{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,30]],"date-time":"2025-05-30T04:06:26Z","timestamp":1748577986544,"version":"3.41.0"},"publisher-location":"Cham","reference-count":27,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319203751"},{"type":"electronic","value":"9783319203768"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-20376-8_11","type":"book-chapter","created":{"date-parts":[[2015,7,20]],"date-time":"2015-07-20T06:00:17Z","timestamp":1437372017000},"page":"119-130","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Password Policy Languages: Usable Translation from the Informal to the Formal"],"prefix":"10.1007","author":[{"given":"Michelle","family":"Steves","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mary","family":"Theofanos","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Celia","family":"Paulsen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Athos","family":"Ribeiro","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2015,7,21]]},"reference":[{"key":"11_CR1","doi-asserted-by":"crossref","unstructured":"Killourhy, K., Choong, Y., Theofanos, M.: Taxonomic rules for password policies: translating the informal to the formal language. Internal report 7970, National Institute of Standards and Technology, Gaithersburg, Maryland (2013)","DOI":"10.6028\/NIST.IR.7970"},{"key":"11_CR2","doi-asserted-by":"crossref","unstructured":"Michael, J.B., Ong, V.L., Rowe, N.C.: Natural-language processing support for developing policy-governed software systems. In: 39th IEEE International Conference and Exhibition on Technology of Object-Oriented Languages and Systems, pp. 263\u2013274. IEEE Press, New York (2001)","DOI":"10.1109\/TOOLS.2001.941679"},{"key":"11_CR3","doi-asserted-by":"crossref","unstructured":"Brodie, C., Karat, C.M., Karat, J., Feng, J.: Usable security and privacy: a case study of developing privacy management tools. In: ACM 2005 Symposium on Usable Privacy and Security, pp. 35\u201343. ACM Press, New York (2005)","DOI":"10.1145\/1073001.1073005"},{"key":"11_CR4","doi-asserted-by":"crossref","unstructured":"Brodie, C.A., Karat, C.M., Karat, J.: An empirical study of natural language parsing of privacy policy rules using the SPARCLE policy workbench. In: ACM 2006 Symposium on Usable Privacy and Security, pp. 8\u201319. ACM Press, New York (2006)","DOI":"10.1145\/1143120.1143123"},{"key":"11_CR5","doi-asserted-by":"crossref","unstructured":"Karat, C.M., Karat, J., Brodie, C., Feng, J.: Evaluating interfaces for privacy policy rule authoring. In: ACM 2006 SIGCHI Conference on Human Factors in Computing Systems, pp. 83\u201392. ACM Press, New York (2006)","DOI":"10.1145\/1124772.1124787"},{"key":"11_CR6","doi-asserted-by":"crossref","unstructured":"Breaux, T.D., Ant\u00f3n, A.I.: Deriving semantic models from privacy policies. In: Sixth IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 67\u201376. IEEE Press, New York (2005)","DOI":"10.1109\/POLICY.2005.12"},{"issue":"11","key":"11_CR7","doi-asserted-by":"publisher","first-page":"94","DOI":"10.1145\/359168.359172","volume":"22","author":"R Morris","year":"1979","unstructured":"Morris, R., Thompson, K.: Password security: a case history. Commun. ACM 22(11), 94\u2013597 (1979). ACM Press, New York","journal-title":"Commun. ACM"},{"key":"11_CR8","unstructured":"Klein, D.V.: Foiling the cracker: a survey of, and improvements to, password security. In: 2nd USENIX Security Workshop, pp. 5\u201314. USENIX, Berkeley (1990)"},{"key":"11_CR9","unstructured":"Wu, T. D.: A real-world analysis of kerberos password security. In: 1999 Network and Distributed Systems and Security Symposium. Internet Society (1999)"},{"key":"11_CR10","unstructured":"Florencio, D., Herley, C.: A large-scale study of web password habits. In: 16th ACM International Conference on World Wide Web, pp. 657\u2013666. ACM Press, New York, (2007)"},{"key":"11_CR11","doi-asserted-by":"crossref","unstructured":"Dell\u2019Amico, M., Michiardi, P., Roudier, Y.: Password strength: an empirical analysis. In: 30th IEEE INFOCOM, pp. 1\u20139. IEEE Press, New York (2010)","DOI":"10.1109\/INFCOM.2010.5461951"},{"key":"11_CR12","doi-asserted-by":"crossref","unstructured":"Mannan, M., van Oorschot, P.C.: Security and usability: the gap in real-world online banking. In: 2007 ACM Workshop on New Security Paradigms, pp. 1\u201314. ACM Press, New York (2008)","DOI":"10.1145\/1600176.1600178"},{"issue":"7","key":"11_CR13","doi-asserted-by":"publisher","first-page":"445","DOI":"10.1016\/j.cose.2007.09.001","volume":"26","author":"S Furnell","year":"2007","unstructured":"Furnell, S.: An assessment of website password practices. Comput. Secur. 26(7), 445\u2013451 (2007). Elsevier, Amsterdam","journal-title":"Comput. Secur."