{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T23:05:08Z","timestamp":1776121508086,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":50,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,4,21]],"date-time":"2020-04-21T00:00:00Z","timestamp":1587427200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"ERC Grant: Frontiers of Usable Security","award":["678341"],"award-info":[{"award-number":["678341"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,4,21]]},"DOI":"10.1145\/3313831.3376791","type":"proceedings-article","created":{"date-parts":[[2020,5,27]],"date-time":"2020-05-27T19:28:08Z","timestamp":1590607688000},"page":"1-13","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":43,"title":["On Conducting Security Developer Studies with CS Students"],"prefix":"10.1145","author":[{"given":"Alena","family":"Naiakshina","sequence":"first","affiliation":[{"name":"University of Bonn, Bonn, Germany"}]},{"given":"Anastasia","family":"Danilova","sequence":"additional","affiliation":[{"name":"University of Bonn, Bonn, Germany"}]},{"given":"Eva","family":"Gerlitz","sequence":"additional","affiliation":[{"name":"Fraunhofer FKIE, Bonn, Germany"}]},{"given":"Matthew","family":"Smith","sequence":"additional","affiliation":[{"name":"University of Bonn &amp; Fraunhofer FKIE, Bonn, Germany"}]}],"member":"320","published-online":{"date-parts":[[2020,4,23]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"[n.d.]. JavaServer Faces (JSF). ([n.d.]). Retrieved August 31 2019 from https:\/\/javaee.github.io\/javaserverfaces-spec\/"},{"key":"e_1_3_2_2_2_1","unstructured":"[n.d.]. Spring. ([n.d.]). Retrieved August 31 2019 from https:\/\/spring.io\/projects\/spring-framework"},{"key":"e_1_3_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.52"},{"key":"e_1_3_2_2_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.25"},{"key":"e_1_3_2_2_5_1","volume-title":"Either: A Research Agenda for Usable Security and Privacy Research Beyond End Users. In Cybersecurity Development (SecDev)","author":"Acar Yasemin","unstructured":"Yasemin Acar, Sascha Fahl, and Michelle L Mazurek. 2016b. You are Not Your Developer, Either: A Research Agenda for Usable Security and Privacy Research Beyond End Users. In Cybersecurity Development (SecDev), IEEE. IEEE, IEEE Press, Piscataway, NJ, USA, 3--8."},{"key":"e_1_3_2_2_6_1","volume-title":"Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017","author":"Acar Yasemin","year":"2017","unstructured":"Yasemin Acar, Christian Stransky, Dominik Wermke, Michelle L. Mazurek, and Sascha Fahl. 2017. Security Developer Studies with GitHub Users: Exploring a Convenience Sample. In Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017). USENIX Association, Santa Clara, CA, 81--95. https:\/\/www.usenix.org\/conference\/soups2017\/technical-sessions\/presentation\/acar"},{"key":"e_1_3_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/322796.322806"},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3290605.3300519"},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"crossref","unstructured":"Rebecca Balebako Abigail Marsh Jialiu Lin Jason I Hong and Lorrie Faith Cranor. 2014. The Privacy and Security Behaviors of Smartphone App Developers. (2014).","DOI":"10.14722\/usec.2014.23006"},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2017.59"},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISESE.2004.1334904"},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/b97636"},{"key":"e_1_3_2_2_14_1","volume-title":"A coefficient of agreement for nominal scales. Educational and psychological measurement 20, 1","author":"Cohen Jacob","year":"1960","unstructured":"Jacob Cohen. 1960. A coefficient of agreement for nominal scales. Educational and psychological measurement 20, 1 (1960), 37--46."},{"key":"e_1_3_2_2_15_1","volume-title":"Statistical methods for rates and proportions","author":"Fleiss Joseph L","unstructured":"Joseph L Fleiss, Bruce Levin, and Myunghee Cho Paik. 2013. Statistical methods for rates and proportions. John Wiley & Sons."