{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,13]],"date-time":"2026-02-13T10:16:23Z","timestamp":1770977783866,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":39,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,10,5]],"date-time":"2020-10-05T00:00:00Z","timestamp":1601856000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,10,5]]},"DOI":"10.1145\/3320269.3384762","type":"proceedings-article","created":{"date-parts":[[2020,10,5]],"date-time":"2020-10-05T16:33:23Z","timestamp":1601915603000},"page":"101-115","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["Skeptic: Automatic, Justified and Privacy-Preserving Password Composition Policy Selection"],"prefix":"10.1145","author":[{"given":"Saul","family":"Johnson","sequence":"first","affiliation":[{"name":"Teesside University, Middlesbrough, United Kingdom"}]},{"given":"Jo\u00e3o F.","family":"Ferreira","sequence":"additional","affiliation":[{"name":"INESC-ID and Instituto Superior T\u00e9cnico, University of Lisbon, Lisbon, Portugal"}]},{"given":"Alexandra","family":"Mendes","sequence":"additional","affiliation":[{"name":"HASLab, INESC TEC, Porto & Universidade da Beira Interior, Covilh\u00e3, Portugal"}]},{"given":"Julien","family":"Cordry","sequence":"additional","affiliation":[{"name":"Teesside University, Middlesbrough, United Kingdom"}]}],"member":"320","published-online":{"date-parts":[[2020,10,5]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.5555\/3241189.3241275"},{"key":"e_1_3_2_1_2_1","volume-title":"Usability Evaluation of Domain-Specific Languages. In 2012 Eighth International Conference on the Quality of Information and Communications Technology. 342--347","author":"Bariic A.","year":"2012"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00009"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2482540.2482552"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.49"},{"key":"e_1_3_2_1_6_1","unstructured":"Matt Burgess. 2016. Check if your LinkedIn account was hacked | WIRED UK. https:\/\/www.wired.co.uk\/article\/linkedin-data-breach-find-out-included. (Accessed on 07\/26\/2019).  Matt Burgess. 2016. Check if your LinkedIn account was hacked | WIRED UK. https:\/\/www.wired.co.uk\/article\/linkedin-data-breach-find-out-included. (Accessed on 07\/26\/2019)."},{"key":"e_1_3_2_1_7_1","volume-title":"Nabbus","author":"Burr William E.","year":"2013"},{"key":"e_1_3_2_1_8_1","unstructured":"William E. Burr Donna F. Dodson and W. Timothy Polk. 2006. Electronic Authentication Guideline. https:\/\/nvlpubs.nist.gov\/nistpubs\/Legacy\/SP\/nistspecialpublication800--63ver1.0.2.pdf. (Accessed on 06\/05\/2018).  William E. Burr Donna F. Dodson and W. Timothy Polk. 2006. Electronic Authentication Guideline. https:\/\/nvlpubs.nist.gov\/nistpubs\/Legacy\/SP\/nistspecialpublication800--63ver1.0.2.pdf. (Accessed on 06\/05\/2018)."},{"key":"e_1_3_2_1_9_1","unstructured":"Guillaume Claret. 2015. Coq.io. http:\/\/coq.io\/  Guillaume Claret. 2015. Coq.io. http:\/\/coq.io\/"},{"key":"e_1_3_2_1_10_1","unstructured":"Nik Cubrilovic. 2009. RockYou hack: From bad to worse. https:\/\/techcrunch.com\/2009\/12\/14\/rockyou-hack-security-myspace-facebook-passwords. (Accessed on 18\/03\/2018).  Nik Cubrilovic. 2009. RockYou hack: From bad to worse. https:\/\/techcrunch.com\/2009\/12\/14\/rockyou-hack-security-myspace-facebook-passwords. (Accessed on 18\/03\/2018)."},{"key":"e_1_3_2_1_11_1","unstructured":"Nik Cubrilovich. 2009. RockYou Hack: From Bad To Worse | TechCrunch. https:\/\/techcrunch.com\/2009\/12\/14\/rockyou-hack-security-myspace-facebook-passwords\/. (Accessed on 04\/10\/2019).  Nik Cubrilovich. 2009. RockYou Hack: From Bad To Worse | TechCrunch. https:\/\/techcrunch.com\/2009\/12\/14\/rockyou-hack-security-myspace-facebook-passwords\/. (Accessed on 04\/10\/2019)."},{"key":"e_1_3_2_1_12_1","unstructured":"James D Evans. 1996. Straightforward statistics for the behavioral sciences. Thomson Brooks\/Cole Publishing Co.  James D Evans. 1996. Straightforward statistics for the behavioral sciences. Thomson Brooks\/Cole Publishing Co."},{"key":"e_1_3_2_1_13_1","volume-title":"IFM 2017, Turin, Italy, September 20--22, 2017, Proceedings. 