{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T12:17:08Z","timestamp":1763468228915,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":67,"publisher":"ACM","license":[{"start":{"date-parts":[[2015,3,2]],"date-time":"2015-03-02T00:00:00Z","timestamp":1425254400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001729","name":"Vetenskapsr\u00e5det","doi-asserted-by":"publisher","award":["ProSecuToR, WebSand, B-CCENTRE","NESSoS"],"award-info":[{"award-number":["ProSecuToR, WebSand, B-CCENTRE","NESSoS"]}],"id":[{"id":"10.13039\/501100001729","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004040","name":"Vetenskapsr\u00e5det","doi-asserted-by":"publisher","award":["ProSecuToR, WebSand, B-CCENTRE","NESSoS"],"award-info":[{"award-number":["ProSecuToR, WebSand, B-CCENTRE","NESSoS"]}],"id":[{"id":"10.13039\/501100004040","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004963","name":"Vetenskapsr\u00e5det","doi-asserted-by":"publisher","award":["ProSecuToR, WebSand, B-CCENTRE","NESSoS"],"award-info":[{"award-number":["ProSecuToR, WebSand, B-CCENTRE","NESSoS"]}],"id":[{"id":"10.13039\/501100004963","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100000780","name":"Vetenskapsr\u00e5det","doi-asserted-by":"publisher","award":["ProSecuToR, WebSand, B-CCENTRE","NESSoS"],"award-info":[{"award-number":["ProSecuToR, WebSand, B-CCENTRE","NESSoS"]}],"id":[{"id":"10.13039\/501100000780","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004359","name":"Vetenskapsr\u00e5det","doi-asserted-by":"publisher","award":["ProSecuToR, WebSand, B-CCENTRE","NESSoS"],"award-info":[{"award-number":["ProSecuToR, WebSand, B-CCENTRE","NESSoS"]}],"id":[{"id":"10.13039\/501100004359","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2015,3,2]]},"DOI":"10.1145\/2699026.2699118","type":"proceedings-article","created":{"date-parts":[[2015,2,23]],"date-time":"2015-02-23T16:02:15Z","timestamp":1424707335000},"page":"253-262","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":9,"title":["Password Meters and Generators on the Web"],"prefix":"10.1145","author":[{"given":"Steven","family":"Van Acker","sequence":"first","affiliation":[{"name":"iMinds-DistriNet, KU Leuven, Leuven, Belgium"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Daniel","family":"Hausknecht","sequence":"additional","affiliation":[{"name":"Chalmers University of Technology, G\u00f6teborg, Sweden"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Wouter","family":"Joosen","sequence":"additional","affiliation":[{"name":"iMinds-DistriNet, KU Leuven, Leuven, Belgium"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Andrei","family":"Sabelfeld","sequence":"additional","affiliation":[{"name":"Chalmers University of Technology, Gothenburg, Sweden"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2015,3,2]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420952"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2010.27"},{"key":"e_1_3_2_1_3_1","unstructured":"Aldo Cortesi. mitmproxy. http:\/\/mitmproxy.org.  Aldo Cortesi. mitmproxy. http:\/\/mitmproxy.org."},{"key":"e_1_3_2_1_4_1","unstructured":"Ariya Hidayat. PhantomJS. http:\/\/phantomjs.org.  Ariya Hidayat. PhantomJS. http:\/\/phantomjs.org."},{"key":"e_1_3_2_1_5_1","unstructured":"Badpass: password strength indicator. https:\/\/addons.mozilla.org\/en-US\/firefox\/addon\/badpass\/.  Badpass: password strength indicator. https:\/\/addons.mozilla.org\/en-US\/firefox\/addon\/badpass\/."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.44"},{"key":"e_1_3_2_1_7_1","volume-title":"NIST Special Publication","author":"Burr W. E.","year":"2004","unstructured":"W. E. Burr , D. F. Dodson , W. T. Polk , and D. L. Evans . Electronic authentication guideline . In NIST Special Publication , 2004 . W. E. Burr, D. F. Dodson, W. T. Polk, and D. L. Evans. Electronic authentication guideline. In NIST Special Publication, 2004."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/11961635_3"},{"key":"e_1_3_2_1_9_1","unstructured":"Content security policy 1.0. http:\/\/www.w3.org\/TR\/CSP\/.  Content security policy 1.0. http:\/\/www.w3.org\/TR\/CSP\/."},{"key":"e_1_3_2_1_10_1","unstructured":"CrackLib. http:\/\/cracklib.sourceforge.net\/.  CrackLib. http:\/\/cracklib.sourceforge.net\/."