{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,6]],"date-time":"2026-02-06T05:00:24Z","timestamp":1770354024062,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":80,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,10,30]],"date-time":"2017-10-30T00:00:00Z","timestamp":1509321600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"ERC Grant: Frontiers of Usable Security","award":["678341"],"award-info":[{"award-number":["678341"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,10,30]]},"DOI":"10.1145\/3133956.3134082","type":"proceedings-article","created":{"date-parts":[[2017,10,27]],"date-time":"2017-10-27T12:48:18Z","timestamp":1509108498000},"page":"311-328","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":87,"title":["Why Do Developers Get Password Storage Wrong?"],"prefix":"10.1145","author":[{"given":"Alena","family":"Naiakshina","sequence":"first","affiliation":[{"name":"University of Bonn, Bonn, Germany"}]},{"given":"Anastasia","family":"Danilova","sequence":"additional","affiliation":[{"name":"University of Bonn, Bonn, Germany"}]},{"given":"Christian","family":"Tiefenau","sequence":"additional","affiliation":[{"name":"University of Bonn, Bonn, Germany"}]},{"given":"Marco","family":"Herzog","sequence":"additional","affiliation":[{"name":"University of Bonn, Bonn, Germany"}]},{"given":"Sergej","family":"Dechand","sequence":"additional","affiliation":[{"name":"University of Bonn, Bonn, Germany"}]},{"given":"Matthew","family":"Smith","sequence":"additional","affiliation":[{"name":"University of Bonn, Bonn, Germany"}]}],"member":"320","published-online":{"date-parts":[[2017,10,30]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.52"},{"key":"e_1_3_2_2_2_1","volume-title":"2016 IEEE Symposium on. IEEE, 289--305","author":"Acar Yasemin","year":"2016","unstructured":"Yasemin Acar, Michael Backes, Sascha Fahl, Doowon Kim, Michelle L Mazurek, and Christian Stransky 2016. You Get Where You're Looking For: The Impact Of Information Sources on Code Security Security and Privacy (SP), 2016 IEEE Symposium on. IEEE, 289--305."},{"key":"e_1_3_2_2_3_1","unstructured":"Yasemin Acar Christian Stransky Dominik Wermke Michelle L. Mazurek and Sascha Fahl. 2017. Security Developer Studies with GitHub Users: Exploring a Convenience Sample Symposium on Usable Privacy and Security (SOUPS)."},{"key":"e_1_3_2_2_4_1","volume-title":"Is this what you expected? The use of expectation measures in usability testing Proceedings of the Usability Professionals Association 2003 Conference","author":"Albert William","unstructured":"William Albert and E Dixon 2003. Is this what you expected? The use of expectation measures in usability testing Proceedings of the Usability Professionals Association 2003 Conference, Scottsdale, AZ."},{"issue":"1","key":"e_1_3_2_2_5_1","first-page":"3","article-title":"--2015","volume":"4","author":"Alex Ben","year":"2004","unstructured":"Ben Alex, Luke Taylor, Rob Winch, and Gunnar Hillert. 2004--2015. Spring Security Reference: 4.1.3.RELEASE. (2004--2015). Retrieved May 18, 2017 from http:\/\/docs.spring.io\/spring-security\/site\/docs\/4.1.3.RELEASE\/reference\/htmlsingle\/##getting-started","journal-title":"Spring Security Reference"},{"key":"e_1_3_2_2_7_1","volume-title":"ISESE'04","author":"Berander Patrik","year":"2004","unstructured":"Patrik Berander. 2004. Using students as subjects in requirements prioritization Empirical Software Engineering, 2004. ISESE'04. Proceedings. 2004 International Symposium on. IEEE, 167--176."},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"crossref","unstructured":"Alex Biryukov Daniel Dinu and Dmitry Khovratovich. 2015. Argon2: the memory-hard function for password hashing and other applications. bibinfotypeTechnical Report. bibinfoinstitutionTech. rep. Password Hashing Competition (PHC).","DOI":"10.1109\/EuroSP.2016.31"},{"key":"e_1_3_2_2_9_1","volume-title":"The science of guessing: analyzing an anonymized corpus of 70 million passwords 2012 IEEE Symposium on Security and Privacy","author":"Bonneau Joseph","unstructured":"Joseph Bonneau. 2012. The science of guessing: analyzing an anonymized corpus of 70 million passwords 2012 IEEE Symposium on Security and Privacy. IEEE, 538--552."