},{"key":"11_CR14","doi-asserted-by":"crossref","unstructured":"Inglesant, P. G., Sasse, M. A.: The true cost of unusable password policies: password use in the wild. In: SIGCHI 2010 Conference on Human Factors in Computing Systems, pp. 383\u2013392. ACM Press, New York (2010)","DOI":"10.1145\/1753326.1753384"},{"key":"11_CR15","doi-asserted-by":"crossref","unstructured":"Choong, Y.Y., Theofanos, M., Liu, H.K.: United States Federal Employees Password Management Behaviors a Department of Commerce Case Study. Internal report 7991, National Institute of Standards and Technology, Gaithersburg, Maryland (2014)","DOI":"10.6028\/NIST.IR.7991"},{"key":"11_CR16","unstructured":"Summers, W. C., Bosworth, E:. Password policy: the good, the bad, and the ugly. In: WISICT 2004, Winter International Symposium on Information and Communication Technologies, pp. 1\u20136. Trinity College, Dublin (2004)"},{"key":"11_CR17","unstructured":"Spafford, E: Security Myths and Passwords. In: CERIAS Blog, 19 April 2006. http:\/\/www.cerias.purdue.edu\/site\/blog\/post\/password-change-myths\/ . Accessed Feb 2015"},{"issue":"5","key":"11_CR18","doi-asserted-by":"publisher","first-page":"84","DOI":"10.1109\/MIC.2008.108","volume":"12","author":"S Farrell","year":"2008","unstructured":"Farrell, S.: Password policy purgatory. IEEE Internet Comput. 12(5), 84\u201387 (2008)","journal-title":"IEEE Internet Comput."},{"key":"11_CR19","unstructured":"Bonneau, J., Preibusch, S.: The password thicket: technical and market failures in human authentication on the web. In: 9th Workshop on the Economics of Information Security (2010). http:\/\/weis2010.econinfosec.org\/papers\/session3\/weis2010_bonneau.pdf . Accessed Feb 2015"},{"key":"11_CR20","doi-asserted-by":"crossref","unstructured":"Flor\u00eancio, D., Herley, C.: Where do security policies come from? In: 6th ACM Symposium on Usable Privacy and Security, article 10. ACM Press, New York. (2010)","DOI":"10.1145\/1837110.1837124"},{"key":"11_CR21","doi-asserted-by":"crossref","unstructured":"Komanduri, S., Shay, R., Kelley, P.G., Mazurek, M.L., Bauer, L., Christin, N., Egelman, S.: Of passwords and people: measuring the effect of password-composition policies. In: 2011 SIGCHI Conference on Human Factors in Computing Systems, pp. 2595\u20132604. ACM Press, New York (2011)","DOI":"10.1145\/1978942.1979321"},{"key":"11_CR22","doi-asserted-by":"crossref","unstructured":"Xu, W., Shehab, M., Ahn, G.J.: Visualization based policy analysis: case study in Selinux. In: 13th ACM Symposium on Access Control Models and Technologies, pp. 165\u2013174. ACM Press, New York (2008)","DOI":"10.1145\/1377836.1377863"},{"key":"11_CR23","doi-asserted-by":"crossref","unstructured":"Johnson, M., Karat, J., Karat, C.M., Grueneberg, K.: Optimizing a policy authoring framework for security and privacy policies. In: 6th ACM Symposium on Usable Privacy and Security, article 8. ACM Press, New York (2010)","DOI":"10.1145\/1837110.1837121"},{"key":"11_CR24","unstructured":"AlFayyadh, B., Thorsheim, P., J\u00f8sang, A., Klevjer, H.: Improving usability of password management with standardized password policies. In: 7eme Conf\u00e9rence sur la S\u00e9curit\u00e9 des Architectures R\u00e9seaux et Systemes d\u2019Information, 7th Conference on Network and Information Systems Security, SAR SSI 2012. https:\/\/sarssi2012.greyc.fr\/wp-content\/uploads\/SAR-SSI-2012_p38-45_AlFayyadh.pdf . Accessed Feb 2015"},{"key":"11_CR25","doi-asserted-by":"crossref","unstructured":"Shay, R., Bhargav-Spantzel, A., Bertino, E.: Password policy simulation and analysis. In: 2007 ACM Workshop on Digital Identity Management, pp. 1\u201310. ACM Press, New York (2007)","DOI":"10.1145\/1314403.1314405"},{"key":"11_CR26","doi-asserted-by":"crossref","unstructured":"Parkin, S.E., van Moorsel, A., Coles, R.: An Information security ontology incorporating human-behavioural implications. In: 2nd International Conference on Security of Information and Networks, pp. 46\u201355. ACM Press, New York (2009)","DOI":"10.1145\/1626195.1626209"},{"key":"11_CR27","unstructured":"What is plain language? http:\/\/www.plainlanguage.gov\/whatisPL\/ . Accessed on Feb 2015"}],"container-title":["Lecture Notes in Computer Science","Human Aspects of Information Security, Privacy, and Trust"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-20376-8_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,29]],"date-time":"2025-05-29T12:22:48Z","timestamp":1748521368000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-20376-8_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319203751","9783319203768"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-20376-8_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2015]]},"assertion":[{"value":"21 July 2015","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}