{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,13]],"date-time":"2026-06-13T05:41:40Z","timestamp":1781329300199,"version":"3.54.1"},"reference-count":50,"publisher":"Springer Science and Business Media LLC","license":[{"start":{"date-parts":[[2022,8,27]],"date-time":"2022-08-27T00:00:00Z","timestamp":1661558400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,8,27]],"date-time":"2022-08-27T00:00:00Z","timestamp":1661558400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Inf Syst Front"],"DOI":"10.1007\/s10796-022-10325-x","type":"journal-article","created":{"date-parts":[[2022,8,27]],"date-time":"2022-08-27T08:02:35Z","timestamp":1661587355000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["Password and Passphrase Guessing with Recurrent Neural Networks"],"prefix":"10.1007","author":[{"given":"Alex","family":"Nosenko","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7176-3951","authenticated-orcid":false,"given":"Yuan","family":"Cheng","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Haiquan","family":"Chen","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2022,8,27]]},"reference":[{"key":"10325_CR1","doi-asserted-by":"crossref","unstructured":"Blanchard, N.K., Malaingre, C., & Selker, T. (2018). Improving security and usability of passphrases with guided word choice. In 34th annual computer security applications conference (pp. 723\u2013732)","DOI":"10.1145\/3274694.3274734"},{"key":"10325_CR2","doi-asserted-by":"crossref","unstructured":"Bonneau, J., & Shutova, E. (2012). Linguistic properties of multi-word passphrases. In International conference on financial cryptography and data security (pp. 1\u201312). Springer","DOI":"10.1007\/978-3-642-34638-5_1"},{"key":"10325_CR3","unstructured":"Brostoff, S., & Sasse, M.A. (2003). Ten strikes and you\u2019re out\u201d: Increasing the number of login attempts can improve password usability. In CHI 2003 workshop on human-computer interaction and security systems"},{"key":"10325_CR4","doi-asserted-by":"crossref","unstructured":"Burr, W., Dodson, D., Perlner, R., Gupta, S., & Nabbus, E. (2013). NIST SP800-63-2: Electronic authentication guideline. Technical report, National Institute of Standards and Technology, Reston, VA","DOI":"10.6028\/NIST.SP.800-63-2"},{"key":"10325_CR5","doi-asserted-by":"crossref","unstructured":"Cho, K., Van\u00a0Merri\u00ebnboer, B., Bahdanau, D., & Bengio, Y. (2014). On the properties of neural machine translation: Encoder-decoder approaches. arXiv:1409.1259","DOI":"10.3115\/v1\/W14-4012"},{"key":"10325_CR6","doi-asserted-by":"crossref","unstructured":"Das, A., Bonneau, J., Caesar, M., Borisov, N., & Wang, X. (2014). The tangled web of password reuse. In: NDSS (Vol. 14, pp. 23\u201326)","DOI":"10.14722\/ndss.2014.23357"},{"issue":"2","key":"10325_CR7","doi-asserted-by":"publisher","first-page":"159","DOI":"10.1075\/ijcl.14.2.02dav","volume":"14","author":"M Davies","year":"2009","unstructured":"Davies, M. (2009). The 385+ million word corpus of contemporary American English (1990\u20132008+): Design, architecture, and linguistic insights. International Journal of Corpus Linguistics, 14(2), 159\u2013190.","journal-title":"International Journal of Corpus Linguistics"},{"key":"10325_CR8","doi-asserted-by":"crossref","unstructured":"Florencio, D., & Herley, C. (2007). A large-scale study of web password habits. In 16th International conference on World Wide Web (pp. 657\u2013666)","DOI":"10.1145\/1242572.1242661"},{"key":"10325_CR9","doi-asserted-by":"crossref","unstructured":"Fu, C., Duan, M., Dai, X., Wei, Q., Wu, Q., & Zhou, R. (2021). Densegan: A password guessing model based on densenet and passgan. In International conference on information security practice and experience (pp. 296\u2013305). Springer","DOI":"10.1007\/978-3-030-93206-0_18"},{"key":"10325_CR10","doi-asserted-by":"crossref","unstructured":"Grassi, P. A., Garcia, M. E., & Fenton, J. L. (2017). DRAFT NIST SP800-63-3 digital identity guidelines. Technical report, National Institute of Standards and Technology, Los Altos, CA","DOI":"10.6028\/NIST.SP.800-63-3"},{"key":"10325_CR11","doi-asserted-by":"publisher","first-page":"451","DOI":"10.1109\/TIFS.2020.3003696","volume":"16","author":"W