{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,29]],"date-time":"2025-11-29T07:51:36Z","timestamp":1764402696670,"version":"3.41.2"},"reference-count":18,"publisher":"Emerald","issue":"1","license":[{"start":{"date-parts":[[2016,3,14]],"date-time":"2016-03-14T00:00:00Z","timestamp":1457913600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016,3,14]]},"abstract":"Purpose<\/jats:title>\u2013 Passwords have been designed to protect individual privacy and security and widely used in almost every area of our life. The strength of passwords is therefore critical to the security of our systems. However, due to the explosion of user accounts and increasing complexity of password rules, users are struggling to find ways to make up sufficiently secure yet easy-to-remember passwords. This paper aims to investigate whether there are repetitive patterns when users choose passwords and how such behaviors may affect us to rethink password security policy.<\/jats:p><\/jats:sec>Design\/methodology\/approach<\/jats:title>\u2013 The authors develop a model to formalize the password repetitive problem and design efficient algorithms to analyze the repeat patterns. To help security practitioners to analyze patterns, the authors design and implement a lightweight, Web-based visualization tool for interactive exploration of password data.<\/jats:p><\/jats:sec>Findings<\/jats:title>\u2013 Through case studies on a real-world leaked password data set, the authors demonstrate how the tool can be used to identify various interesting patterns, e.g. shorter substrings of the same type used to make up longer strings, which are then repeated to make up the final passwords, suggesting that the length requirement of password policy does not necessarily increase security.<\/jats:p><\/jats:sec>Originality\/value<\/jats:title>\u2013 The contributions of this study are two-fold. First, the authors formalize the problem of password repetitive patterns by considering both short and long substrings and in both directions, which have not yet been considered in past. Efficient algorithms are developed and implemented that can analyze various repeat patterns quickly even in large data set. Second, the authors design and implement four novel visualization views that are particularly useful for exploration of password repeat patterns, i.e. the character frequency charts view, the short repeat heatmap view, the long repeat parallel coordinates view and the repeat word cloud view.<\/jats:p><\/jats:sec>","DOI":"10.1108\/ics-06-2015-0026","type":"journal-article","created":{"date-parts":[[2016,2,25]],"date-time":"2016-02-25T10:03:20Z","timestamp":1456394600000},"page":"93-115","source":"Crossref","is-referenced-by-count":9,"title":["User password repetitive patterns analysis and visualization"],"prefix":"10.1108","volume":"24","author":[{"given":"Xiaoying","family":"Yu","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Qi","family":"Liao","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","reference":[{"key":"key2020121703534496000_b1","doi-asserted-by":"crossref","unstructured":"Bonneau, J. (2012), \u201cThe science of guessing: analyzing an anonymized corpus of 70 million passwords\u201d, IEEE Symposium on Security and Privacy (SP) , San Francisco, CA, pp. 538-552.","DOI":"10.1109\/SP.2012.49"},{"key":"key2020121703534496000_b2","doi-asserted-by":"crossref","unstructured":"Bonneau, J. , Preibusch, S. and Anderson, R. (2012), \u201cA birthday present every eleven wallets? The security of customer-chosen banking pins\u201d, Financial Cryptography and Data Security , Springer, pp. 25-40.","DOI":"10.1007\/978-3-642-32946-3_3"},{"key":"key2020121703534496000_b3","doi-asserted-by":"crossref","unstructured":"Bostock, M. , Ogievetsky, V. and Heer, J. (2011), \u201c d3 data- driven documents\u201d, IEEE Transactions on Visualization and Computer Graphics , Vol. 17 No. 12, pp. 2301-2309.","DOI":"10.1109\/TVCG.2011.185"},{"key":"key2020121703534496000_b4","unstructured":"Chisnell, D. (2014), The Burden of Authentication: What Friction Points Reveal , WATCH Series , National Science Foundation."},{"key":"key2020121703534496000_b5","unstructured":"Chou, H.-C. , Lee, H.-C. , Hsueh, C.-W. and Lai, F.-P. (2012), \u201cPassword cracking based on special keyboard patterns\u201d, International Journal of Innovative Computing, Information and Control , Vol. 8 No. 1, pp. 387-402."