{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T04:57:39Z","timestamp":1755838659099,"version":"3.28.0"},"reference-count":72,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017,8]]},"DOI":"10.1109\/issa.2017.8251779","type":"proceedings-article","created":{"date-parts":[[2018,1,11]],"date-time":"2018-01-11T18:33:18Z","timestamp":1515695598000},"page":"1-9","source":"Crossref","is-referenced-by-count":6,"title":["Enriched nudges lead to stronger password replacements \u2026 but implement mindfully"],"prefix":"10.1109","author":[{"given":"Karen","family":"Renaud","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Verena","family":"Zimmerman","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref72","first-page":"65","article-title":"How does your password measure up? the effect of strength meters on password creation","author":"ur","year":"2012","journal-title":"Presented as part of the 21st USENIX Security Symposium (USENIX Security 12)"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2013.196"},{"journal-title":"Influencing user password choice through peer pressure","year":"2011","author":"sotirakopoulos","key":"ref70"},{"key":"ref39","doi-asserted-by":"crossref","first-page":"356","DOI":"10.1007\/s10602-008-9056-2","article-title":"Nudge: Improving decisions about health, wealth, and happiness","volume":"19","author":"thaler","year":"2008","journal-title":"Constitutional Political Economy"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-03549-4_14"},{"key":"ref33","doi-asserted-by":"crossref","DOI":"10.4324\/9780203781203","author":"breznitz","year":"2013","journal-title":"Cry Wolf The Psychology of False Alarms"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/2501604.2501610"},{"journal-title":"Managing password expiry","year":"2015","author":"schneider","key":"ref31"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/CCST.2005.1594817"},{"key":"ref37","article-title":"Multi-channel, multi-level authentication for more secure ebanking","author":"al fairuz","year":"2010","journal-title":"Inf Security for South Africa Conf Johannesburg South Africa"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2011.02.004"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1016\/S1353-4858(16)30037-X"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/WIOPT.2005.42"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1136\/bmj.d2177"},{"journal-title":"Aiding information security decisions with human factors using quantitative and qualitative techniques","year":"2016","author":"turland","key":"ref62"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1136\/bmj.d2168"},{"journal-title":"Inside the Nudge Unit How small changes can make a big difference","year":"2015","author":"halpern","key":"ref63"},{"key":"ref28","first-page":"297","article-title":"Phishing, SMiShing & Vishing: an assessment of threats against mobile devices","volume":"5","author":"yeboah-boateng","year":"2014","journal-title":"Journal of Emerging Trends in Computing and Information Sciences"},{"key":"ref64","article-title":"Nudging whom how: It proficiency, impulse control and secure behaviour","author":"jeske","year":"2014","journal-title":"Personalizing Behavior Change Technologies CHI Workshop"},{"key":"ref27","doi-asserted-by":"crossref","first-page":"216","DOI":"10.18510\/ijsrtm.2015.312","article-title":"Phishing: An evolving threat","volume":"3","author":"shah","year":"2015","journal-title":"International Journal of Students' Research in Technology & Management"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1016\/j.peva.2016.01.003"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40477-1_5"},{"journal-title":"The Cuckoo's Egg Tracking a Spy Through the Maze of Computer Espionage","year":"2005","author":"stoll","key":"ref29"},{"key":"ref67","article-title":"Nudging users towards privacy on mobile devices","author":"balebako","year":"2011","journal-title":"Proc CHI 2011 Workshop on Persuasion Nudge Influence and Coercion"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1145\/2702123.2702210"},{"journal-title":"A large-scale evaluation of high-impact password strength meters","year":"2014","author":"de carn\u00e9 de carnavalet","key":"ref69"},{"key":"ref2","article-title":"Preventing weak password choices","author":"spafford","year":"1991","journal-title":"Computer Science Technical Reports Tech Rep Paper 875"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1016\/0167-4048(92)90207-8"},{"journal-title":"Password expiration policy best practices","year":"2016","author":"osper","key":"ref20"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/49.223865"},{"key":"ref21","article-title":"Smartphone owners need security advice. how can we ensure they get it?","author":"renaud","year":"2016","journal-title":"International Conference on Information Resources Management (Conf-IRM)"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/1143120.1143128"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.49"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/1526709.1526838"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/1408664.1408680"},{"key":"ref50","first-page":"769","article-title":"Choice