Han","year":"2020","unstructured":"Han, W., Xu, M., Zhang, J., Wang, C., Zhang, K., & Wang, X. S. (2020). TransPCFG: transferring the grammars from short passwords to guess long passwords effectively. IEEE Transactions on Information Forensics and Security, 16, 451\u2013465.","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"10325_CR12","doi-asserted-by":"crossref","unstructured":"Haque, S.T., Wright, M., & Scielzo, S. (2013). A study of user password strategy for multiple accounts. In 3rd ACM conference on data and application security and privacy (pp. 173\u2013176)","DOI":"10.1145\/2435349.2435373"},{"key":"10325_CR13","unstructured":"Hardeniya, N. (2015). NLTK Essentials, p. 28. Packt Publishing Ltd"},{"key":"10325_CR14","doi-asserted-by":"crossref","unstructured":"Hitaj, B., Gasti, P., Ateniese, G., & Perez-Cruz, F. (2019). Passgan: A deep learning approach for password guessing. In International conference on applied cryptography and network security (pp. 217\u2013237). Springer","DOI":"10.1007\/978-3-030-21568-2_11"},{"issue":"8","key":"10325_CR15","doi-asserted-by":"publisher","first-page":"1735","DOI":"10.1162\/neco.1997.9.8.1735","volume":"9","author":"S Hochreiter","year":"1997","unstructured":"Hochreiter, S., & Schmidhuber, J. (1997). Long short-term memory. Neural Computation, 9(8), 1735\u20131780.","journal-title":"Neural Computation"},{"key":"10325_CR16","unstructured":"Huth, A., Orlando, M., & Pesante, L. (2012). Password security, protection, and management. United States Computer Emergency Readiness Team"},{"key":"10325_CR17","doi-asserted-by":"crossref","unstructured":"Joudaki, Z., Thorpe, J., & Martin, M.V. (2018). Reinforcing system-assigned passphrases through implicit learning. In 2018 ACM conference on computer and communications security (pp. 1533\u20131548)","DOI":"10.1145\/3243734.3243764"},{"key":"10325_CR18","unstructured":"Keith, M., Shao, B., & Steinbart, P. (2005). The effectiveness and usability of passphrases for authentication. In 11th Americas conference on information systems (pp. 3354\u20133357)"},{"key":"10325_CR19","unstructured":"Kingma, D.P., & Ba, J. (2014). Adam: A method for stochastic optimization. arXiv:1412.6980"},{"key":"10325_CR20","doi-asserted-by":"crossref","unstructured":"Kouretas, I., & Paliouras, V. (2019). Simplified hardware implementation of the softmax activation function. In 2019 8th international conference on modern circuits and systems technologies (MOCAST) (pp. 1\u20134). IEEE","DOI":"10.1109\/MOCAST.2019.8741677"},{"key":"10325_CR21","doi-asserted-by":"crossref","unstructured":"Kuo, C., Romanosky, S., & Cranor, L.F. (2006). Human selection of mnemonic phrase-based passwords. In Second symposium on usable privacy and security (SOUPS) (pp. 67\u201378)","DOI":"10.1145\/1143120.1143129"},{"issue":"2\u20134","key":"10325_CR22","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1145\/1058406.1058408","volume":"3","author":"SA Kurzban","year":"1985","unstructured":"Kurzban, S. A. (1985). Easily remembered passphrases: a better approach. ACM SIGSAC Review, 3(2\u20134), 10\u201321.","journal-title":"ACM SIGSAC Review"},{"key":"10325_CR23","unstructured":"Labrande, H. (2015). Crack me I\u2019m famous: cracking weak passphrases using publicly-available sources. In 2015 Information and Communications Technology Security Symposium (SSTIC) (pp. 479\u2013484)."},{"key":"10325_CR24","doi-asserted-by":"crossref","unstructured":"Li, H., Chen, M., Yan, S., Jia, C., & Li, Z. (2019). Password guessing via neural language modeling. In Proceedings of the international conference on machine learning for cyber security (pp. 78\u201393). Springer","DOI":"10.1007\/978-3-030-30619-9_7"},{"key":"10325_CR25","doi-asserted-by":"crossref","unstructured":"Liu, Y., Xia, Z., Yi, P., Yao, Y., Xie, T., Wang, W., & Zhu, T. (2018). GENPass: A general deep learning model for password guessing with PCFG rules and adversarial generation. In 2018 IEEE International Conference on Communications (ICC) (pp. 1\u20136). IEEE","DOI":"10.1109\/ICC.2018.8422243"},{"key":"10325_CR26","unstructured":"Melicher, W., Ur, B., Segreti, S.M., Komanduri, S., Bauer, L., Christin, N., & Cranor, L.F. (2016). Fast, lean, and