{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T19:06:42Z","timestamp":1776107202084,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":52,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,5,2]],"date-time":"2017-05-02T00:00:00Z","timestamp":1493683200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,5,2]]},"DOI":"10.1145\/3025453.3026050","type":"proceedings-article","created":{"date-parts":[[2017,5,3]],"date-time":"2017-05-03T12:34:28Z","timestamp":1493814868000},"page":"3775-3786","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":101,"title":["Design and Evaluation of a Data-Driven Password Meter"],"prefix":"10.1145","author":[{"given":"Blase","family":"Ur","sequence":"first","affiliation":[{"name":"University of Chicago, Chicago, IL, USA"}]},{"given":"Felicia","family":"Alfieri","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, Pittsburgh, PA, USA"}]},{"given":"Maung","family":"Aung","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, Pittsburgh, PA, USA"}]},{"given":"Lujo","family":"Bauer","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, Pittsburgh, PA, USA"}]},{"given":"Nicolas","family":"Christin","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, Pittsburgh, PA, USA"}]},{"given":"Jessica","family":"Colnago","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, Pittsburgh, PA, USA"}]},{"given":"Lorrie Faith","family":"Cranor","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, Pittsburgh, PA, USA"}]},{"given":"Henry","family":"Dixon","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, Pittsburgh, PA, USA"}]},{"given":"Pardis","family":"Emami Naeini","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, Pittsburgh, PA, USA"}]},{"given":"Hana","family":"Habib","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, Pittsburgh, PA, USA"}]},{"given":"Noah","family":"Johnson","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, Pittsburgh, PA, USA"}]},{"given":"William","family":"Melicher","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, Pittsburgh, PA, USA"}]}],"member":"320","published-online":{"date-parts":[[2017,5,2]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2699026.2699118"},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4471-3601-9_1"},{"key":"e_1_3_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1111\/j.2517-6161.1995.tb02031.x"},{"key":"e_1_3_2_2_4_1","volume-title":"Proc. IEEE Symposium on Security and Privacy.","author":"Bonneau Joseph","year":"2012","unstructured":"Joseph Bonneau . 2012 . The science of guessing: Analyzing an anonymized corpus of 70 million 2Source code: https:\/\/github.com\/cupslab\/password_meter passwords . In Proc. IEEE Symposium on Security and Privacy. Joseph Bonneau. 2012. The science of guessing: Analyzing an anonymized corpus of 70 million 2Source code: https:\/\/github.com\/cupslab\/password_meter passwords. In Proc. IEEE Symposium on Security and Privacy."},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-34638-5_1"},{"key":"e_1_3_2_2_6_1","volume-title":"Today I am releasing ten million passwords. https:\/\/xato.net\/today-i-am-releasing-tenmillion-passwords-b6278bbe7495#.s11zbdb8q. (February 9","author":"Burnett Mark","year":"2015","unstructured":"Mark Burnett . 2015. Today I am releasing ten million passwords. https:\/\/xato.net\/today-i-am-releasing-tenmillion-passwords-b6278bbe7495#.s11zbdb8q. (February 9 , 2015 ). Mark Burnett. 2015. Today I am releasing ten million passwords. https:\/\/xato.net\/today-i-am-releasing-tenmillion-passwords-b6278bbe7495#.s11zbdb8q. (February 9, 2015)."},{"key":"e_1_3_2_2_7_1","unstructured":"Carnegie Mellon University. 2015. Password Guessability Service. https:\/\/pgs.ece.cmu.edu. (2015).  Carnegie Mellon University. 2015. Password Guessability Service. https:\/\/pgs.ece.cmu.edu. (2015)."},{"key":"e_1_3_2_2_8_1","volume-title":"Proc. NDSS.","author":"Castelluccia Claude","year":"2012","unstructured":"Claude Castelluccia , Markus D\u00fcrmuth , and Daniele Perito . 2012 . Adaptive password-strength meters from Markov models . In Proc. NDSS. Claude Castelluccia, Markus D\u00fcrmuth, and Daniele Perito. 2012. Adaptive password-strength meters from Markov models. In Proc. NDSS."