, P.C.V.: Security and usability: The gap in real-world online banking. In: Proceedings of the New Security Paradigms Workshop (NSPW 2007), North Conway, NH, September 18-21, pp. 1\u201314. ACM Press, New York (2007)"},{"issue":"11","key":"24_CR14","doi-asserted-by":"publisher","first-page":"594","DOI":"10.1145\/359168.359172","volume":"22","author":"R. Morris","year":"1979","unstructured":"Morris, R., Thompson, K.: Password security: A case history. Communications of the ACM\u00a022(11), 594\u2013597 (1979)","journal-title":"Communications of the ACM"},{"key":"24_CR15","first-page":"46","volume-title":"Proceedings of the 2nd International Conference on Security of Information and Networks (SIN 2009)","author":"S.E. Parkin","year":"2009","unstructured":"Parkin, S.E., van Moorsel, A., Coles, R.: An information security ontology incorporating human-behavioural implications. In: Proceedings of the 2nd International Conference on Security of Information and Networks (SIN 2009), Famagusta, North Cyprus, October 6-10, pp. 46\u201355. ACM Press, New York (2009)"},{"key":"24_CR16","unstructured":"SANS Institute. SANS password policy (2006), \n                    \n                      http:\/\/www.sans.org\/security-resources\/policies\/Password_Policy.pdf\n                    \n                    \n                   (accessed January 2014)"},{"key":"24_CR17","unstructured":"Shay, R.J.K., Bhargav-Spantzel, A., Bertino, E.: Password policy simulation and analysis. In: Proceedings of the ACM Workshop on Digital Identity Management, Fairfax, VA, pp. 1\u201310. ACM Press, New York (November 2, 2007)"},{"key":"24_CR18","unstructured":"Spafford, G.: Security myths and passwords (2006), \n                    \n                      http:\/\/www.cerias.purdue.edu\/site\/blog\/post\/password-change-myths\/\n                    \n                    \n                   (accessed January 2014)"},{"key":"24_CR19","first-page":"1","volume-title":"Proceedings of the Winter International Symposium on Information and Communication Technologies","author":"C. Wayne","year":"2004","unstructured":"Wayne, C.: Summers and Edward Bosworth. Password policy: The good, the bad, and the ugly. In: Proceedings of the Winter International Symposium on Information and Communication Technologies, Cancun, Mexico, January 5-8, pp. 1\u20136. Trinity College, Dublin (2004)"},{"key":"24_CR20","unstructured":"Wu, T.: A real-world analysis of Kerberos password security. In: Proceedings of the ISOC Symposium on Network and Distributed System Security (NDSS 1999), San Diego, CA. Internet Society (1999)"},{"key":"24_CR21","doi-asserted-by":"crossref","unstructured":"Xu, W., Shehab, M., Ahn, G.-J.: Visualization based policy analysis: Case study in SELinux. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies (SACMAT 2008), Estes Park, Colorado, June 11\u201313, pp. 165\u2013174 (2008)","DOI":"10.1145\/1377836.1377863"}],"container-title":["Lecture Notes in Computer Science","Cross-Cultural Design"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-07308-8_24","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,2,22]],"date-time":"2020-02-22T23:13:09Z","timestamp":1582413189000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-07308-8_24"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783319073071","9783319073088"],"references-count":21,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-07308-8_24","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2014]]}}}