},{"key":"e_1_3_2_1_11_1","unstructured":"D. Crockford. ADsafe { making JavaScript safe for advertising. http:\/\/adsafe.org\/.  D. Crockford. ADsafe { making JavaScript safe for advertising. http:\/\/adsafe.org\/."},{"key":"e_1_3_2_1_12_1","unstructured":"CryptoJS. https:\/\/code.google.com\/p\/crypto-js\/.  CryptoJS. https:\/\/code.google.com\/p\/crypto-js\/."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23268"},{"key":"e_1_3_2_1_14_1","volume-title":"PET","author":"Eckersley P.","year":"2010","unstructured":"P. Eckersley . How unique is your web browser ? In PET , 2010 . P. Eckersley. How unique is your web browser? In PET, 2010."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2470654.2481329"},{"key":"e_1_3_2_1_16_1","unstructured":"Google password help. https:\/\/accounts.google.com\/PasswordHelp.  Google password help. https:\/\/accounts.google.com\/PasswordHelp."},{"key":"e_1_3_2_1_17_1","unstructured":"Html - living standard: The iframe element. http:\/\/www.whatwg.org\/specs\/web-apps\/current-work\/multipage\/the-iframe-element.html.  Html - living standard: The iframe element. http:\/\/www.whatwg.org\/specs\/web-apps\/current-work\/multipage\/the-iframe-element.html."},{"key":"e_1_3_2_1_18_1","volume-title":"USENIX ATC","author":"Ingram L.","year":"2012","unstructured":"L. Ingram and M. Walfish . TreeHouse: JavaScript sandboxes to help web developers help themselves . In USENIX ATC , 2012 . L. Ingram and M. Walfish. TreeHouse: JavaScript sandboxes to help web developers help themselves. In USENIX ATC, 2012."},{"key":"e_1_3_2_1_19_1","unstructured":"Jacaranda. Jacaranda. http:\/\/jacaranda.org.  Jacaranda. Jacaranda. http:\/\/jacaranda.org."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1367497.1367569"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242655"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242654"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.38"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1367497.1367570"},{"key":"e_1_3_2_1_25_1","volume-title":"USENIX Security","author":"Klein D. V.","year":"1990","unstructured":"D. V. Klein . Foiling the cracker: A survey of, and improvements to, password security . USENIX Security , 1990 . D. V. Klein. Foiling the cracker: A survey of, and improvements to, password security. USENIX Security, 1990."},{"key":"e_1_3_2_1_26_1","unstructured":"Leet. http:\/\/en.wikipedia.org\/wiki\/Leet.  Leet. http:\/\/en.wikipedia.org\/wiki\/Leet."},{"key":"e_1_3_2_1_27_1","volume-title":"TRUST","author":"Luo T.","year":"2011","unstructured":"T. Luo and W. Du . Contego: capability-based access control for web browsers . In TRUST , 2011 . T. Luo and W. Du. Contego: capability-based access control for web browsers. In TRUST, 2011."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2009.11"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-27937-9_17"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.36"},{"key":"e_1_3_2_1_31_1","unstructured":"Create strong passwords. https:\/\/www.microsoft.com\/security\/pc-security\/password-checker.aspx.  Create strong passwords. https:\/\/www.microsoft.com\/security\/pc-security\/password-checker.aspx."},{"key":"e_1_3_2_1_32_1","unstructured":"Microsoft Live Labs. Live Labs Websandbox.\\ http:\/\/websandbox.org.  Microsoft Live Labs. Live Labs Websandbox.\\ http:\/\/websandbox.org."},{"key":"e_1_3_2_1_33_1","volume-title":"Google Inc.","author":"Miller M. S.","year":"2008","unstructured":"M. S. Miller , M. Samuel , B. Laurie , I. Awad , and M. Stay . Caja - safe active content in sanitized JavaScript. Technical report , Google Inc. , June 2008 . M. S. Miller, M. Samuel, B. Laurie, I. Awad, and M. Stay. Caja - safe active content in sanitized JavaScript. Technical report, Google Inc., June 2008."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/359168.359172"},{"key":"e_1_3_2_1_35_1","unstructured":"Mozilla. Use bookmarklets to quickly perform common web page tasks. https:\/\/support.mozilla.org\/en-US\/kb\/bookmarklets-perform-common-web-page-tasks.  Mozilla. Use bookmarklets to quickly perform common web page tasks. https:\/\/support.mozilla.org\/en-US\/kb\/bookmarklets-perform-common-web-page-tasks."