{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,18]],"date-time":"2026-06-18T15:56:22Z","timestamp":1781798182396,"version":"3.54.5"},"reference-count":49,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2018,4,16]],"date-time":"2018-04-16T00:00:00Z","timestamp":1523836800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Priv. Secur."],"published-print":{"date-parts":[[2018,8,31]]},"abstract":"<jats:p>\n            Managing passwords is a difficult task for users, who must create, remember, and keep track of large numbers of passwords. In this work, we investigated users\u2019 coping strategies for password management. Through a series of interviews, we identified a \u201clife cycle\u201d of password use and find that users\u2019 central task in coping with their passwords is rationing their effort to best protect their important accounts. We followed up this work by interviewing experts about their password management practices and found that experts rely on the same kinds of coping strategies as non-experts, but that their increased\n            <jats:italic>situation awareness<\/jats:italic>\n            of security allows them to better ration their effort into protecting their accounts. Finally, we conducted a survey study to explore how the life cycle model generalizes to the larger population and find that the life cycle and rationing patterns can be seen in the broader population, but that survey respondents were less likely to characterize security management as a challenging task.\n          <\/jats:p>","DOI":"10.1145\/3183341","type":"journal-article","created":{"date-parts":[[2018,4,18]],"date-time":"2018-04-18T17:21:50Z","timestamp":1524072110000},"page":"1-32","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":53,"title":["The Password Life Cycle"],"prefix":"10.1145","volume":"21","author":[{"given":"Elizabeth","family":"Stobert","sequence":"first","affiliation":[{"name":"Carleton University, Ottawa, ON, Canada"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Robert","family":"Biddle","sequence":"additional","affiliation":[{"name":"Carleton University, Ottawa, ON, Canada"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2018,4,16]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/322796.322806"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.5555\/646684.702633"},{"key":"e_1_2_1_3_1","unstructured":"AgileBits. 2015. 1Password Watchtower. Retrieved from https:\/\/watchtower.agilebits.com.  AgileBits. 2015. 1Password Watchtower. Retrieved from https:\/\/watchtower.agilebits.com."},{"key":"e_1_2_1_4_1","volume-title":"Proceedings of the 11th Symposium on Usable Privacy and Security (SOUPS\u201915)","author":"Alghamdi Deena","year":"2015","unstructured":"Deena Alghamdi , Ivan Flechais , and Marina Jirotka . 2015 . Security practices for households bank customers in the kingdom of saudi arabia . In Proceedings of the 11th Symposium on Usable Privacy and Security (SOUPS\u201915) . USENIX, 297--308. Deena Alghamdi, Ivan Flechais, and Marina Jirotka. 2015. Security practices for households bank customers in the kingdom of saudi arabia. In Proceedings of the 11th Symposium on Usable Privacy and Security (SOUPS\u201915). USENIX, 297--308."},{"key":"e_1_2_1_5_1","unstructured":"Amazon.com Inc. 2015. Amazon Mechanical Turk: Artificial Artificial Intelligence. Retrieved from https:\/\/www.mturk.com\/mturk\/welcome.  Amazon.com Inc. 2015. Amazon Mechanical Turk: Artificial Artificial Intelligence. Retrieved from https:\/\/www.mturk.com\/mturk\/welcome."},{"key":"e_1_2_1_6_1","volume-title":"Financial Cryptography (FC)","author":"Asgharpour Farzaneh","unstructured":"Farzaneh Asgharpour , Debin Liu , and L Jean Camp . 2007. Mental models of security risks . In Financial Cryptography (FC) . Springer , 367--377. Farzaneh Asgharpour, Debin Liu, and L Jean Camp. 2007. Mental models of security risks. In Financial Cryptography (FC). Springer, 367--377."