accurate: Modeling password guessability using neural networks. In 25th USENIX security symposium (pp. 175\u2013191)"},{"key":"10325_CR27","doi-asserted-by":"crossref","unstructured":"Murray, H., & Malone, D. (2018). Exploring the impact of password dataset distribution on guessing. In: 2018 16th annual conference on privacy, security and trust (PST) (pp. 1\u20138). IEEE","DOI":"10.1109\/PST.2018.8514194"},{"key":"10325_CR28","doi-asserted-by":"crossref","unstructured":"Narayanan, A., & Shmatikov, V. (2005). Fast dictionary attacks on passwords using time-space tradeoff. In 12th ACM conference on computer and communications security (pp. 364\u2013372)","DOI":"10.1145\/1102120.1102168"},{"key":"10325_CR29","doi-asserted-by":"crossref","unstructured":"Nosenko, A., Cheng, Y., & Chen, H. (2021). Learning password modification patterns with recurrent neural networks. In International conference on secure knowledge management in artificial intelligence era (pp. 110\u2013129). Springer","DOI":"10.1007\/978-3-030-97532-6_7"},{"key":"10325_CR30","unstructured":"Notoatmodjo, G., & Thomborson, C. (2009). Passwords and perceptions. In: Seventh Australasian conference on information security (pp. 71\u201378)"},{"key":"10325_CR31","doi-asserted-by":"crossref","unstructured":"Pasquini, D., Gangwal, A., Ateniese, G., Bernaschi, M., & Conti, M. (2021). Improving password guessing via representation learning. In 2021 42nd IEEE symposium on security and privacy (pp. 1382\u20131399). IEEE","DOI":"10.1109\/SP40001.2021.00016"},{"key":"10325_CR32","doi-asserted-by":"crossref","unstructured":"Pennington, J., Socher, R., & Manning, C.D. (2014). Glove: Global vectors for word representation. In 2014 conference on empirical methods in natural language processing (EMNLP) (pp. 1532\u20131543)","DOI":"10.3115\/v1\/D14-1162"},{"issue":"8","key":"10325_CR33","first-page":"9","volume":"1","author":"A Radford","year":"2019","unstructured":"Radford, A., Wu, J., Child, R., Luan, D., Amodei, D., Sutskever, I., et al. (2019). Language models are unsupervised multitask learners. OpenAI blog, 1(8), 9.","journal-title":"OpenAI blog"},{"key":"10325_CR34","doi-asserted-by":"crossref","unstructured":"Rao, A., Jha, B., & Kini, G. (2013). Effect of grammar on security of long passwords. In Third ACM conference on data and application security and privacy (pp. 317\u2013324)","DOI":"10.1145\/2435349.2435395"},{"key":"10325_CR35","unstructured":"Rawlings, R. (2020). Password Habits in the US and the UK: This Is What We Found.https:\/\/nordpass.com\/blog\/password-habits-statistics\/. Accessed 26 July 2022."},{"issue":"6","key":"10325_CR36","doi-asserted-by":"publisher","first-page":"661","DOI":"10.1016\/0167-9473(95)00032-1","volume":"21","author":"M Schumacher","year":"1996","unstructured":"Schumacher, M., Ro\u00dfner, R., & Vach, W. (1996). Neural networks and logistic regression: Part I. Computational Statistics & Data Analysis, 21(6), 661\u2013682.","journal-title":"Computational Statistics & Data Analysis"},{"key":"10325_CR37","unstructured":"Sparell, P., & Simovits, M. (2016). Linguistic cracking of passphrases using Markov chains. Cryptology ePrint Archive"},{"key":"10325_CR38","unstructured":"Stobert, E., & Biddle, R. (2014). The password life cycle: user behaviour in managing passwords. In: 10th symposium on usable privacy and security (SOUPS) (pp. 243\u2013255)"},{"key":"10325_CR39","unstructured":"Vaswani, A., Shazeer, N., Parmar, N., Uszkoreit, J., Jones, L., Gomez, A.N., Kaiser, \u0141., & Polosukhin, I (2017). Attention is all you need. Advances in Neural Information Processing Systems, 30"},{"key":"10325_CR40","doi-asserted-by":"crossref","unstructured":"Von\u00a0Zezschwitz, E., De\u00a0Luca, A., & Hussmann, H. (2013). Survival of the shortest: A retrospective analysis of influencing factors on password composition. In IFIP Conference on Human-Computer Interaction (pp. 460\u2013467). Springer","DOI":"10.1007\/978-3-642-40477-1_28"},{"key":"10325_CR41","doi-asserted-by":"crossref","unstructured":"Walia, K.S., Shenoy, S., & Cheng, Y. (2020). An empirical analysis on the usability and security