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382274"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-45146-4_36"},{"key":"e_1_3_2_1_38_1","unstructured":"Openwall. John the ripper password cracker. http:\/\/www.openwall.com\/john\/.  Openwall. John the ripper password cracker. http:\/\/www.openwall.com\/john\/."},{"key":"e_1_3_2_1_39_1","unstructured":"OWASP. HTML5 Security Cheat Sheet. https:\/\/www.owasp.org\/index.php\/HTML5_Security_Cheat_Sheet.  OWASP. HTML5 Security Cheat Sheet. https:\/\/www.owasp.org\/index.php\/HTML5_Security_Cheat_Sheet."},{"key":"e_1_3_2_1_40_1","unstructured":"OWASP. Password storage cheat sheet. https:\/\/www.owasp.org\/index.php\/Password_Storage_Cheat_Sheet.  OWASP. Password storage cheat sheet. https:\/\/www.owasp.org\/index.php\/Password_Storage_Cheat_Sheet."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/1533057.1533067"},{"key":"e_1_3_2_1_42_1","volume-title":"USENIX Security","author":"Politz J. G.","year":"2011","unstructured":"J. G. Politz , S. A. Eliopoulos , A. Guha , and S. Krishnamurthi . ADsafety: type-based verification of JavaScript Sandboxing . In USENIX Security , 2011 . J. G. Politz, S. A. Eliopoulos, A. Guha, and S. Krishnamurthi. ADsafety: type-based verification of JavaScript Sandboxing. In USENIX Security, 2011."},{"key":"e_1_3_2_1_43_1","unstructured":"Html - living standard: Posting messages. http:\/\/www.whatwg.org\/specs\/web-apps\/current-work\/multipage\/web-messaging.html.  Html - living standard: Posting messages. http:\/\/www.whatwg.org\/specs\/web-apps\/current-work\/multipage\/web-messaging.html."},{"issue":"2","key":"e_1_3_2_1_44_1","first-page":"9","article-title":"Improving computer security for authentication of users: influence of proactive password restrictions","volume":"34","author":"Proctor R. W.","year":"2002","unstructured":"R. W. Proctor , M.-C. Lien , K.-P. L. Vu , E. E. Schultz , and G. Salvendy . Improving computer security for authentication of users: influence of proactive password restrictions . BRMIC , 34 ( 2 ):163{ 9 , 2002 . R. W. Proctor, M.-C. Lien, K.-P. L. Vu, E. E. Schultz, and G. Salvendy. Improving computer security for authentication of users: influence of proactive password restrictions. BRMIC, 34(2):163{9, 2002.","journal-title":"BRMIC"},{"key":"e_1_3_2_1_45_1","unstructured":"Swedish Post and Telecommunication Agency. http:\/\/www.pts.se\/.  Swedish Post and Telecommunication Agency. http:\/\/www.pts.se\/."},{"key":"e_1_3_2_1_46_1","unstructured":"A million tested passwords. http:\/\/www.pts.se\/en-GB\/News\/Press-releases\/2012\/A-million-tested-passwords\/.  A million tested passwords. http:\/\/www.pts.se\/en-GB\/News\/Press-releases\/2012\/A-million-tested-passwords\/."},{"key":"e_1_3_2_1_47_1","volume-title":"OSDI","author":"Reis C.","year":"2006","unstructured":"C. Reis , J. Dunagan , H. J. Wang , O. Dubrovsky , and S. Esmeir . BrowserShield: vulnerability-driven filtering of dynamic HTML . In OSDI , 2006 . C. Reis, J. Dunagan, H. J. Wang, O. Dubrovsky, and S. Esmeir. BrowserShield: vulnerability-driven filtering of dynamic HTML. In OSDI, 2006."},{"key":"e_1_3_2_1_48_1","unstructured":"M. Research. Telepathwords: Preventing weak passwords by reading your mind. https:\/\/telepathwords.research.microsoft.com\/.  M. Research. Telepathwords: Preventing weak passwords by reading your mind. https:\/\/telepathwords.research.microsoft.com\/."},{"key":"e_1_3_2_1_49_1","unstructured":"Syrian Electronic Army uses Taboola ad to hack Reuters (again). https:\/\/nakedsecurity.sophos.com\/2014\/06\/23\/syrian-electronic-army-uses-taboola-ad-to-hack-reuters-again\/.  Syrian Electronic Army uses Taboola ad to hack Reuters (again). https:\/\/nakedsecurity.sophos.com\/2014\/06\/23\/syrian-electronic-army-uses-taboola-ad-to-hack-reuters-again\/."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/PROC.1975.9939"},{"key":"e_1_3_2_1_51_1","unstructured":"Sharethis. http:\/\/www.sharethis.com\/.  Sharethis. http:\/\/www.sharethis.com\/."},{"key":"e_1_3_2_1_52_1","unstructured":"Taboola. https:\/\/www.taboola.com\/.  Taboola. https:\/\/www.taboola.com\/."},{"key":"e_1_3_2_1_53_1","volume-title":"USENIXSecurity","author":"Louw M. Ter","year":"2010","unstructured":"M. Ter Louw , K. T. Ganesh , and V. Venkatakrishnan . AdJail: Practical Enforcement of Confidentiality and Integrity Policies on Web Advertisements . In USENIXSecurity , 2010 . M. Ter Louw, K. T. Ganesh, and V. Venkatakrishnan. AdJail: Practical Enforcement of Confidentiality and Integrity Policies on Web Advertisements. In USENIXSecurity, 2010."