},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1595676.1595684"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.49"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1191\/1478088706qp063oa"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/2408776.2408790"},{"key":"e_1_2_1_11_1","volume-title":"Proceedings of the 15th USENIX Security Symposium. USENIX, 1--16","author":"Chiasson Sonia","year":"2006","unstructured":"Sonia Chiasson , Paul C. van Oorschot , and Robert Biddle . 2006 . A usability study and critique of two password managers . In Proceedings of the 15th USENIX Security Symposium. USENIX, 1--16 . Sonia Chiasson, Paul C. van Oorschot, and Robert Biddle. 2006. A usability study and critique of two password managers. In Proceedings of the 15th USENIX Security Symposium. USENIX, 1--16."},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23357"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00779-004-0308-5"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2470654.2481329"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1177\/154193128803200221"},{"key":"e_1_2_1_16_1","volume-title":"Expertise and situational awareness","author":"Endsley Mica R.","unstructured":"Mica R. Endsley . 2006. Expertise and situational awareness . In The Cambridge Handbook of Expertise and Expert Performance, K. Anders Ericsson, Neil Charness, Paul J. Feltovich, and Robert R. Hoffman (Eds.). Cambridge University Press , Cambridge. Mica R. Endsley. 2006. Expertise and situational awareness. In The Cambridge Handbook of Expertise and Expert Performance, K. Anders Ericsson, Neil Charness, Paul J. Feltovich, and Robert R. Hoffman (Eds.). Cambridge University Press, Cambridge."},{"key":"e_1_2_1_17_1","volume-title":"An introduction to the cambridge handbook of expertise and expert performance","author":"Ericsson K. Anders","unstructured":"K. Anders Ericsson . 2006. An introduction to the cambridge handbook of expertise and expert performance . In The Cambridge Handbook of Expertise and Expert Performance. Cambridge University Press , Cambridge, 3--20. K. Anders Ericsson. 2006. An introduction to the cambridge handbook of expertise and expert performance. In The Cambridge Handbook of Expertise and Expert Performance. Cambridge University Press, Cambridge, 3--20."},{"key":"e_1_2_1_18_1","unstructured":"Jason Fitzpatrick. 2013. How to Run a Last Pass Security Audit (and Why It Can\u2019t Wait). Retrieved from http:\/\/www.howtogeek.com\/176038\/how-to-run-a-last-pass-security-audit-and-why-it-cant-wait\/.  Jason Fitzpatrick. 2013. How to Run a Last Pass Security Audit (and Why It Can\u2019t Wait). Retrieved from http:\/\/www.howtogeek.com\/176038\/how-to-run-a-last-pass-security-audit-and-why-it-cant-wait\/."},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242661"},{"key":"e_1_2_1_20_1","volume-title":"Proceedings of the 23rd USENIX Security Symposium. USENIX, 575--590","author":"Florencio Dinei","unstructured":"Dinei Florencio , Cormac Herley , and Paul C . van Oorschot. 2014. Password portfolios and the finite-effort user: Sustainably managing large numbers of accounts . In Proceedings of the 23rd USENIX Security Symposium. USENIX, 575--590 . Dinei Florencio, Cormac Herley, and Paul C. van Oorschot. 2014. Password portfolios and the finite-effort user: Sustainably managing large numbers of accounts. In Proceedings of the 23rd USENIX Security Symposium. USENIX, 575--590."},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1143120.1143127"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1214\/aoms\/1177705148"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/1978942.1979326"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1719030.1719050"},{"key":"e_1_2_1_25_1","volume-title":"Proceedings of the 11th Symposium on Usable Privacy and Security (SOUPS\u201915)","author":"Ion Iulia","year":"2015","unstructured":"Iulia Ion , Robert W. Reeder , and Sunny Consolvo . 2015 . \u201c... No one can hack my mind\u201d: Comparing expert and non-expert security practices . In Proceedings of the 11th Symposium on Usable Privacy and Security (SOUPS\u201915) . USENIX. Iulia Ion, Robert W. Reeder, and Sunny Consolvo. 