},{"key":"e_1_3_2_2_16_1","volume-title":"Understanding reliability and validity in qualitative research. The qualitative report 8, 4","author":"Golafshani Nahid","year":"2003","unstructured":"Nahid Golafshani. 2003. Understanding reliability and validity in qualitative research. The qualitative report 8, 4 (2003), 597--606."},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800-63a"},{"key":"e_1_3_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2016.111"},{"key":"e_1_3_2_2_19_1","first-page":"265","article-title":"Password Hashing Competition-Survey and Benchmark","volume":"2015","author":"Hatzivasilis George","year":"2015","unstructured":"George Hatzivasilis, Ioannis Papaefstathiou, and Charalampos Manifavas. 2015. Password Hashing Competition-Survey and Benchmark. IACR Cryptology ePrint Archive 2015 (2015), 265.","journal-title":"IACR Cryptology ePrint Archive"},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1026586415054"},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.14722\/usec.2014.23045"},{"key":"e_1_3_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.5555\/2486788.2486877"},{"key":"e_1_3_2_2_23_1","volume-title":"26th USENIX Security Symposium (USENIX Security 17)","author":"Krombholz Katharina","year":"2017","unstructured":"Katharina Krombholz, Wilfried Mayer, Martin Schmiedecker, and Edgar Weippl. 2017. \"I Have No Idea What Itextquoterightm Doing\" - On the Usability of Deploying HTTPS. In 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, Vancouver, BC, 1339--1356. https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/krombholz"},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1134285.1134355"},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1134285.1134355"},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"publisher","unstructured":"L. Layman L. Williams and R. S. Amant. 2007. Toward Reducing Fault Fix Time: Understanding Developer Behavior for the Design of Automated Fault Detection Tools. In First International Symposium on Empirical Software Engineering and Measurement (ESEM 2007). 176--185. http:\/\/dx.doi.org\/10.1109\/ESEM.2007.11","DOI":"10.1109\/ESEM.2007.11"},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/2896587"},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3290605.3300370"},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134082"},{"key":"e_1_3_2_2_30_1","volume-title":"Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018","author":"Naiakshina Alena","year":"2018","unstructured":"Alena Naiakshina, Anastasia Danilova, Christian Tiefenau, and Matthew Smith. 2018. Deception Task Design in Developer Password Studies: Exploring a Student Sample. In Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018). USENIX Association, Baltimore, MD, USA, 297--313. https:\/\/www.usenix.org\/conference\/soups2018\/presentation\/naiakshina"},{"key":"e_1_3_2_2_31_1","volume-title":"https:\/\/www.linkedin.com Accessed","author":"In.","year":"2019","unstructured":"[n.d.]. [n.d.]a. LinkedIn. ([n.d.]). https:\/\/www.linkedin.com Accessed: September 2019."},{"key":"e_1_3_2_2_32_1","volume-title":"Open Web Application Security Project (OWASP). ([n.d.]). https:\/\/github.com\/OWASP\/CheatSheetSeries\/blob\/master\/cheatsheets\/Password_Storage_Cheat_Sheet.md Accessed","year":"2019","unstructured":"[n.d.]. [n.d.]b. Open Web Application Security Project (OWASP). ([n.d.]). https:\/\/github.com\/OWASP\/CheatSheetSeries\/blob\/master\/cheatsheets\/Password_Storage_Cheat_Sheet.md Accessed: September 2019."},{"key":"e_1_3_2_2_33_1","volume-title":"Random (Java SE 11 & JDK 11 ) - Oracle Docs. ([n.d.]). Retrieved","year":"2019","unstructured":"[n.d.]. [n.d.]c. Random (Java SE 11 & JDK 11 ) - Oracle Docs. ([n.d.]). Retrieved September 05, 2019 from https:\/\/docs.oracle.com\/en\/java\/javase\/11\/docs\/api\/java.base\/java\/util\/Random.html"},{"key":"e_1_3_2_2_34_1","unstructured":"[n.d.]