{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T23:15:01Z","timestamp":1763507701070,"version":"3.41.0"},"reference-count":15,"publisher":"Association for Computing Machinery (ACM)","issue":"11","license":[{"start":{"date-parts":[[2016,10,28]],"date-time":"2016-10-28T00:00:00Z","timestamp":1477612800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Commun. ACM"],"published-print":{"date-parts":[[2016,10,28]]},"abstract":"<jats:p>Enterprises that impose stringent password-composition policies appear to suffer the same fate as those that do not.<\/jats:p>","DOI":"10.1145\/2934663","type":"journal-article","created":{"date-parts":[[2016,10,31]],"date-time":"2016-10-31T12:29:14Z","timestamp":1477916954000},"page":"66-74","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":22,"title":["Pushing on string"],"prefix":"10.1145","volume":"59","author":[{"given":"Dinei","family":"Flor\u00eancio","sequence":"first","affiliation":[{"name":"Microsoft Research, Redmond, WA"}]},{"given":"Cormac","family":"Herley","sequence":"additional","affiliation":[{"name":"Microsoft Research, Redmond, WA"}]},{"given":"Paul C.","family":"Van Oorschot","sequence":"additional","affiliation":[{"name":"Carleton University, Ottawa, Canada"}]}],"member":"320","published-online":{"date-parts":[[2016,10,28]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"RSA finally comes clean: SecurID is compromised. Ars Technica (June 6","author":"Bright P.","year":"2011","unstructured":"Bright , P. RSA finally comes clean: SecurID is compromised. Ars Technica (June 6 , 2011 ); http:\/\/arstechnica.com\/security\/news\/2011\/06\/rsa-finally-comes-clean-securid-is-compromised.ars\/ Bright, P. RSA finally comes clean: SecurID is compromised. Ars Technica (June 6, 2011); http:\/\/arstechnica.com\/security\/news\/2011\/06\/rsa-finally-comes-clean-securid-is-compromised.ars\/"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1007\/11681878_12"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/1629575.1629605"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/1837110.1837124"},{"key":"e_1_2_1_5_1","volume-title":"Proceedings of the 23rd USENIX Security Symposium","author":"Flor\u00eancio D.","year":"2014","unstructured":"Flor\u00eancio , D. , Herley , C. , and van Oorschot , P. Password portfolios and the finite-effort user: Sustainably managing large numbers of accounts . In Proceedings of the 23rd USENIX Security Symposium ( San Diego, CA, Aug. 20--22). USENIX Association, Berkeley, CA , 2014 , 575--590. Flor\u00eancio, D., Herley, C., and van Oorschot, P. Password portfolios and the finite-effort user: Sustainably managing large numbers of accounts. In Proceedings of the 23rd USENIX Security Symposium (San Diego, CA, Aug. 20--22). USENIX Association, Berkeley, CA, 2014, 575--590."},{"key":"e_1_2_1_6_1","volume-title":"Proceedings of the USENIX LISA Conference","author":"Flor\u00eancio D.","year":"2014","unstructured":"Flor\u00eancio , D. , Herley , C. , and van Oorschot , P.C. An administrator's guide to Internet password research . In Proceedings of the USENIX LISA Conference ( Seattle, WA, Nov. 9--14). USENIX Association, Berkeley, CA , 2014 , 35--52. Flor\u00eancio, D., Herley, C., and van Oorschot, P.C. An administrator's guide to Internet password research. In Proceedings of the USENIX LISA Conference (Seattle, WA, Nov. 9--14). USENIX Association, Berkeley, CA, 2014, 35--52."