2015. \u201c...No one can hack my mind\u201d: Comparing expert and non-expert security practices. In Proceedings of the 11th Symposium on Usable Privacy and Security (SOUPS\u201915). USENIX."},{"key":"e_1_2_1_26_1","volume-title":"Proceedings of the 11th Symposium on Usable Privacy and Security (SOUPS\u201915)","author":"Kang Ruogu","year":"2015","unstructured":"Ruogu Kang , Laura Dabbish , Nathaniel Fruchter , and Sara Kiesler . 2015 . \u201c My data just goes everywhere:\u201d User mental models of the internet and implications for privacy and security . In Proceedings of the 11th Symposium on Usable Privacy and Security (SOUPS\u201915) . USENIX. Ruogu Kang, Laura Dabbish, Nathaniel Fruchter, and Sara Kiesler. 2015. \u201cMy data just goes everywhere:\u201d User mental models of the internet and implications for privacy and security. In Proceedings of the 11th Symposium on Usable Privacy and Security (SOUPS\u201915). USENIX."},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1108\/09685220610648355"},{"key":"e_1_2_1_28_1","unstructured":"LastPass. 2016. LastPass: Simplify Your Life. Retrieved from http:\/\/lastpass.com.  LastPass. 2016. LastPass: Simplify Your Life. Retrieved from http:\/\/lastpass.com."},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2008.11.010"},{"key":"e_1_2_1_30_1","first-page":"6","article-title":"When security gets in the way","volume":"16","author":"Norman Donald A.","year":"2009","unstructured":"Donald A. Norman . 2009 . When security gets in the way . ACM SIGCSE Bull. 16 , 6 (Nov. 2009), 60--63. Donald A. Norman. 2009. When security gets in the way. ACM SIGCSE Bull. 16, 6 (Nov. 2009), 60--63.","journal-title":"ACM SIGCSE Bull."},{"key":"e_1_2_1_31_1","volume-title":"Exploring the \u2018Weakest Link\u2019: A Study of Personal Password Security. Master\u2019s thesis","author":"Notoatmodjo Gilbert","unstructured":"Gilbert Notoatmodjo . 2007. Exploring the \u2018Weakest Link\u2019: A Study of Personal Password Security. Master\u2019s thesis . The University of Auckland , New Zealand . Gilbert Notoatmodjo. 2007. Exploring the \u2018Weakest Link\u2019: A Study of Personal Password Security. Master\u2019s thesis. The University of Auckland, New Zealand."},{"key":"e_1_2_1_32_1","volume-title":"The Personal Internet Address 8 Password Log Book (Organizer)","author":"Press Peter Pauper","unstructured":"Peter Pauper Press . The Personal Internet Address 8 Password Log Book (Organizer) . Peter Pauper Press . Peter Pauper Press. The Personal Internet Address 8 Password Log Book (Organizer). Peter Pauper Press."},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2335356.2335364"},{"key":"e_1_2_1_34_1","unstructured":"Carsten Schmitz. Accessed 2015. Limesurvey\u2014The Free and Open Source Survey Software Tool! Retrieved from https:\/\/www.limesurvey.org\/.  Carsten Schmitz. Accessed 2015. Limesurvey\u2014The Free and Open Source Survey Software Tool! Retrieved from https:\/\/www.limesurvey.org\/."},{"key":"e_1_2_1_35_1","unstructured":"Bruce Schneier. 2005. Write Down Your Password. Retrieved from http:\/\/www.schneier.com\/blog\/archives\/2005\/06\/write_down_your.html.  Bruce Schneier. 2005. Write Down Your Password. Retrieved from http:\/\/www.schneier.com\/blog\/archives\/2005\/06\/write_down_your.html."},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/1837110.1837113"},{"key":"e_1_2_1_37_1","volume-title":"Models of Discovery","author":"Simon Herbert A.","unstructured":"Herbert A. Simon . 1977. The structure of Ill-structured problems . In Models of Discovery . D. Reidel Publishing , Dordrecht , 304--325. Herbert A. Simon. 1977. The structure of Ill-structured problems. In Models of Discovery. D. Reidel Publishing, Dordrecht, 304--325."},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.IR.7983"},{"key":"e_1_2_1_39_1","volume-title":"Proceedings of the 10th Symposium on Usable Privacy and Security (SOUPS\u201914)","author":"Stobert Elizabeth","year":"2014","unstructured":"Elizabeth Stobert and Robert Biddle . 