},{"key":"e_1_3_2_2_10_1","unstructured":"Joseph Bonneau and S\u00f6ren Preibusch 2010. The Password Thicket: Technical and Market Failures in Human Authentication on the Web. WEIS."},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1177\/001316446002000104"},{"key":"e_1_3_2_2_12_1","volume-title":"Retrieved","author":"Hashing Password","year":"2017","unstructured":"Password Hashing Competition and our recommendation for hashing passwords: Argon2. 2015. (2015). Retrieved August 09, 2017 from https:\/\/password-hashing.net\/"},{"key":"e_1_3_2_2_13_1","volume-title":"Retrieved","author":"Trends Google","year":"2017","unstructured":"Google Trends: Visualizing Google data. 2017. (2017). Retrieved May 18, 2017 from https:\/\/trends.google.com\/trends\/"},{"key":"e_1_3_2_2_14_1","volume-title":"International Conference on Passwords. Springer, 19--38","author":"D\u00fcrmuth Markus","year":"2014","unstructured":"Markus D\u00fcrmuth and Thorsten Kranz 2014. On password guessing with GPUs and FPGAs. In International Conference on Passwords. Springer, 19--38."},{"key":"e_1_3_2_2_15_1","volume-title":"Jones","author":"Eastlake Donald E.","year":"2001","unstructured":"Donald E. Eastlake, 3rd and Paul E. Jones 2001. US Secure Hash Algorithm 1 (SHA1). RFC 3174 (Informational). (Sept. 2001). http:\/\/www.ietf.org\/rfc\/rfc3174.txt"},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"crossref","unstructured":"Manuel Egele David Brumley Yanick Fratantonio and Christopher Kruegel 2013. An empirical study of cryptographic misuse in android applications Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. ACM 73--84.","DOI":"10.1145\/2508859.2516693"},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"crossref","unstructured":"Serge Egelman Andreas Sotirakopoulos Ildar Muslukhov Konstantin Beznosov and Cormac Herley 2013. Does my password go up to eleven?: the impact of password meters on password selection Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM 2379--2388.","DOI":"10.1145\/2470654.2481329"},{"key":"e_1_3_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516655"},{"key":"e_1_3_2_2_19_1","unstructured":"Matthew Finifter and David Wagner 2011. Exploring the relationship between Web application development tools and security USENIX conference on Web application development."},{"key":"e_1_3_2_2_20_1","volume-title":"Retrieved","author":"Finkle Jim","year":"2012","unstructured":"Jim Finkle and Jennifer Saba 2012. LinkedIn suffers data breach-security experts. (2012). Retrieved May 18, 2017 from http:\/\/in.reuters.com\/article\/linkedin-breach-idINDEE8550EN20120606"},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.5555\/2835434.2835437"},{"key":"e_1_3_2_2_22_1","volume-title":"Statistical methods for rates and proportions","author":"Fleiss Joseph L","unstructured":"Joseph L Fleiss, Bruce Levin, and Myunghee Cho Paik. 2013. Statistical methods for rates and proportions. John Wiley & Sons."},{"key":"e_1_3_2_2_23_1","volume-title":"An administrator's guide to internet password research 28th Large Installation System Administration Conference (LISA14). 44--61","author":"Flor\u00eancio Dinei","unstructured":"Dinei Flor\u00eancio, Cormac Herley, and Paul C Van Oorschot 2014. An administrator's guide to internet password research 28th Large Installation System Administration Conference (LISA14). 44--61."},{"key":"e_1_3_2_2_24_1","volume-title":"Retrieved","year":"2017","unstructured":"GitHub: Built for developers. 2017. (2017). Retrieved May 18, 2017 from https:\/\/github.com\/"},{"key":"e_1_3_2_2_25_1","volume-title":"Overview of the Candidates for the Password Hashing Competition International Conference on Passwords. Springer, 3--18","author":"Forler Christian","year":"2014","unstructured":"Christian Forler, Eik List, Stefan Lucks, and Jakob Wenzel. 2014. Overview of the Candidates for the Password Hashing Competition International Conference on Passwords. Springer, 3--18."