{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,7]],"date-time":"2026-07-07T15:45:14Z","timestamp":1783439114608,"version":"3.54.6"},"reference-count":58,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"11","license":[{"start":{"date-parts":[[2017,11,1]],"date-time":"2017-11-01T00:00:00Z","timestamp":1509494400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"}],"funder":[{"name":"National Key Research and Development Plan","award":["2016YFB0800603"],"award-info":[{"award-number":["2016YFB0800603"]}]},{"name":"National Key Research and Development Plan","award":["2017YFB1200704"],"award-info":[{"award-number":["2017YFB1200704"]}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61472016"],"award-info":[{"award-number":["61472016"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61472083"],"award-info":[{"award-number":["61472083"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2017,11]]},"DOI":"10.1109\/tifs.2017.2721359","type":"journal-article","created":{"date-parts":[[2017,6,28]],"date-time":"2017-06-28T18:08:36Z","timestamp":1498673316000},"page":"2776-2791","source":"Crossref","is-referenced-by-count":479,"title":["Zipf\u2019s Law in Passwords"],"prefix":"10.1109","volume":"12","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1667-2237","authenticated-orcid":false,"given":"Ding","family":"Wang","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Haibo","family":"Cheng","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Ping","family":"Wang","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Xinyi","family":"Huang","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Gaopeng","family":"Jian","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref39","author":"mick","year":"2014","journal-title":"Russian Hackers Compile List 10M+ Stolen Gmail Yandex Mailru"},{"key":"ref38","author":"dobra","year":"2011","journal-title":"Hacker Group LulzSec Leaks Battlefield Heroes Accounts Has Now Retired"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.50"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102168"},{"key":"ref31","author":"designer","year":"1996","journal-title":"John the Ripper Pro password cracker"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.8"},{"key":"ref37","author":"allan","year":"2009","journal-title":"32 million Rockyou passwords stolen"},{"key":"ref36","author":"constantin","year":"2009","journal-title":"Security Gurus 0wned by Black Hats"},{"key":"ref35","author":"martin","year":"2011","journal-title":"Amid Widespread Data Breaches in China"},{"key":"ref34","first-page":"463","article-title":"Measuring real-world accuracies and biases in modeling password guessability","author":"ur","year":"2015","journal-title":"Proc USENIX SEC"},{"key":"ref28","author":"bowes","year":"2015","journal-title":"Passwords"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1002\/acp.1014"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/359168.359172"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/2699390"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2004.81"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.49"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1016\/0167-4048(92)90207-8"},{"key":"ref21","first-page":"5","article-title":"Foiling the cracker: A survey of, and improvements to, password security","author":"klein","year":"1990","journal-title":"Proc USENIX SEC"},{"key":"ref24","first-page":"44","article-title":"An administrator&#x2019;s guide to Internet password research","author":"flor\u00eancio","year":"2014","journal-title":"Proc USENIX LISA"},{"key":"ref23","first-page":"1","article-title":"Who are you? A statistical approach to measuring user authenticity","author":"d\u00fcrmuth","year":"2016","journal-title":"Proc NDSS"},{"key":"ref26","first-page":"1","article-title":"Password strength: An empirical analysis","author":"dell\u2019amico","year":"2010","journal-title":"Proc INFOCOM"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2016.33"},{"key":"ref50","doi-asserted-by":"crossref","first-page":"313","DOI":"10.1080\/00031305.1986.10475424","article-title":"The effect of sample size on the meaning of significance tests","volume":"40","author":"royall","year":"1986","journal-title":"Amer Statist"},{"key":"ref51","first-page":"111","article-title":"On the implications of Zipf&#x2019;s law in passwords","author":"wang","year":"2016","journal-title":"Proc ESORICS"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1109\/AINA.2016.45"},{"key":"ref57","first-page":"1151","article-title":"An efficient algorithm to generate password sets based on samples","volume":"40","author":"han","year":"2017","journal-title":"Chin J Comput"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.34"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-46447-2_15"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-11212-1_17"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1145\/1613676.1613679"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.41"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/1978942.1979321"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866327"},{"key":"ref40","author":"schneier","year":"2006","journal-title":"Password Data Flirtlife de Compromises"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516726"},{"key":"ref13","first-page":"65","article-title":"How does your password measure up? the effect of strength meters on password creation","author":"ur","year":"2012","journal-title":"Proc USENIX SEC"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2013.110"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/1837110.1837124"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420966"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897880"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978354"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/2187836.2187878"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813622"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978339"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800-63-2"},{"key":"ref5","first-page":"1","article-title":"Popularity is everything: A new approach to protecting passwords from statistical-guessing attacks","author":"schechter","year":"2010","journal-title":"Proc HotSec"},{"key":"ref8","first-page":"456","article-title":"The emperor&#x2019;s new password creation policies","author":"wang","year":"2015","journal-title":"Proc ESORICS"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2016.60"},{"key":"ref49","author":"nolan","year":"2013","journal-title":"Study Guide for Essentials of Statistics for the Behavioral Sciences"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23268"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1080\/00107510500052444"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23103"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1038\/35019019"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1103\/PhysRevLett.101.218701"},{"key":"ref42","author":"johnston","year":"2013","journal-title":"Why Your Password Cant Have Symbols"},{"key":"ref41","first-page":"559","article-title":"A large-scale empirical analysis on Chinese Web passwords","author":"li","year":"2014","journal-title":"Proc USENIX SEC"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1137\/070710111"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1002\/asi.4630370105"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/10206\/7990663\/07961213.pdf?arnumber=7961213","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,20]],"date-time":"2025-06-20T05:40:59Z","timestamp":1750398059000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/7961213\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,11]]},"references-count":58,"journal-issue":{"issue":"11"},"URL":"https:\/\/doi.org\/10.1109\/tifs.2017.2721359","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"value":"1556-6013","type":"print"},{"value":"1556-6021","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,11]]}}}