{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T12:50:21Z","timestamp":1742993421984,"version":"3.40.3"},"publisher-location":"Cham","reference-count":39,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319457437"},{"type":"electronic","value":"9783319457444"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-319-45744-4_4","type":"book-chapter","created":{"date-parts":[[2016,9,14]],"date-time":"2016-09-14T04:54:30Z","timestamp":1473828870000},"page":"69-90","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Comparing Password Ranking Algorithms on Real-World Password Datasets"],"prefix":"10.1007","author":[{"given":"Weining","family":"Yang","sequence":"first","affiliation":[]},{"given":"Ninghui","family":"Li","sequence":"additional","affiliation":[]},{"given":"Ian M.","family":"Molloy","sequence":"additional","affiliation":[]},{"given":"Youngja","family":"Park","sequence":"additional","affiliation":[]},{"given":"Suresh N.","family":"Chari","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2016,9,15]]},"reference":[{"key":"4_CR1","unstructured":"Passwords (2009). http:\/\/wiki.skullsecurity.org\/Passwords"},{"key":"4_CR2","unstructured":"CSDN cleartext passwords (2011). http:\/\/dazzlepod.com\/csdn\/"},{"key":"4_CR3","unstructured":"John the ripper password cracker (2014). http:\/\/www.openwall.com\/john\/"},{"issue":"12","key":"4_CR4","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1145\/322796.322806","volume":"42","author":"A Adams","year":"1999","unstructured":"Adams, A., Sasse, M.A.: Users are not the enemy. Commun. ACM 42(12), 40\u201346 (1999)","journal-title":"Commun. ACM"},{"key":"4_CR5","doi-asserted-by":"crossref","unstructured":"Bergadano, F., Crispo, B., Ruffo, G.: Proactive password checking with decision trees. In: Proceedings of the 4th ACM Conference on Computer and Communications Security, pp. 67\u201377 (1997)","DOI":"10.1145\/266420.266437"},{"key":"4_CR6","doi-asserted-by":"crossref","unstructured":"Bonneau, J.: The science of guessing: analyzing an anonymized corpus of 70 million passwords. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 538\u2013552 (2012)","DOI":"10.1109\/SP.2012.49"},{"issue":"7","key":"4_CR7","doi-asserted-by":"publisher","first-page":"78","DOI":"10.1145\/2699390","volume":"58","author":"J Bonneau","year":"2015","unstructured":"Bonneau, J., Herley, C., van Oorschot, P.C., Stajano, F.: Passwords and the evolution of imperfect authentication. Commun. ACM 58(7), 78\u201387 (2015)","journal-title":"Commun. ACM"},{"key":"4_CR8","unstructured":"Boztas, S.: Entropies, guessing, and cryptography. Technical report 6, Department of Mathematics, Royal Melbourne Institute of Technology (1999)"},{"key":"4_CR9","unstructured":"Brostoff, S., Sasse, M.A.: \u201cTen strikes and you\u2019re out\u201d: increasing the number of login attempts can improve password usability. In: Proceedings of the Human-computer Interaction Security Workshop (2003)"},{"key":"4_CR10","unstructured":"Burnett, M.: Today I am releasing ten million passwords (2015). https:\/\/xato.net\/passwords\/ten-million-passwords\/"},{"key":"4_CR11","doi-asserted-by":"crossref","unstructured":"Burr, W.E., Dodson, D.F., Polk, W.T.: Electronic authentication guideline. US Department of Commerce, Technology Administration, National Institute of Standards and Technology (2004)","DOI":"10.6028\/NIST.SP.800-63v1.0.1"},{"key":"4_CR12","unstructured":"Castelluccia, C., Chaabane, A., D\u00fcrmuth, M., Perito, D.: When privacy meets security: Leveraging personal information for password cracking. arXiv preprint arXiv:1304.6584 (2013)"},{"key":"4_CR13","unstructured":"Castelluccia, C., D\u00fcrmuth, M., Perito, D.: Adaptive password-strength meters from Markov models. In: Proceedings of the Network and Distributed System Security Symposium (2012)"},{"key":"4_CR14","doi-asserted-by":"crossref","unstructured":"de Carn\u00e9 de Carnavalet, X., Mannan, M.: From very weak to very strong: analyzing password-strength meters. In: Proceedings of the Network and Distributed System Security Symposium (2014)","DOI":"10.14722\/ndss.2014.23268"},{"key":"4_CR15","doi-asserted-by":"crossref","unstructured":"Dell\u2019Amico, M., Filippone, M.: Monte carlo strength evaluation: fast and reliable password checking. In: Proceedings of the 22nd ACM Conference on Computer and Communications Security, pp. 158\u2013169 (2015)","DOI":"10.1145\/2810103.2813631"},{"key":"4_CR16","doi-asserted-by":"crossref","unstructured":"Egelman, S., Sotirakopoulos, A., Muslukhov, I., Beznosov, K., Herley, C.: Does my password go up to eleven?: the impact of password meters on password selection. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2379\u20132388 (2013)","DOI":"10.1145\/2470654.2481329"},{"key":"4_CR17","unstructured":"Ester, M., Kriegel, H.-P., Sander, J., Xu, X.: A density-based algorithm for discovering clusters in large spatial databases with noise. In: Proceedings of the 2nd ACM Conference on Knowledge Discovery and Data Mining, vol. 96, pp. 226\u2013231 (1996)"},{"key":"4_CR18","doi-asserted-by":"crossref","unstructured":"Flor\u00eancio, D., Herley, C.: A large-scale study of web password habits. In: Proceedings of the 16th International Conference on World Wide Web, pp. 657\u2013666 (2007)","DOI":"10.1145\/1242572.1242661"},{"key":"4_CR19","doi-asserted-by":"crossref","unstructured":"Forget, A., Chiasson, S., van Oorschot, P.C., Biddle, R.: Improving text passwords through persuasion. In: Proceedings of the 4th Symposium on Usable Privacy and Security, pp. 1\u201312 (2008)","DOI":"10.1145\/1408664.1408666"},{"issue":"8","key":"4_CR20","doi-asserted-by":"publisher","first-page":"1649","DOI":"10.1002\/j.1538-7305.1984.tb00058.x","volume":"63","author":"FT Grampp","year":"1984","unstructured":"Grampp, F.T., Morris, R.H.: The unix system: unix operating system security. AT&T Bell Laboratories Tech. J. 63(8), 1649\u20131672 (1984)","journal-title":"AT&T Bell Laboratories Tech. J."},{"issue":"1","key":"4_CR21","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1109\/MSP.2011.150","volume":"10","author":"C Herley","year":"2012","unstructured":"Herley, C., van Oorschot, P.C.: A research agenda acknowledging the persistence of passwords. IEEE Secur. Priv. 10(1), 28\u201336 (2012)","journal-title":"IEEE Secur. Priv."},{"key":"4_CR22","doi-asserted-by":"crossref","unstructured":"Kelley, P.G., Komanduri, S., Mazurek, M.L., Shay, R., Vidas, T., Bauer, L., Christin, N., Cranor, L.F., Lopez, J.: Guess again (and again and again): measuring password strength by simulating password-cracking algorithms. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 523\u2013537(2012)","DOI":"10.21236\/ADA570747"},{"key":"4_CR23","unstructured":"Klein, D.V.: Foiling the cracker: a survey of, and improvements to, password security. In: Proceedings of the 2nd USENIX Security Workshop, pp. 5\u201314 (1990)"},{"key":"4_CR24","unstructured":"Komanduri, S., Shay, R., Cranor, L.F., Herley, C., Schechter, S.: Telepathwords: preventing weak passwords by reading users\u2019 minds. In: Proceedings of the 23rd USENIX Security Symposium, pp. 591\u2013606 (2014)"},{"key":"4_CR25","doi-asserted-by":"crossref","unstructured":"Komanduri, S., Shay, R., Kelley, P.G., Mazurek, M.L., Bauer, L., Christin, N., Cranor, L.F., Egelman, S.: Of passwords and people: measuring the effect of password-composition policies. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2595\u20132604 (2011)","DOI":"10.1145\/1978942.1979321"},{"key":"4_CR26","doi-asserted-by":"crossref","unstructured":"Ma, J., Yang, W., Luo, M., Li, N.: A study of probabilistic password models. In: IEEE Symposium on Security and Privacy (SP), pp. 689\u2013704. IEEE (2014)","DOI":"10.1109\/SP.2014.50"},{"issue":"4","key":"4_CR27","doi-asserted-by":"publisher","first-page":"191","DOI":"10.1016\/0020-0190(94)00032-8","volume":"50","author":"U Manber","year":"1994","unstructured":"Manber, U., Wu, S.: An algorithm for approximate membership checking with application to password security. Inf. Process. Lett. 50(4), 191\u2013197 (1994)","journal-title":"Inf. Process. Lett."