},{"key":"e_1_3_2_2_26_1","volume-title":"Catena: A memory-consuming password-scrambling framework. bibinfotypeTechnical Report. bibinfoinstitutionCryptology ePrint Archive, Report 2013\/525.","author":"Forler Christian","year":"2013","unstructured":"Christian Forler, Stefan Lucks, and Jakob Wenzel. 2013. Catena: A memory-consuming password-scrambling framework. bibinfotypeTechnical Report. bibinfoinstitutionCryptology ePrint Archive, Report 2013\/525."},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"publisher","unstructured":"Christian Forler Stefan Lucks and Jakob Wenzel. 2014. Memory-Demanding Password Scrambling.. In ASIACRYPT (2). 289--305. 10.1007\/978-3-662-45608-8_16","DOI":"10.1007\/978-3-662-45608-8_16"},{"key":"e_1_3_2_2_28_1","volume-title":"Retrieved","year":"2017","unstructured":"HotFrameworks: Web framework rankings. 2017. (2017). Retrieved May 18, 2017 from https:\/\/hotframeworks.com\/"},{"key":"e_1_3_2_2_29_1","volume-title":"Proceedings of the Tenth International Symposium on Human Aspects of Information Security & Assurance (HAISA","author":"Gorski PL","year":"2016","unstructured":"PL Gorski and L Lo Iacono 2016. Towards the Usability Evaluation of Security APIs. Proceedings of the Tenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2016). Lulu. com, 252."},{"key":"e_1_3_2_2_30_1","volume-title":"Paul A 2017","author":"Fenton Garcia Michael E","year":"2017","unstructured":"Garcia Michael E Fenton James L Grassi, Paul A 2017. DRAFT NIST Special Publication 800 63 3 Digital Identity Guidelines. (2017)."},{"key":"e_1_3_2_2_31_1","volume-title":"Digital Identity Guidelines: Authentication and Lifecycle Management. Special Publication (NIST SP)-800--63B","author":"Grassi Paul A","year":"2017","unstructured":"Paul A Grassi, Elaine M Newton, Ray A Perlner, Andrew R Regenscheid, William E Burr, Justin P Richer, Naomi B Lefkovitz, Jamie M Danker, Yee-Yin Choong, Kristen Greene, and others 2017. Digital Identity Guidelines: Authentication and Lifecycle Management. Special Publication (NIST SP)-800--63B (2017)."},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2016.111"},{"key":"e_1_3_2_2_33_1","first-page":"265","article-title":". Password Hashing Competition-Survey and Benchmark","volume":"2015","author":"Hatzivasilis George","year":"2015","unstructured":"George Hatzivasilis, Ioannis Papaefstathiou, and Charalampos Manifavas 2015. Password Hashing Competition-Survey and Benchmark. IACR Cryptology ePrint Archive Vol. 2015 (2015), 265.","journal-title":"IACR Cryptology ePrint Archive"},{"key":"e_1_3_2_2_34_1","volume-title":"Lightweight password hashing scheme for embedded systems IFIP International Conference on Information Security Theory and Practice","author":"Hatzivasilis George","unstructured":"George Hatzivasilis, Ioannis Papaefstathiou, Charalampos Manifavas, and Ioannis Askoxylakis. 2015. Lightweight password hashing scheme for embedded systems IFIP International Conference on Information Security Theory and Practice. Springer, 260--270."},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1026586415054"},{"key":"e_1_3_2_2_36_1","volume-title":"Retrieved","author":"Index TIOBE","year":"2017","unstructured":"TIOBE Index. 2017. (2017). Retrieved May 18, 2017 from http:\/\/www.tiobe.com\/tiobe-index\/"},{"key":"e_1_3_2_2_37_1","volume-title":"Password-based Cryptography Specification Version 2.0. (Sept","author":"Kaliski Burt","year":"2000","unstructured":"Burt Kaliski. 2000. PKCS# 5: Password-based Cryptography Specification Version 2.0. (Sept. 2000). http:\/\/www.ietf.org\/rfc\/rfc2898.txt"},{"key":"e_1_3_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2346916.2349257"},{"key":"e_1_3_2_2_39_1","volume-title":"International Workshop on Information Security. Springer, 121--134","author":"Kelsey John","year":"1997","unstructured":"John Kelsey, Bruce Schneier, Chris Hall, and David Wagner 1997. Secure applications of low-entropy keys. In International Workshop on Information Security. Springer, 121--134."},{"key":"e_1_3_2_2_40_1","volume-title":"Michelle L Mazurek, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, and Serge Egelman","author":"Komanduri Saranga","year":"2011","unstructured":"Saranga Komanduri, Richard Shay, Patrick Gage Kelley, Michelle L Mazurek, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, and Serge Egelman 2011. Of passwords and people: measuring the effect of password-composition policies Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 2595--2604."