},{"key":"e_1_2_1_7_1","volume-title":"Ars Technica (Aug. 20, 2012","author":"Goodin D.","year":"2012","unstructured":"Goodin , D. Why passwords have never been weaker and crackers have never been stronger . Ars Technica (Aug. 20, 2012 ); http:\/\/arstechnica.com\/security\/ 2012 \/08\/passwords-under-assault\/ Goodin, D. Why passwords have never been weaker and crackers have never been stronger. Ars Technica (Aug. 20, 2012); http:\/\/arstechnica.com\/security\/2012\/08\/passwords-under-assault\/"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.38"},{"key":"e_1_2_1_9_1","volume-title":"Proceedings of the 23rd USENIX Security Symposium","author":"Komanduri S.","year":"2014","unstructured":"Komanduri , S. , Shay , R. , Cranor , L.F. , Herley , C. , and Schechter , S . Telepathwords: Preventing weak passwords by reading users' minds . In Proceedings of the 23rd USENIX Security Symposium ( San Diego, CA, Aug. 20--22). USENIX Association, Berkeley, CA , 2014 , 591--606. Komanduri, S., Shay, R., Cranor, L.F., Herley, C., and Schechter, S. Telepathwords: Preventing weak passwords by reading users' minds. In Proceedings of the 23rd USENIX Security Symposium (San Diego, CA, Aug. 20--22). USENIX Association, Berkeley, CA, 2014, 591--606."},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516726"},{"key":"e_1_2_1_11_1","volume-title":"Stronger passwords aren't. Information Security Magazine (June","author":"Tippett P.","year":"2001","unstructured":"Tippett , P. Stronger passwords aren't. Information Security Magazine (June 2001 ), 42--43. Tippett, P. Stronger passwords aren't. Information Security Magazine (June 2001), 42--43."},{"key":"e_1_2_1_12_1","volume-title":"Proceedings of the 1999 USENIX Annual Technical Conference, FREENIX Track","author":"Provos N.","year":"1999","unstructured":"Provos , N. and Mazi\u00e8res , D . A future-adaptable password scheme . In Proceedings of the 1999 USENIX Annual Technical Conference, FREENIX Track ( Monterey, CA, June 6--11). USENIX Association, Berkeley, CA , 1999 , 81--91. Provos, N. and Mazi\u00e8res, D. A future-adaptable password scheme. In Proceedings of the 1999 USENIX Annual Technical Conference, FREENIX Track (Monterey, CA, June 6--11). USENIX Association, Berkeley, CA, 1999, 81--91."},{"key":"e_1_2_1_13_1","volume-title":"RSA","author":"FraudAction Research Labs","year":"2011","unstructured":"RSA FraudAction Research Labs . Anatomy of a hack . RSA , Bedford, MA , Apr. 1, 2011 ; https:\/\/blogs.rsa.com\/anatomy-of-an-attack\/ RSA FraudAction Research Labs. Anatomy of a hack. RSA, Bedford, MA, Apr. 1, 2011; https:\/\/blogs.rsa.com\/anatomy-of-an-attack\/"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2594502"},{"key":"e_1_2_1_15_1","volume-title":"Proceedings of the 25th USENIX Security Symposium","author":"Wheeler D.","year":"2016","unstructured":"Wheeler , D. zxcvbn : Low-budget password strength estimation . In Proceedings of the 25th USENIX Security Symposium ( Austin, TX, Aug. 10--12). USENIX Association, Berkeley, CA , 2016 . Wheeler, D. zxcvbn: Low-budget password strength estimation. In Proceedings of the 25th USENIX Security Symposium (Austin, TX, Aug. 10--12). USENIX Association, Berkeley, CA, 2016."}],"container-title":["Communications of the ACM"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2934663","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2934663","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:39:47Z","timestamp":1750217987000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2934663"}},"subtitle":["the 'don't care' region of password strength"],"short-title":[],"issued":{"date-parts":[[2016,10,28]]},"references-count":15,"journal-issue":{"issue":"11","published-print":{"date-parts":[[2016,10,28]]}},"alternative-id":["10.1145\/2934663"],"URL":"https:\/\/doi.org\/10.1145\/2934663","relation":{},"ISSN":["0001-0782","1557-7317"],"issn-type":[{"type":"print","value":"0001-0782"},{"type":"electronic","value":"1557-7317"}],"subject":[],"published":{"date-parts":[[2016,10,28]]},"assertion":[{"value":"2016-10-28","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}