{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,6]],"date-time":"2026-05-06T11:11:57Z","timestamp":1778065917344,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":26,"publisher":"ACM","license":[{"start":{"date-parts":[[2010,10,4]],"date-time":"2010-10-04T00:00:00Z","timestamp":1286150400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2010,10,4]]},"DOI":"10.1145\/1866307.1866327","type":"proceedings-article","created":{"date-parts":[[2010,10,5]],"date-time":"2010-10-05T14:38:23Z","timestamp":1286289503000},"page":"162-175","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":231,"title":["Testing metrics for password creation policies by attacking large sets of revealed passwords"],"prefix":"10.1145","author":[{"given":"Matt","family":"Weir","sequence":"first","affiliation":[{"name":"Florida State University, Tallahassee, FL, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sudhir","family":"Aggarwal","sequence":"additional","affiliation":[{"name":"Florida State University, Tallahassee, FL, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michael","family":"Collins","sequence":"additional","affiliation":[{"name":"Redjack LLC, Washington D.C., DC, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Henry","family":"Stern","sequence":"additional","affiliation":[{"name":"Cisco IronPort Systems, San Bruno, CA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2010,10,4]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Information Technology Laboratory","author":"Burr W.","year":"2006","unstructured":"}} W. Burr , D. Dodson , R. Perlner , W. Polk , S. Gupta , E. Nabbus , \" NIST Special Publication 800--63--1 Electronic Authentication Guideline\" , Computer Security Division , Information Technology Laboratory , National Institute of Standards and Technology , Gaithersburg, MD , April , 2006 }}W. Burr, D. Dodson, R. Perlner, W. Polk, S. Gupta, E. Nabbus, \"NIST Special Publication 800--63--1 Electronic Authentication Guideline\", Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology, Gaithersburg, MD, April, 2006"},{"key":"e_1_3_2_1_2_1","volume-title":"Presidential Directive 12\"","author":"Management Office","year":"2004","unstructured":"}} Office of Management and Budget, \"Draft Agency Implementation , Guidance for Homeland Security , Presidential Directive 12\" , August 2004 . }}Office of Management and Budget, \"Draft Agency Implementation, Guidance for Homeland Security, Presidential Directive 12\", August 2004."},{"key":"e_1_3_2_1_3_1","volume-title":"Information Technology Laboratory","author":"Bowen P.","unstructured":"}} P. Bowen , A. Johnson , J. Hash , C. Dancy Smith , D. Steinberg , \" NIST Special Publication 800--66 An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule\" , Computer Security Division , Information Technology Laboratory , National Institute of Standards and Technology , Gaithersburg, MD . }}P. Bowen, A. Johnson, J. Hash, C. Dancy Smith, D. Steinberg, \"NIST Special Publication 800--66 An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule\", Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology, Gaithersburg, MD."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1002\/j.1538-7305.1948.tb01338.x"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/1719030.1719050"},{"key":"e_1_3_2_1_6_1","unstructured":"}}A. Vance \"If Your Password is 123456 Just Make it HackMe\" New York Times January 20th 2010. Page A1.  }}A. Vance \"If Your Password is 123456 Just Make it HackMe\" New York Times January 20th 2010. Page A1."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/11967668_4"},{"key":"e_1_3_2_1_8_1","first-page":"329","volume-title":"Proc. 1994 IEEE International Symposium on Information Theory","author":"Massey J.L.","year":"1995","unstructured":"}} J.L. Massey , \" Guessing and Entropy ,\" Proc. 1994 IEEE International Symposium on Information Theory , 1995 , p. 329 . }}J.L. Massey, \"Guessing and Entropy,\" Proc. 1994 IEEE International Symposium on Information Theory, 1995, p.329."},{"key":"e_1_3_2_1_9_1","unstructured":"}}The OpenWall Group {Software} John the Ripper password cracker {Online Document} {cited 2--19--2010} Available HTTP http:\/\/www.openwall.com  }}The OpenWall Group {Software} John the Ripper password cracker {Online Document} {cited 2--19--2010} Available HTTP http:\/\/www.openwall.com"},{"key":"e_1_3_2_1_10_1","unstructured":"}}A list of popular password cracking wordlists 2005 {Online Document} {cited 2010 January 14} Available HTTP http:\/\/www.outpost9.com\/files\/WordLists.html  }}A list of popular password cracking wordlists 2005 {Online Document} {cited 2010 January 14} Available HTTP http:\/\/www.outpost9.com\/files\/WordLists.html"},{"key":"e_1_3_2_1_11_1","volume-title":"Defcon 17","author":"Weir M.","year":"2009","unstructured":"}} M. Weir and S. Aggarwal . \" Cracking 400,000 Passwords or How to Explain to Your Roommate why the Power-Bill is a Little High \", Defcon 17 , Las Vegas, NV , August 2009 }}M. Weir and S. Aggarwal. \"Cracking 400,000 Passwords or How to Explain to Your Roommate why the Power-Bill is a Little High\", Defcon 17, Las Vegas, NV, August 2009"},{"key":"e_1_3_2_1_12_1","unstructured":"}}J. Leversund \"The Password Meta Policy\" {Online Document} {cited 2010 April 16} Available HTTP http:\/\/securitynirvana.blogspot.com\/2010\/02\/password-meta-policy.html  }}J. Leversund \"The Password Meta Policy\" {Online Document} {cited 2010 April 16} Available HTTP http:\/\/securitynirvana.blogspot.com\/2010\/02\/password-meta-policy.html"},{"key":"e_1_3_2_1_13_1","volume-title":"Order Independent Pass-Phrases via the Damerau-Levenshtein String-Edit Distance Metric\" Fifth Australasian Symposium on ACSW Frontiers -","author":"Bard G.","year":"2007","unstructured":"}} G. Bard , \" Spelling-Error Tolerant , Order Independent Pass-Phrases via the Damerau-Levenshtein String-Edit Distance Metric\" Fifth Australasian Symposium on ACSW Frontiers - Volume 68 ( Ballarat , Australia, January 30 - February 02, 2007 ), 117--124. }}G. Bard, \"Spelling-Error Tolerant, Order Independent Pass-Phrases via the Damerau-Levenshtein String-Edit Distance Metric\" Fifth Australasian Symposium on ACSW Frontiers - Volume 68 (Ballarat, Australia, January 30 - February 02, 2007), 117--124."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1408664.1408666"},{"key":"e_1_3_2_1_15_1","unstructured":"}}B. Schneier \"Write Down Your Password\" June 17 2005 {Online Document} {cited 2010 April 16} Available HTTP http:\/\/www.schneier.com\/blog\/archives\/2005\/06\/write_down_your.html  }}B. Schneier \"Write Down Your Password\" June 17 2005 {Online Document} {cited 2010 April 16} Available HTTP http:\/\/www.schneier.com\/blog\/archives\/2005\/06\/write_down_your.html"},{"key":"e_1_3_2_1_16_1","unstructured":"}}Various Authors \"Faithwriters.com hacked message posts\" {Online Document} {cited 2010 April 16} Available HTTP http:\/\/forums.crosswalk.com\/m_4252083\/mpage_1\/tm.htm  }}Various Authors \"Faithwriters.com hacked message posts\" {Online Document} {cited 2010 April 16} Available HTTP http:\/\/forums.crosswalk.com\/m_4252083\/mpage_1\/tm.htm"},{"key":"e_1_3_2_1_17_1","unstructured":"}}B. Ryan \"The Hacking of the http:\/\/db.singles.org\" {Online Document} {cited 2010 April 16} Available HTTP http:\/\/msmvps.com\/blogs\/williamryan\/archive\/2009\/02\/22\/the-hacking-of-http-db-singles-org.aspx  }}B. Ryan \"The Hacking of the http:\/\/db.singles.org\" {Online Document} {cited 2010 April 16} Available HTTP http:\/\/msmvps.com\/blogs\/williamryan\/archive\/2009\/02\/22\/the-hacking-of-http-db-singles-org.aspx"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.8"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/359168.359172"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102168"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2004.81"},{"key":"e_1_3_2_1_22_1","unstructured":"}}T. Wu \"A real-world analysis of kerberos password security \" in 1999 Network and Distributed System Security Symposium February 1999.  }}T. Wu \"A real-world analysis of kerberos password security \" in 1999 Network and Distributed System Security Symposium February 1999."},{"key":"e_1_3_2_1_24_1","unstructured":"}}Sophos \"Security at risk as one third of surfers admit they use the same password for all websites\" {Online Document} {cited 2010 July 14} Available HTTP http:\/\/www.sophos.com\/pressoffice\/news\/articles\/2009\/03\/password-security.html  }}Sophos \"Security at risk as one third of surfers admit they use the same password for all websites\" {Online Document} {cited 2010 July 14} Available HTTP http:\/\/www.sophos.com\/pressoffice\/news\/articles\/2009\/03\/password-security.html"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1007\/11961635_3"},{"key":"e_1_3_2_1_26_1","volume-title":"The Ninth Workshop on the Economics of Information Security, WEIS","author":"Bonneau J.","year":"2010","unstructured":"}} J. Bonneau , S. Preibusch , \" The Password Thicket : Technical and Market Failures in Human Authentication on the Web \", The Ninth Workshop on the Economics of Information Security, WEIS 2010 . }}J. Bonneau, S. Preibusch, \"The Password Thicket: Technical and Market Failures in Human Authentication on the Web\", The Ninth Workshop on the Economics of Information Security, WEIS 2010."},{"key":"e_1_3_2_1_27_1","unstructured":"}}K. Zetter \"Weak Password Brings 'Happiness' to Twitter Hacker\" {Online Document} {cited 10'0 July 19} Available HTTP http:\/\/www.wired.com\/threatlevel\/2009\/01\/professed-twitt\/  }}K. Zetter \"Weak Password Brings 'Happiness' to Twitter Hacker\" {Online Document} {cited 10'0 July 19} Available HTTP http:\/\/www.wired.com\/threatlevel\/2009\/01\/professed-twitt\/"}],"event":{"name":"CCS '10: 17th ACM Conference on Computer and Communications Security 2010","location":"Chicago Illinois USA","acronym":"CCS '10","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 17th ACM conference on Computer and communications security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1866307.1866327","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1866307.1866327","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T12:09:06Z","timestamp":1750248546000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1866307.1866327"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010,10,4]]},"references-count":26,"alternative-id":["10.1145\/1866307.1866327","10.1145\/1866307"],"URL":"https:\/\/doi.org\/10.1145\/1866307.1866327","relation":{},"subject":[],"published":{"date-parts":[[2010,10,4]]},"assertion":[{"value":"2010-10-04","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}