},{"key":"e_1_3_2_2_41_1","volume-title":"Maintaining mental models: a study of developer work habits Proceedings of the 28th international conference on Software engineering. ACM, 492--501","author":"LaToza Thomas D","unstructured":"Thomas D LaToza, Gina Venolia, and Robert DeLine. 2006. Maintaining mental models: a study of developer work habits Proceedings of the 28th international conference on Software engineering. ACM, 492--501."},{"key":"e_1_3_2_2_42_1","volume-title":"Why does cryptographic software fail?: a case study and open problems Proceedings of 5th Asia-Pacific Workshop on Systems. ACM, 7","author":"Lazar David","unstructured":"David Lazar, Haogang Chen, Xi Wang, and Nickolai Zeldovich 2014. Why does cryptographic software fail?: a case study and open problems Proceedings of 5th Asia-Pacific Workshop on Systems. ACM, 7."},{"key":"e_1_3_2_2_43_1","volume-title":"Are your passwords safe: Energy-efficient bcrypt cracking with low-cost parallel hardware WOOT'14 8th Usenix Workshop on Offensive Technologies Proceedings 23rd USENIX Security Symposium","author":"Malvoni Katja","unstructured":"Katja Malvoni and Josip Knezovi\u0107 2014. Are your passwords safe: Energy-efficient bcrypt cracking with low-cost parallel hardware WOOT'14 8th Usenix Workshop on Offensive Technologies Proceedings 23rd USENIX Security Symposium."},{"key":"e_1_3_2_2_44_1","volume-title":"Patrick Gage Kelley, Richard Shay, and Blase Ur.","author":"Mazurek Michelle L","year":"2013","unstructured":"Michelle L Mazurek, Saranga Komanduri, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Patrick Gage Kelley, Richard Shay, and Blase Ur. 2013. Measuring password guessability for an entire university Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. ACM, 173--186."},{"key":"e_1_3_2_2_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884790"},{"key":"e_1_3_2_2_46_1","volume-title":"Retrieved","author":"Programming Language PYPL","year":"2017","unstructured":"PYPL PopularitY of Programming Language. 2017. (2017). Retrieved May 18, 2017 from http:\/\/pypl.github.io\/PYPL.html"},{"key":"e_1_3_2_2_47_1","volume-title":"Retrieved","author":"Technology Surveys Techs Web","year":"2017","unstructured":"W3Techs Web Technology Surveys: \"Usage of server-side programming languages for websites\". 2017. (2017). Retrieved May 18, 2017 from https:\/\/w3techs.com\/technologies\/overview\/programming_language\/all"},{"key":"e_1_3_2_2_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/MIC.2013.103"},{"key":"e_1_3_2_2_49_1","volume-title":"Stronger key derivation via sequential memory-hard functions. Self-published","author":"Percival Colin","year":"2009","unstructured":"Colin Percival. 2009. Stronger key derivation via sequential memory-hard functions. Self-published (2009), 1--16."},{"key":"e_1_3_2_2_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2010.22"},{"key":"e_1_3_2_2_51_1","volume-title":"USENIX Annual Technical Conference, FREENIX Track. 81--91","author":"Provos Niels","year":"1999","unstructured":"Niels Provos and David Mazieres 1999. A Future-Adaptable Password Scheme.. In USENIX Annual Technical Conference, FREENIX Track. 81--91."},{"key":"e_1_3_2_2_52_1","volume-title":"US Department of Commerce","author":"NIST FIPS PUB.","year":"1994","unstructured":"NIST FIPS PUB. 1994. 186,\". Digital Signature Standard,\" National Institute of Standards and Technology, US Department of Commerce Vol. 18 (1994)."},{"key":"e_1_3_2_2_53_1","volume-title":"Retrieved","author":"RedMonk Programming Language The","year":"2017","unstructured":"The RedMonk Programming Language Rankings. 2017. (2017). Retrieved May 18, 2017 from https:\/\/redmonk.com\/sogrady\/2017\/03\/17\/language-rankings-1--16\/"},{"key":"e_1_3_2_2_54_1","doi-asserted-by":"crossref","unstructured":"Elissa M Redmiles Sean Kross and Michelle L Mazurek. 