},{"key":"key2020121703534496000_b6","unstructured":"Davis, D. , Monrose, F. and Reiter, M.K. (2004), \u201cOn user choice in graphical password schemes\u201d, Proceedings of the 13th Conference on USENIX Security Symposium (SSYM\u201904), San Diego, CA, pp. 151-164."},{"key":"key2020121703534496000_b7","doi-asserted-by":"crossref","unstructured":"Dell\u2019Amico, M. , Michiardi, P. and Roudier, Y. (2010), \u201cPassword strength: an empirical analysis\u201d, Proceedings of the IEEE Conference on Computer Communications (INFOCOM), San Diego, CA, pp. 1-9.","DOI":"10.1109\/INFCOM.2010.5461951"},{"key":"key2020121703534496000_b8","doi-asserted-by":"crossref","unstructured":"Florencio, D. and Herley, C. (2007), \u201cA large-scale study of web password habits\u201d, Proceedings of the 16th International Conference on World Wide Web, Banff, pp. 657-666.","DOI":"10.1145\/1242572.1242661"},{"key":"key2020121703534496000_b12","doi-asserted-by":"crossref","unstructured":"Klar, R. and Opitz, O. (1997), Classification and Knowledge Organization , Springer.","DOI":"10.1007\/978-3-642-59051-1"},{"key":"key2020121703534496000_b9","unstructured":"Lewand, R.E. (2000), Cryptological Mathematics , The Mathematical Association of America, p. 211, ISBN:978-0883857199."},{"key":"key2020121703534496000_b10","doi-asserted-by":"crossref","unstructured":"Morris, R. and Thompson, K. (1979), \u201cPassword security: a case history\u201d, Communications of the ACM , Vol. 22 No. 11, pp. 594-597.","DOI":"10.1145\/359168.359172"},{"key":"key2020121703534496000_b11","unstructured":"Perito, D. , Castelluccia, C. and Duermuth, M. (2012), \u201cAdaptive password strength meters from Markov models\u201d, 19th Network and Distributed Systems Security Symposium (NDSS\u201912 ), San Diego, CA."},{"key":"key2020121703534496000_b13","doi-asserted-by":"crossref","unstructured":"Schweitzer, D. , Boleng, J. , Hughes, C. and Murphy, L. (2009), \u201cVisualizing keyboard pattern passwords\u201d, 6th International Workshop on Visualization for Cyber Security (VizSec\u201909 ), Atlantic City, NJ, pp. 69-73.","DOI":"10.1109\/VIZSEC.2009.5375544"},{"key":"key2020121703534496000_b14","doi-asserted-by":"crossref","unstructured":"Shay, R. , Komanduri, S. , Durity, A.L. , Huh, P.S. , Mazurek, M.L. , Segreti, S.M. , Ur, B. , Bauer, L. , Christin, N. and Cranor, L.F. (2014), \u201cCan long passwords be secure and usable?\u201d, Proceedings of the 32nd Annual ACM Conference on Human Factors in Computing Systems, Toronto, pp. 2927-2936.","DOI":"10.1145\/2556288.2557377"},{"key":"key2020121703534496000_b22","unstructured":"Storkerson, P. (2010), \u201cNaturalistic cognition: a research paradigm for human-centered design\u201d, Journal of Re-search Practice , Vol. 6 No. 2."},{"key":"key2020121703534496000_b15","doi-asserted-by":"crossref","unstructured":"Veras, R. , Thorpe, J. and Collins, C. (2012), \u201cVisualizing semantics in passwords: the role of dates\u201d, Proceedings of the Ninth International Symposium on Visualization for Cyber Security (VizSec\u201912) , Seattle, WA, pp. 88-95.","DOI":"10.1145\/2379690.2379702"},{"key":"key2020121703534496000_b16","doi-asserted-by":"crossref","unstructured":"Weir, M. , Aggawal, S. , Collins, M. and Stern, H. (2010), \u201cTesting metrics for password creation policies by attacking large sets of revealed passwords\u201d, Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS\u201910), Chicago, IL, pp. 162-175.","DOI":"10.1145\/1866307.1866327"},{"key":"key2020121703534496000_b17","doi-asserted-by":"crossref","unstructured":"Zhang, Y. , Monrose, F. and Reiter, M.K. (2010), \u201cThe security of modern password expiration: an algorithmic framework and empirical analysis\u201d, Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS), Chicago, IL, pp. 176-186.","DOI":"10.1145\/1866307.1866328"}],"container-title":["Information & Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/ICS-06-2015-0026","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-06-2015-0026\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-06-2015-0026\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:22:58Z","timestamp":1753406578000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/24\/1\/93-115\/108771"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,3,14]]},"references-count":18,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2016,3,14]]}},"alternative-id":["10.1108\/ICS-06-2015-0026"],"URL":"https:\/\/doi.org\/10.1108\/ics-06-2015-0026","relation":{},"ISSN":["2056-4961"],"issn-type":[{"type":"print","value":"2056-4961"}],"subject":[],"published":{"date-parts":[[2016,3,14]]}}}