. [n.d.]d. SecureRandom (Java SE 11 & JDK 11 ) - Oracle Docs. ([n.d.]). Retrieved September 05 2019 from https:\/\/docs.oracle.com\/en\/java\/javase\/11\/docs\/api\/java.base\/java\/security\/SecureRandom.html"},{"key":"e_1_3_2_2_35_1","unstructured":"[n.d.]. [n.d.]e. XING. ([n.d.]). Retrieved August 31 2019 from https:\/\/www.xing.com\/"},{"key":"e_1_3_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133977"},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2010.22"},{"key":"e_1_3_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.5555\/2818754.2818836"},{"key":"e_1_3_2_2_39_1","unstructured":"M Angela Sasse. 2003. Computer security: Anatomy of a usability disaster and a plan for recovery. (2003)."},{"key":"e_1_3_2_2_40_1","volume-title":"Transforming the `weakest link' - a human\/computer interaction approach to usable and effective security. BT technology journal 19, 3","author":"Sasse Martina Angela","year":"2001","unstructured":"Martina Angela Sasse, Sacha Brostoff, and Dirk Weirich. 2001. Transforming the `weakest link' - a human\/computer interaction approach to usable and effective security. BT technology journal 19, 3 (2001), 122--131."},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2013.6698898"},{"key":"e_1_3_2_2_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISESE.2002.1166921"},{"key":"e_1_3_2_2_43_1","volume-title":"Research methods in accounting","author":"Smith Malcolm","unstructured":"Malcolm Smith. 2017. Research methods in accounting. Sage."},{"key":"e_1_3_2_2_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/1414004.1414055"},{"key":"e_1_3_2_2_45_1","volume-title":"A general inductive approach for analyzing qualitative evaluation data. American journal of evaluation 27, 2","author":"Thomas David R","year":"2006","unstructured":"David R Thomas. 2006. A general inductive approach for analyzing qualitative evaluation data. American journal of evaluation 27, 2 (2006), 237--246."},{"key":"e_1_3_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/VLHCC.2015.7357200"},{"key":"e_1_3_2_2_47_1","volume-title":"Twelfth Symposium on Usable Privacy and Security (SOUPS 2016","author":"Thomas Tyler W.","year":"2016","unstructured":"Tyler W. Thomas, Heather Lipford, Bill Chu, Justin Smith, and Emerson Murphy-Hill. 2016. What Questions Remain? An Examination of How Developers Understand an Interactive Static Analysis Tool. In Twelfth Symposium on Usable Privacy and Security (SOUPS 2016). USENIX Association, Denver, CO. https:\/\/www.usenix.org\/conference\/soups2016\/workshop-program\/wsiw16\/presentation\/thomas"},{"key":"e_1_3_2_2_48_1","volume-title":"Usenix Security","volume":"1999","author":"Whitten Alma","year":"1999","unstructured":"Alma Whitten and J Doug Tygar. 1999. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0.. In Usenix Security, Vol. 1999."},{"key":"e_1_3_2_2_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3210459.3210483"},{"key":"e_1_3_2_2_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/VLHCC.2011.6070393"},{"key":"e_1_3_2_2_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.18"}],"event":{"name":"CHI '20: CHI Conference on Human Factors in Computing Systems","location":"Honolulu HI USA","acronym":"CHI '20","sponsor":["SIGCHI ACM Special Interest Group on Computer-Human Interaction"]},"container-title":["Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3313831.3376791","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3313831.3376791","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:32:47Z","timestamp":1750199567000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3313831.3376791"}},"subtitle":["Examining a Password-Storage Study with CS Students, Freelancers, and Company Developers"],"short-title":[],"issued":{"date-parts":[[2020,4,21]]},"references-count":50,"alternative-id":["10.1145\/3313831.3376791","10.1145\/3313831"],"URL":"https:\/\/doi.org\/10.1145\/3313831.3376791","relation":{},"subject":[],"published":{"date-parts":[[2020,4,21]]},"assertion":[{"value":"2020-04-23","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}