2016. How i learned to be secure: a census-representative survey of security advice sources and behavior Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM 666--677.","DOI":"10.1145\/2976749.2978307"},{"key":"e_1_3_2_2_55_1","volume-title":"2016 IEEE Symposium on. IEEE, 272--288","author":"Redmiles Elissa M","year":"2016","unstructured":"Elissa M Redmiles, Amelia R Malone, and Michelle L Mazurek 2016. I Think They're Trying to Tell Me Something: Advice Sources and Selection for Digital Security Security and Privacy (SP), 2016 IEEE Symposium on. IEEE, 272--288."},{"key":"e_1_3_2_2_56_1","volume-title":"The MD5 Message-Digest Algorithm. RFC 1321 (Informational). (April","author":"Rivest Ronald L.","year":"1992","unstructured":"Ronald L. Rivest. 1992. The MD5 Message-Digest Algorithm. RFC 1321 (Informational). (April 1992). http:\/\/www.ietf.org\/rfc\/rfc1321.txt"},{"key":"e_1_3_2_2_57_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2015.82"},{"key":"e_1_3_2_2_58_1","unstructured":"M Angela Sasse. 2003. Computer security: Anatomy of a usability disaster and a plan for recovery. (2003)."},{"key":"e_1_3_2_2_59_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1011902718709"},{"key":"e_1_3_2_2_60_1","volume-title":"Retrieved","author":"Sauro Jeff","year":"2010","unstructured":"Jeff Sauro. 2010. If you could only ask one question, use this one. (2010). Retrieved May 18, 2017 from http:\/\/www.measuringu.com\/blog\/single-question.php"},{"key":"e_1_3_2_2_61_1","doi-asserted-by":"crossref","unstructured":"Jeff Sauro and Joseph S Dumas 2009. Comparison of three one-question post-task usability questionnaires Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM 1599--1608.","DOI":"10.1145\/1518701.1518946"},{"key":"e_1_3_2_2_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/2556288.2557377"},{"key":"e_1_3_2_2_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/2891411"},{"key":"e_1_3_2_2_64_1","volume-title":"Pedro Giovanni Leon, Michelle L Mazurek, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor","author":"Shay Richard","year":"2010","unstructured":"Richard Shay, Saranga Komanduri, Patrick Gage Kelley, Pedro Giovanni Leon, Michelle L Mazurek, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor 2010. Encountering stronger password requirements: user attitudes and behaviors Proceedings of the Sixth Symposium on Usable Privacy and Security. ACM, 2."},{"key":"e_1_3_2_2_65_1","volume-title":"Retrieved","author":"Cheat Sheet Password Storage","year":"2014","unstructured":"Password Storage Cheat Sheet. 2014. (2014). Retrieved May 18, 2017 from https:\/\/www.owasp.org\/index.php\/Password_Storage_Cheat_Sheet"},{"key":"e_1_3_2_2_66_1","volume-title":"Retrieved","author":"Overflow Stack","year":"2017","unstructured":"helping each other Stack Overflow: Stack Overflow is a community of 7.0 million programmers, just like you. 2017. (2017). Retrieved May 18, 2017 from https:\/\/stackoverflow.com\/"},{"key":"e_1_3_2_2_67_1","volume-title":"Ergonomic requirements for office work with visual display terminals (vdts)--part 11: Guidance on usability. ISO Standard 9241--11","author":"Standard I","year":"1998","unstructured":"I Standard. 1998. Ergonomic requirements for office work with visual display terminals (vdts)--part 11: Guidance on usability. ISO Standard 9241--11: 1998. International Organization for Standardization (1998)."},{"key":"e_1_3_2_2_68_1","volume-title":"The implications of method placement on API learnability Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering. ACM, 105--112","author":"Stylos Jeffrey","unstructured":"Jeffrey Stylos and Brad A Myers 2008. The implications of method placement on API learnability Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering. ACM, 105--112."},{"key":"e_1_3_2_2_69_1","doi-asserted-by":"publisher","DOI":"10.1145\/1414004.1414055"},{"key":"e_1_3_2_2_70_1","first-page":"1","article-title":"A comparison of methods for eliciting post-task subjective ratings in usability testing","volume":"2006","author":"Tedesco Donna","year":"2006","unstructured":"Donna Tedesco and Tom Tullis 2006. A comparison of methods for eliciting post-task subjective ratings in usability testing. Usability Professionals Association (UPA) Vol. 2006 (2006), 1--9.","journal-title":"Usability Professionals Association (UPA)"},{"key":"e_1_3_2_2_71_1","volume-title":"Retrieved","author":"Skills Trendy","year":"2017","unstructured":"Trendy Skills: Extracting Skills that employers seek in the IT industry. 