of passwords. In 2020 21st IEEE international conference on information reuse and integration for data science (IRI) (pp. 1\u20138). IEEE","DOI":"10.1109\/IRI49571.2020.00009"},{"key":"10325_CR42","doi-asserted-by":"crossref","unstructured":"Wang, C., Jan, S.T., Hu, H., Bossart, D., & Wang, G. (2018). The next domino to fall: Empirical analysis of user passwords across online services. In 8th ACM conference on data and application security and privacy (pp. 196\u2013203)","DOI":"10.1145\/3176258.3176332"},{"key":"10325_CR43","doi-asserted-by":"crossref","unstructured":"Wang, D., Zhang, Z., Wang, P., Yan, J., & Huang, X. (2016). Targeted online password guessing: An underestimated threat. In 2016 ACM conference on computer and communications security (pp. 1242\u20131254)","DOI":"10.1145\/2976749.2978339"},{"key":"10325_CR44","doi-asserted-by":"crossref","unstructured":"Weir, M., Aggarwal, S., De\u00a0Medeiros, B., & Glodek, B. (2009). Password cracking using probabilistic context-free grammars. In 2009 30th IEEE symposium on security and privacy (pp. 391\u2013405). IEEE","DOI":"10.1109\/SP.2009.8"},{"key":"10325_CR45","unstructured":"Woo, S.S., & Mirkovic, J. (2016). Improving recall and security of passphrases through use of mnemonics. In 10th International conference on passwords"},{"key":"10325_CR46","doi-asserted-by":"crossref","unstructured":"Xie, Z., Zhang, M., Yin, A., & Li, Z. (2020). A new targeted password guessing model. In Australasian conference on information security and privacy (pp. 350\u2013368). Springer","DOI":"10.1007\/978-3-030-55304-3_18"},{"key":"10325_CR47","doi-asserted-by":"crossref","unstructured":"Xu, M., Wang, C., Yu, J., Zhang, J., Zhang, K., & Han, W. (2021). Chunk-level password guessing: Towards modeling refined password composition representations. In 2021 ACM conference on computer and communications security (pp. 5\u201320)","DOI":"10.1145\/3460120.3484743"},{"key":"10325_CR48","doi-asserted-by":"publisher","first-page":"51522","DOI":"10.1109\/ACCESS.2019.2909919","volume":"7","author":"G Xu","year":"2019","unstructured":"Xu, G., Meng, Y., Qiu, X., Yu, Z., & Wu, X. (2019). Sentiment analysis of comment texts based on BiLSTM. IEEE Access, 7, 51522\u201351532.","journal-title":"IEEE Access"},{"key":"10325_CR49","doi-asserted-by":"crossref","unstructured":"Yoo, J.Y., Morris, J.X., Lifland, E., & Qi, Y. (2020). Searching for a search method: Benchmarking search algorithms for generating NLP adversarial examples. arXiv:2009.06368","DOI":"10.18653\/v1\/2020.blackboxnlp-1.30"},{"key":"10325_CR50","doi-asserted-by":"crossref","unstructured":"Zhang, Y., Monrose, F., & Reiter, M.K. (2010). The security of modern password expiration: An algorithmic framework and empirical analysis. In 17th ACM conference on computer and communications security (pp. 176\u2013186)","DOI":"10.1145\/1866307.1866328"}],"container-title":["Information Systems Frontiers"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-022-10325-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10796-022-10325-x\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-022-10325-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,8,27]],"date-time":"2022-08-27T08:21:12Z","timestamp":1661588472000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10796-022-10325-x"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,8,27]]},"references-count":50,"alternative-id":["10325"],"URL":"https:\/\/doi.org\/10.1007\/s10796-022-10325-x","relation":{},"ISSN":["1387-3326","1572-9419"],"issn-type":[{"value":"1387-3326","type":"print"},{"value":"1572-9419","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,8,27]]},"assertion":[{"value":"12 August 2022","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"27 August 2022","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"A preliminary version of this article was presented at SKM \u201921 (Nosenko et\u00a0al., ).","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors have no relevant financial or non-financial interests to declare that are relevant to the content of this manuscript.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Financial and non-financial interests"}}]}}