and utility","author":"kelman","year":"1979","journal-title":"Wisconsin Law Review"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1177\/0013916511404408"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1080\/15265161.2011.634489"},{"journal-title":"Memorandum to the Heads of Executive Departments and Agencies Implementation Guidance for Executive Order 13707 Using Behavioral Science Insights to Better Serve the American People","year":"0","author":"holden","key":"ref58"},{"journal-title":"Who We Are","year":"0","key":"ref57"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1016\/j.intcom.2011.03.007"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1145\/1837110.1837113"},{"key":"ref54","article-title":"Understanding password choices: How frequently entered passwords are re-used across websites","author":"wash","year":"2016","journal-title":"Symposium On Usable Privacy and Security (SOUPS)"},{"key":"ref53","article-title":"zxcvbn: Low-budget password strength estimation","author":"wheeler","year":"2016","journal-title":"USENIX Conference 2016 Vancouver USENIX"},{"journal-title":"Information Overload a System for Better Managing Everyday Data","year":"2010","author":"pijpers","key":"ref52"},{"journal-title":"Time to rethink mandatory password changes","year":"2016","author":"cranor","key":"ref10"},{"journal-title":"Mandatory password changes - not as secure as you think","year":"2016","author":"hickey","key":"ref11"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1371\/journal.pone.0082055"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800-63b"},{"key":"ref13","first-page":"33","article-title":"'Technology Should Be Smarter Than This!’: A Vision for Overcoming the Great Authentication Fatigue","author":"sasse","year":"2013","journal-title":"Secure Data Management Workshop"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/1753326.1753384"},{"key":"ref15","first-page":"1","article-title":"Password policy: the good, the bad, and the ugly","author":"summers","year":"2004","journal-title":"Proceedings of the Winter International Symposium on Information and Communication Technologies"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.157"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2006.3"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/1719030.1719050"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/2699390"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866328"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1007\/s10623-015-0071-9"},{"journal-title":"Password Protection Policy","year":"0","key":"ref6"},{"journal-title":"Unix System Security A Guide for Users and System Administrators","year":"1992","author":"curry","key":"ref5"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.150"},{"key":"ref7","doi-asserted-by":"crossref","first-page":"50:50","DOI":"10.1145\/2405116.2422416","article-title":"Rethinking passwords","volume":"10","author":"cheswick","year":"2012","journal-title":"Queue"},{"key":"ref49","article-title":"The theory of Political Economy","author":"jevons","year":"1879","journal-title":"The Macmillan Company"},{"key":"ref9","first-page":"18","article-title":"Best practices and worst assumptions","author":"bishop","year":"2005","journal-title":"Proceedings of the 2005 Colloquium on Information Systems Security Education (CISSE) pp"},{"journal-title":"Variable expiration of passwords","year":"0","author":"walters","key":"ref46"},{"key":"ref45","article-title":"Influencing Self-Selected Passwords Through Suggestions and the Decoy Effect","author":"tobias","year":"2016","journal-title":"EuroUSEC Darmtsadt Internet Society"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1080\/01449290903121386"},{"journal-title":"User policy manageable strength-based password aging","year":"2013","author":"childress","key":"ref47"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1108\/IMCS-12-2012-0072"},{"key":"ref41","first-page":"37","article-title":"Of men and mackerels: Attention, subjective experience, and automatic social behavior","author":"dijksterhuis","year":"2000","journal-title":"The Message Within The Role of Subjective Experience in Social Cognition and Behavior"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1177\/004728759503400106"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1145\/2470654.2481329"}],"event":{"name":"2017 Information Security for South Africa (ISSA)","start":{"date-parts":[[2017,8,16]]},"location":"Johannesburg","end":{"date-parts":[[2017,8,17]]}},"container-title":["2017 Information Security for South Africa (ISSA)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8240063\/8251762\/08251779.pdf?arnumber=8251779","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,8,12]],"date-time":"2022-08-12T04:53:12Z","timestamp":1660279992000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/8251779\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,8]]},"references-count":72,"URL":"https:\/\/doi.org\/10.1109\/issa.2017.8251779","relation":{},"subject":[],"published":{"date-parts":[[2017,8]]}}}