2017. (2017). Retrieved May 18, 2017 from http:\/\/trendyskills.com\/"},{"key":"e_1_3_2_2_72_1","volume-title":"Retrieved","year":"2017","unstructured":"GitHut: A Small Place to discover languages in GitHub 2017. (2017). Retrieved May 18, 2017 from http:\/\/githut.info\/"},{"key":"e_1_3_2_2_73_1","unstructured":"Meltem S\u00f6nmez Turan Elaine B Barker William E Burr and Lidong Chen 2010. Sp 800--132. recommendation for password-based key derivation: Part 1: Storage applications. (2010)."},{"key":"e_1_3_2_2_74_1","doi-asserted-by":"publisher","DOI":"10.1145\/3025453.3026050"},{"key":"e_1_3_2_2_75_1","doi-asserted-by":"publisher","DOI":"10.1145\/2858036.2858546"},{"key":"e_1_3_2_2_76_1","volume-title":"Saranga Komanduri, Joel Lee, Michael Maass, Michelle L Mazurek, Timothy Passaro, Richard Shay, Timothy Vidas, Lujo Bauer, and others","author":"Ur Blase","year":"2012","unstructured":"Blase Ur, Patrick Gage Kelley, Saranga Komanduri, Joel Lee, Michael Maass, Michelle L Mazurek, Timothy Passaro, Richard Shay, Timothy Vidas, Lujo Bauer, and others 2012. Helping users create better passwords. login:: the magazine of USENIX & SAGE Vol. 37 (2012), 51--57."},{"key":"e_1_3_2_2_77_1","volume-title":"Observing password creation in the lab SOUPS '15: Proceedings of the 11th Symposium on Usable Privacy and Security. USENIX","author":"Ur Blase","unstructured":"Blase Ur, Fumiko Noma, Jonathan Bees, Sean M. Segreti, Richard Shay, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor 2015. \"I added '!' at the end to make it secure\": Observing password creation in the lab SOUPS '15: Proceedings of the 11th Symposium on Usable Privacy and Security. USENIX."},{"key":"e_1_3_2_2_78_1","volume-title":"If your password is 123456, just make it hackme. The New York Times","author":"Vance Ashlee","year":"2010","unstructured":"Ashlee Vance. 2010. If your password is 123456, just make it hackme. The New York Times Vol. 20 (2010)."},{"key":"e_1_3_2_2_79_1","volume-title":"Testing metrics for password creation policies by attacking large sets of revealed passwords Proceedings of the 17th ACM conference on Computer and communications security. ACM, 162--175","author":"Weir Matt","unstructured":"Matt Weir, Sudhir Aggarwal, Michael Collins, and Henry Stern 2010. Testing metrics for password creation policies by attacking large sets of revealed passwords Proceedings of the 17th ACM conference on Computer and communications security. ACM, 162--175."},{"key":"e_1_3_2_2_80_1","volume-title":"Usenix Security","volume":"1999","author":"Whitten Alma","year":"1999","unstructured":"Alma Whitten and J Doug Tygar 1999. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0. Usenix Security, Vol. Vol. 1999."},{"key":"e_1_3_2_2_81_1","volume-title":"2014 International Conference on. IEEE, 1--6. endthebibliography","author":"Wiemer Friedrich","year":"2014","unstructured":"Friedrich Wiemer and Ralf Zimmermann 2014. High-speed implementation of bcrypt password search using special-purpose hardware ReConFigurable Computing and FPGAs (ReConFig), 2014 International Conference on. IEEE, 1--6. endthebibliography"}],"event":{"name":"CCS '17: 2017 ACM SIGSAC Conference on Computer and Communications Security","location":"Dallas Texas USA","acronym":"CCS '17","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3133956.3134082","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3133956.3134082","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:11:03Z","timestamp":1750212663000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3133956.3134082"}},"subtitle":["A Qualitative Usability Study"],"short-title":[],"issued":{"date-parts":[[2017,10,30]]},"references-count":80,"alternative-id":["10.1145\/3133956.3134082","10.1145\/3133956"],"URL":"https:\/\/doi.org\/10.1145\/3133956.3134082","relation":{},"subject":[],"published":{"date-parts":[[2017,10,30]]},"assertion":[{"value":"2017-10-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}