},{"key":"e_1_3_2_1_54_1","unstructured":"Test your password (testa l\u00f6senord). https:\/\/testalosenord.pts.se\/.  Test your password (testa l\u00f6senord). https:\/\/testalosenord.pts.se\/."},{"key":"e_1_3_2_1_55_1","unstructured":"Tynt. http:\/\/www.tynt.com\/.  Tynt. http:\/\/www.tynt.com\/."},{"key":"e_1_3_2_1_56_1","volume-title":"USENIX Security","author":"Ur B.","year":"2012","unstructured":"B. Ur , P. G. Kelley , S. Komanduri , J. Lee , M. Maass , M. L. Mazurek , T. Passaro , R. Shay , T. Vidas , L. Bauer , N. Christin , and L. F. Cranor . How does your password measure up? the effect of strength meters on password creation . In USENIX Security , 2012 . B. Ur, P. G. Kelley, S. Komanduri, J. Lee, M. Maass, M. L. Mazurek, T. Passaro, R. Shay, T. Vidas, L. Bauer, N. Christin, and L. F. Cranor. How does your password measure up? the effect of strength meters on password creation. In USENIX Security, 2012."},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/2076732.2076775"},{"key":"e_1_3_2_1_58_1","unstructured":"S. Van Acker D. Hausknecht and A. Sabelfeld. Password meters and generators on the web: From large-scale empirical study to getting it right { full version and code. http:\/\/www.cse.chalmers.se\/~andrei\/SandPass\/.  S. Van Acker D. Hausknecht and A. Sabelfeld. Password meters and generators on the web: From large-scale empirical study to getting it right { full version and code. http:\/\/www.cse.chalmers.se\/~andrei\/SandPass\/."},{"key":"e_1_3_2_1_59_1","unstructured":"Verizon. 2014 data breach investigations report. http:\/\/www.verizonenterprise.com\/DBIR\/2014\/.  Verizon. 2014 data breach investigations report. http:\/\/www.verizonenterprise.com\/DBIR\/2014\/."},{"key":"e_1_3_2_1_60_1","unstructured":"W3C. Cross-Origin Resource Sharing. http:\/\/www.w3.org\/TR\/cors\/.  W3C. Cross-Origin Resource Sharing. http:\/\/www.w3.org\/TR\/cors\/."},{"key":"e_1_3_2_1_61_1","unstructured":"W3C. Document Object Model Core { textContent. http:\/\/www.w3.org\/TR\/DOM-Level-3-Core\/core. html#Node3-textContent.  W3C. Document Object Model Core { textContent. http:\/\/www.w3.org\/TR\/DOM-Level-3-Core\/core. html#Node3-textContent."},{"key":"e_1_3_2_1_62_1","unstructured":"W3C. W3C Standards and drafts - JavaScript APIs. http:\/\/www.w3.org\/TR\/#tr_JavaScript_APIs.  W3C. W3C Standards and drafts - JavaScript APIs. http:\/\/www.w3.org\/TR\/#tr_JavaScript_APIs."},{"key":"e_1_3_2_1_63_1","unstructured":"Web Cryptography API. http:\/\/www.w3.org\/TR\/WebCryptoAPI\/.  Web Cryptography API. http:\/\/www.w3.org\/TR\/WebCryptoAPI\/."},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866327"},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2004.81"},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2008.25"},{"key":"e_1_3_2_1_67_1","unstructured":"zxcvbn: realistic password strength estimation. https:\/\/tech.dropbox.com\/2012\/04\/zxcvbn-realistic-password-strength-estimation\/.  zxcvbn: realistic password strength estimation. https:\/\/tech.dropbox.com\/2012\/04\/zxcvbn-realistic-password-strength-estimation\/."}],"event":{"name":"CODASPY'15: Fifth ACM Conference on Data and Application Security and Privacy","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"San Antonio Texas USA","acronym":"CODASPY'15"},"container-title":["Proceedings of the 5th ACM Conference on Data and Application Security and Privacy"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2699026.2699118","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2699026.2699118","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T06:13:36Z","timestamp":1750227216000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2699026.2699118"}},"subtitle":["From Large-Scale Empirical Study to Getting It Right"],"short-title":[],"issued":{"date-parts":[[2015,3,2]]},"references-count":67,"alternative-id":["10.1145\/2699026.2699118","10.1145\/2699026"],"URL":"https:\/\/doi.org\/10.1145\/2699026.2699118","relation":{},"subject":[],"published":{"date-parts":[[2015,3,2]]},"assertion":[{"value":"2015-03-02","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}