},{"issue":"11","key":"4_CR28","doi-asserted-by":"publisher","first-page":"594","DOI":"10.1145\/359168.359172","volume":"22","author":"R Morris","year":"1979","unstructured":"Morris, R., Thompson, K.: Password security: a case history. Commun. ACM 22(11), 594\u2013597 (1979)","journal-title":"Commun. ACM"},{"key":"4_CR29","doi-asserted-by":"crossref","unstructured":"Narayanan, A., Shmatikov, V.: Fast dictionary attacks on passwords using time-space tradeoff. In Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 364\u2013372 (2005)","DOI":"10.1145\/1102120.1102168"},{"key":"4_CR30","unstructured":"Riley, S.: Password security: What users know and what they actually do. In: Chaparro, B.S. (ed.) Usability News, vol. 8 of 1, Software Usability Research Laboratory (SURL) at Wichita State University (2006)"},{"key":"4_CR31","unstructured":"Schechter, S., Herley, C., Mitzenmacher, M.: Popularity is everything: a new approach to protecting passwords from statistical-guessing attacks. In: Proceedings of the 5th USENIX Conference on Hot Topics in Security, pp. 1\u20138 (2010)"},{"issue":"3","key":"4_CR32","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1016\/0167-4048(92)90207-8","volume":"11","author":"EH Spafford","year":"1992","unstructured":"Spafford, E.H.: OPUS: preventing weak password choices. Comput. Secur. 11(3), 273\u2013278 (1992)","journal-title":"Comput. Secur."},{"key":"4_CR33","unstructured":"Ur, B., Kelley, P.G., Komanduri, S., Lee, J., Maass, M., Mazurek, M., Passaro, T., Shay, R., Vidas, T., Bauer, L., et al.: How does your password measure up? The effect of strength meters on password creation. In: Proceedings of the 21st USENIX Security Symposium, pp. 65\u201380 (2012)"},{"key":"4_CR34","unstructured":"Ur, B., Segreti, S.M., Bauer, L., Christin, N., Cranor, L.F., Komanduri, S., Kurilova, D., Mazurek, M.L., Melicher, W., Shay, R.: Measuring real-world accuracies and biases in modeling password guessability. In: Proceeding of the 24th USENIX Security Symposium, pp. 463\u2013481 (2015)"},{"key":"4_CR35","doi-asserted-by":"crossref","unstructured":"Veras, R., Collins, C., Thorpe, J.: On the semantic patterns of passwords and their security impact. In: Proceedings of the Network and Distributed System Security Symposium (2014)","DOI":"10.14722\/ndss.2014.23103"},{"key":"4_CR36","doi-asserted-by":"crossref","unstructured":"Weir, M., Aggarwal, S., Collins, M., Stern, H.: Testing metrics for password creation policies by attacking large sets of revealed passwords. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 162\u2013175 (2010)","DOI":"10.1145\/1866307.1866327"},{"key":"4_CR37","doi-asserted-by":"crossref","unstructured":"Weir, M., Aggarwal, S., de Medeiros, B., Glodek, B.: Password cracking using probabilistic context-free grammars. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 391\u2013405 (2009)","DOI":"10.1109\/SP.2009.8"},{"key":"4_CR38","unstructured":"Wheeler, D.: zxcvbn: realistic password strength estimation. Dropbox blog article (2012)"},{"key":"4_CR39","doi-asserted-by":"crossref","unstructured":"Yan, J.J.: A note on proactive password checking. In: Proceedings of the 2001 Workshop on New Security Paradigms, pp. 127\u2013135 (2001)","DOI":"10.1145\/508171.508194"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2016"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-45744-4_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,9,15]],"date-time":"2021-09-15T02:52:08Z","timestamp":1631674328000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-45744-4_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783319457437","9783319457444"],"references-count":39,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-45744-4_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2016]]},"assertion":[{"value":"15 September 2016","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Heraklion","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Greece","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2016","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 September 2016","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30 September 2016","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2016","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}