},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23357"},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23268"},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813631"},{"key":"e_1_3_2_2_12_1","volume-title":"Proc. CHI.","author":"Egelman Serge","year":"2013","unstructured":"Serge Egelman , Andreas Sotirakopoulos , Ildar Muslukhov , Konstantin Beznosov , and Cormac Herley . 2013 . Does my password go up to eleven? The impact of password meters on password selection . In Proc. CHI. Serge Egelman, Andreas Sotirakopoulos, Ildar Muslukhov, Konstantin Beznosov, and Cormac Herley. 2013. Does my password go up to eleven? The impact of password meters on password selection. In Proc. CHI."},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2501604.2501617"},{"key":"e_1_3_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242661"},{"key":"e_1_3_2_2_15_1","volume-title":"van Oorschot","author":"Flor\u00eancio Dinei","year":"2014","unstructured":"Dinei Flor\u00eancio , Cormac Herley , and Paul C . van Oorschot . 2014 . Password portfolios and the finite-effort user: Sustainably managing large numbers of accounts. In Proc. USENIX Security . Dinei Flor\u00eancio, Cormac Herley, and Paul C. van Oorschot. 2014. Password portfolios and the finite-effort user: Sustainably managing large numbers of accounts. In Proc. USENIX Security."},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1408664.1408666"},{"key":"e_1_3_2_2_17_1","volume-title":"An R companion to applied regression (online appendix)","author":"Fox John","unstructured":"John Fox and Sanford Weisberg . 2011. An R companion to applied regression (online appendix) ( second ed.). Sage Publications. https:\/\/socserv.socsci.mcmaster.ca\/jfox\/Books\/ Companion\/ appendix\/Appendix-Cox-Regression.pdf. John Fox and Sanford Weisberg. 2011. An R companion to applied regression (online appendix) (second ed.). Sage Publications. https:\/\/socserv.socsci.mcmaster.ca\/jfox\/Books\/ Companion\/appendix\/Appendix-Cox-Regression.pdf."},{"key":"e_1_3_2_2_18_1","volume-title":"Hackers expose 453,000 credentials allegedly taken from Yahoo service. Ars Technica. (July","author":"Goodin Dan","year":"2012","unstructured":"Dan Goodin . 2012. Hackers expose 453,000 credentials allegedly taken from Yahoo service. Ars Technica. (July 2012 ). http:\/\/arstechnica.com\/security\/2012\/07\/yahooservice-hacked\/. Dan Goodin. 2012. Hackers expose 453,000 credentials allegedly taken from Yahoo service. Ars Technica. (July 2012). http:\/\/arstechnica.com\/security\/2012\/07\/yahooservice-hacked\/."},{"key":"e_1_3_2_2_19_1","unstructured":"Dan Goodin. 2013. \"there is no fate but what we make\"-Turbo-charged cracking comes to long passwords. Ars Technica. (August 2013). http:\/\/arstechnica.com\/security\/2013\/08\/ thereisnofatebutwhatwemake-turbo-charged-crackingcomes-to-long-passwords\/.  Dan Goodin. 2013. \"there is no fate but what we make\"-Turbo-charged cracking comes to long passwords. Ars Technica. (August 2013). http:\/\/arstechnica.com\/security\/2013\/08\/ thereisnofatebutwhatwemake-turbo-charged-crackingcomes-to-long-passwords\/."},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1719030.1719050"},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813622"},{"key":"e_1_3_2_2_22_1","volume-title":"The science of password selection. Blog post. (July","author":"Hunt Troy","year":"2011","unstructured":"Troy Hunt . 2011. The science of password selection. Blog post. (July 2011 ). http:\/\/www.troyhunt.com\/2011\/07\/science-of-passwordselection.html. Troy Hunt. 2011. The science of password selection. Blog post. (July 2011). http:\/\/www.troyhunt.com\/2011\/07\/science-of-passwordselection.html."},{"key":"e_1_3_2_2_23_1","unstructured":"Imperva. 2010. Consumer password worst practices. (2010). http:\/\/www.imperva.com\/docs\/WP_Consumer_ Password_Worst_Practices.pdf.  Imperva. 2010. Consumer password worst practices. (2010). http:\/\/www.imperva.com\/docs\/WP_Consumer_ Password_Worst_Practices.pdf."},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1753326.1753384"},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/975817.975820"},{"key":"e_1_3_2_2_26_1","volume-title":"Proc. HotSec.","author":"Jakobsson Markus","year":"2012","unstructured":"Markus Jakobsson and Mayank Dhiman . 2012 . The benefits of understanding passwords . In Proc. HotSec. Markus Jakobsson and Mayank Dhiman. 