2014 . The password life cycle: User behaviour in managing passwords . In Proceedings of the 10th Symposium on Usable Privacy and Security (SOUPS\u201914) . USENIX. Elizabeth Stobert and Robert Biddle. 2014. The password life cycle: User behaviour in managing passwords. In Proceedings of the 10th Symposium on Usable Privacy and Security (SOUPS\u201914). USENIX."},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-29938-9_1"},{"key":"e_1_2_1_41_1","volume-title":"Basics of Qualitative Research: Techniques and Procedures for Developing Grounded Theory","author":"Strauss Anselm","unstructured":"Anselm Strauss and Juliet Corbin . 1998. Basics of Qualitative Research: Techniques and Procedures for Developing Grounded Theory ( 2 nd ed.). SAGE Publications , Thousand Oaks, CA . Anselm Strauss and Juliet Corbin. 1998. Basics of Qualitative Research: Techniques and Procedures for Developing Grounded Theory (2nd ed.). SAGE Publications, Thousand Oaks, CA.","edition":"2"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/2078827.2078833"},{"key":"e_1_2_1_43_1","volume-title":"Proceedings of the 11th Symposium on Usable Privacy and Security (SOUPS\u201915)","author":"Ur Blase","year":"2015","unstructured":"Blase Ur , Fumiko Noma , Jonathan Bees , Sean M. Segreti , Richard Shay , Lujo Bauer , Nicolas Christin , and Lorrie Faith Cranor . 2015 . \u201c I added \u2018!\u2019 at the end to make it secure\u201d: Observing password creation in the lab . In Proceedings of the 11th Symposium on Usable Privacy and Security (SOUPS\u201915) . USENIX, 123--136. Blase Ur, Fumiko Noma, Jonathan Bees, Sean M. Segreti, Richard Shay, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2015. \u201cI added \u2018!\u2019 at the end to make it secure\u201d: Observing password creation in the lab. In Proceedings of the 11th Symposium on Usable Privacy and Security (SOUPS\u201915). USENIX, 123--136."},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40477-1_28"},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/1837110.1837125"},{"key":"e_1_2_1_46_1","volume-title":"Proceedings of the 11th Symposium on Usable Privacy and Security (SOUPS\u201916)","author":"Wash Rick","year":"2016","unstructured":"Rick Wash , Emilee J. Rader , Ruthie Berman , and Zac Wellmer . 2016 . Understanding password choices - how frequently entered passwords are re-used across websites . In Proceedings of the 11th Symposium on Usable Privacy and Security (SOUPS\u201916) . USENIX. Rick Wash, Emilee J. Rader, Ruthie Berman, and Zac Wellmer. 2016. Understanding password choices - how frequently entered passwords are re-used across websites. In Proceedings of the 11th Symposium on Usable Privacy and Security (SOUPS\u201916). USENIX."},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866327"},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijhcs.2005.04.010"},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1080\/07421222.1999.11518226"}],"container-title":["ACM Transactions on Privacy and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3183341","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3183341","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T01:39:13Z","timestamp":1750210753000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3183341"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,4,16]]},"references-count":49,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2018,8,31]]}},"alternative-id":["10.1145\/3183341"],"URL":"https:\/\/doi.org\/10.1145\/3183341","relation":{},"ISSN":["2471-2566","2471-2574"],"issn-type":[{"value":"2471-2566","type":"print"},{"value":"2471-2574","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,4,16]]},"assertion":[{"value":"2016-10-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2018-01-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2018-04-16","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}