2012. The benefits of understanding passwords. In Proc. HotSec."},{"key":"e_1_3_2_2_27_1","volume-title":"Proc. USENIX Security.","author":"Komanduri Saranga","year":"2014","unstructured":"Saranga Komanduri , Richard Shay , Lorrie Faith Cranor , Cormac Herley , and Stuart Schechter . 2014 . Telepathwords: Preventing weak passwords by reading users' minds . In Proc. USENIX Security. Saranga Komanduri, Richard Shay, Lorrie Faith Cranor, Cormac Herley, and Stuart Schechter. 2014. Telepathwords: Preventing weak passwords by reading users' minds. In Proc. USENIX Security."},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/1978942.1979321"},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1143120.1143129"},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/2187836.2187878"},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516726"},{"key":"e_1_3_2_2_32_1","volume-title":"Proc. USENIX Security.","author":"Melicher William","year":"2016","unstructured":"William Melicher , Blase Ur , Sean M. Segreti , Saranga Komanduri , Lujo Bauer , Nicolas Christin , and Lorrie Faith Cranor . 2016 . Fast, lean, and accurate: Modeling password guessability using neural networks . In Proc. USENIX Security. William Melicher, Blase Ur, Sean M. Segreti, Saranga Komanduri, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2016. Fast, lean, and accurate: Modeling password guessability using neural networks. In Proc. USENIX Security."},{"key":"e_1_3_2_2_33_1","volume-title":"Choosing secure passwords. Schneier on Security https:\/\/www.schneier.com\/blog\/ archives\/2014\/03\/choosing_secure_1.html. (March 3","author":"Schneier Bruce","year":"2014","unstructured":"Bruce Schneier . 2014. Choosing secure passwords. Schneier on Security https:\/\/www.schneier.com\/blog\/ archives\/2014\/03\/choosing_secure_1.html. (March 3 , 2014 ). Bruce Schneier. 2014. Choosing secure passwords. Schneier on Security https:\/\/www.schneier.com\/blog\/ archives\/2014\/03\/choosing_secure_1.html. (March 3, 2014)."},{"key":"e_1_3_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2556288.2557377"},{"key":"e_1_3_2_2_35_1","volume-title":"Proc. USENIX Security Symposium.","author":"Song Dawn Xiaodong","year":"2001","unstructured":"Dawn Xiaodong Song , David Wagner , and Xuqing Tian . 2001 . Timing analysis of keystrokes and timing attacks on SSH . In Proc. USENIX Security Symposium. Dawn Xiaodong Song, David Wagner, and Xuqing Tian. 2001. Timing analysis of keystrokes and timing attacks on SSH. In Proc. USENIX Security Symposium."},{"key":"e_1_3_2_2_36_1","volume-title":"Proc. SOUPS (Poster Abstract).","author":"Sotirakopoulos Andreas","year":"2011","unstructured":"Andreas Sotirakopoulos , Ildar Muslukov , Konstantin Beznosov , Cormac Herley , and Serge Egelman . 2011 . Motivating users to choose better passwords through peer pressure . In Proc. SOUPS (Poster Abstract). Andreas Sotirakopoulos, Ildar Muslukov, Konstantin Beznosov, Cormac Herley, and Serge Egelman. 2011. Motivating users to choose better passwords through peer pressure. In Proc. SOUPS (Poster Abstract)."},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2004.07.001"},{"key":"e_1_3_2_2_38_1","volume-title":"Proc. SOUPS.","author":"Stobert Elizabeth","year":"2014","unstructured":"Elizabeth Stobert and Robert Biddle . 2014 . The password life cycle: User behaviour in managing passwords . In Proc. SOUPS. Elizabeth Stobert and Robert Biddle. 2014. The password life cycle: User behaviour in managing passwords. In Proc. SOUPS."},{"key":"e_1_3_2_2_39_1","unstructured":"Stricture Consulting Group. 2015. Password audits. http: \/\/stricture-group.com\/services\/password-audits.htm. (2015).  Stricture Consulting Group. 2015. Password audits. http: \/\/stricture-group.com\/services\/password-audits.htm. (2015)."},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/2858036.2858546"},{"key":"e_1_3_2_2_42_1","volume-title":"Proc. USENIX Security.","author":"Ur Blase","year":"2012","unstructured":"Blase Ur , Patrick Gage Kelly , Saranga Komanduri , Joel Lee , Michael Maass , Michelle Mazurek , Timothy Passaro , Richard Shay , Timothy Vidas , Lujo Bauer , Nicolas Christin , and Lorrie Faith Cranor . 2012 . How does your password measure up? The effect of strength meters on password creation . In Proc. USENIX Security. Blase Ur, Patrick Gage Kelly, Saranga Komanduri, Joel Lee, Michael Maass, Michelle Mazurek, Timothy Passaro, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2012. How does your password measure up? The effect of strength meters on password creation. In Proc. USENIX Security."},{"key":"e_1_3_2_2_43_1","volume-title":"Proc. SOUPS.","author":"Ur Blase","year":"2015","unstructured":"Blase Ur , Fumiko Noma , Jonathan Bees , Sean M. Segreti , Richard Shay , Lujo Bauer , Nicolas Christin , and Lorrie Faith Cranor . 2015 a. \" I added \"!? at the end to make it secure?: Observing password creation in the lab . In Proc. SOUPS. Blase Ur, Fumiko Noma, Jonathan Bees, Sean M. Segreti, Richard Shay, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2015a. \"I added \"!? at the end to make it secure?: Observing password creation in the lab. In Proc. SOUPS."},{"key":"e_1_3_2_2_44_1","volume-title":"Proc. USENIX Security.","author":"Ur Blase","year":"2015","unstructured":"Blase Ur , Sean M. Segreti , Lujo Bauer , Nicolas Christin , Lorrie Faith Cranor , Saranga Komanduri , Darya Kurilova , Michelle L. Mazurek , William Melicher , and Richard Shay . 2015 b. Measuring real-world accuracies and biases in modeling password guessability . In Proc. USENIX Security. Blase Ur, Sean M. Segreti, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Saranga Komanduri, Darya Kurilova, Michelle L. Mazurek, William Melicher, and Richard Shay. 2015b. Measuring real-world accuracies and biases in modeling password guessability. In Proc. USENIX Security."},{"key":"e_1_3_2_2_45_1","unstructured":"Ashlee Vance. 2010. If your password is 123456 just make it HackMe. NY Times http:\/\/www.nytimes. com\/2010\/01\/21\/technology\/21password.html. (2010).  Ashlee Vance. 2010. If your password is 123456 just make it HackMe. NY Times http:\/\/www.nytimes. com\/2010\/01\/21\/technology\/21password.html. (2010)."},{"key":"e_1_3_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23103"},{"key":"e_1_3_2_2_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/2379690.2379702"},{"key":"e_1_3_2_2_48_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40477-1_28"},{"key":"e_1_3_2_2_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/2639189.2639218"},{"key":"e_1_3_2_2_50_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijhcs.2007.03.007"},{"key":"e_1_3_2_2_51_1","unstructured":"Dan Wheeler. 2012. zxcvbn: Realistic password strength estimation. https:\/\/blogs.dropbox.com\/tech\/2012\/04\/zxcvbnrealistic-password-strength-estimation\/. (2012).  Dan Wheeler. 2012. zxcvbn: Realistic password strength estimation. https:\/\/blogs.dropbox.com\/tech\/2012\/04\/zxcvbnrealistic-password-strength-estimation\/. (2012)."},{"key":"e_1_3_2_2_52_1","volume-title":"Proc. USENIX Security.","author":"Wheeler Dan Lowe","year":"2016","unstructured":"Dan Lowe Wheeler . 2016 . zxcvbn: Low-budget password strength estimation . In Proc. USENIX Security. Dan Lowe Wheeler. 2016. zxcvbn: Low-budget password strength estimation. In Proc. USENIX Security."},{"key":"e_1_3_2_2_53_1","volume-title":"Proc. LASER.","author":"Yang Yulong","year":"2014","unstructured":"Yulong Yang , Janne Lindqvist , and Antti Oulasvirta . 2014 . Text entry method affects password security . In Proc. LASER. Yulong Yang, Janne Lindqvist, and Antti Oulasvirta. 2014. Text entry method affects password security. In Proc. LASER."}],"event":{"name":"CHI '17: CHI Conference on Human Factors in Computing Systems","location":"Denver Colorado USA","acronym":"CHI '17","sponsor":["SIGCHI ACM Special Interest Group on Computer-Human Interaction"]},"container-title":["Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3025453.3026050","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3025453.3026050","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:03:28Z","timestamp":1750215808000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3025453.3026050"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,5,2]]},"references-count":52,"alternative-id":["10.1145\/3025453.3026050","10.1145\/3025453"],"URL":"https:\/\/doi.org\/10.1145\/3025453.3026050","relation":{},"subject":[],"published":{"date-parts":[[2017,5,2]]},"assertion":[{"value":"2017-05-02","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}