407--421","author":"Ferreira Jo"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1837110.1837124"},{"key":"e_1_3_2_1_15_1","volume-title":"Password Portfolios and the Finite-Effort User: Sustainably Managing Large Numbers of Accounts. In 23rd USENIX Security Symposium (USENIX Security 14)","author":"Flor\u00eancio Dinei"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2016.2636092"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243769"},{"key":"e_1_3_2_1_18_1","unstructured":"Doug Gross. 2012. Yahoo hacked 450 000 passwords posted online - CNN. https:\/\/edition.cnn.com\/2012\/07\/12\/tech\/web\/yahoo-users-hacked. (Accessed on 04\/10\/2019).  Doug Gross. 2012. Yahoo hacked 450 000 passwords posted online - CNN. https:\/\/edition.cnn.com\/2012\/07\/12\/tech\/web\/yahoo-users-hacked. (Accessed on 04\/10\/2019)."},{"key":"e_1_3_2_1_19_1","unstructured":"Troy Hunt. 2018. Have I been pwned? Check if your email has been compromised in a data breach. https:\/\/haveibeenpwned.com\/. (Accessed on 28\/02\/2018).  Troy Hunt. 2018. Have I been pwned? Check if your email has been compromised in a data breach. https:\/\/haveibeenpwned.com\/. (Accessed on 28\/02\/2018)."},{"key":"e_1_3_2_1_20_1","volume-title":"Passlab: A Password Security Tool for the Blue Team. arXiv preprint arXiv:2003.07208","author":"Johnson Saul","year":"2020"},{"key":"e_1_3_2_1_21_1","volume-title":"Lost in Disclosure: On The Inference of Password Composition Policies. In 2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW) .","author":"Johnson Saul","year":"2019"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.38"},{"key":"e_1_3_2_1_23_1","first-page":"80","article-title":"DDoS in the IoT","volume":"50","author":"Kolias C.","year":"2017","journal-title":"Mirai and Other Botnets. Computer"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1978942.1979321"},{"key":"e_1_3_2_1_25_1","volume-title":"Savs a Radomirovi\u0107, and Patrick Schweitzer","author":"Kordy Barbara","year":"2011"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2187836.2187878"},{"key":"e_1_3_2_1_27_1","volume-title":"Thirteenth Symposium on Usable Privacy and Security (SOUPS","author":"Mayer Peter","year":"2017"},{"key":"e_1_3_2_1_28_1","unstructured":"Openwall Project. 2011. Wordlists and common passwords for password recovery. http:\/\/www.openwall.com\/passwords\/wordlists\/. (Accessed on 09\/01\/2018).  Openwall Project. 2011. Wordlists and common passwords for password recovery. http:\/\/www.openwall.com\/passwords\/wordlists\/. (Accessed on 09\/01\/2018)."},{"key":"e_1_3_2_1_29_1","unstructured":"Jack Schofield. 2019. I got a phishing email that tried to blackmail me--what should I do? https:\/\/www.theguardian.com\/technology\/askjack\/2019\/jan\/17\/phishing-email-blackmail-sextortion-webcam. Accessed: 2019-08--20.  Jack Schofield. 2019. I got a phishing email that tried to blackmail me--what should I do? https:\/\/www.theguardian.com\/technology\/askjack\/2019\/jan\/17\/phishing-email-blackmail-sextortion-webcam. Accessed: 2019-08--20."},{"key":"e_1_3_2_1_30_1","volume-title":"Thirteenth Symposium on Usable Privacy and Security (SOUPS","author":"Segreti Sean M.","year":"2017"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2891411"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2011.2173486"},{"key":"e_1_3_2_1_33_1","volume-title":"Measuring Real-World Accuracies and Biases in Modeling Password Guessability. In 24th USENIX Security Symposium (USENIX Security 15)","author":"Ur Blase","year":"2015"},{"key":"e_1_3_2_1_34_1","volume-title":"Topics in Cryptology -- CT-RSA","author":"Verheul Eric R.","year":"2007"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2017.2721359"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866327"},{"key":"e_1_3_2_1_37_1","volume-title":"Password Cracking Using Probabilistic Context-Free Grammars. In 2009 30th IEEE Symposium on Security and Privacy. 391--405","author":"Weir M.","year":"2009"},{"key":"e_1_3_2_1_38_1","volume-title":"25th USENIX Security Symposium (USENIX Security 16)","author":"Wheeler Daniel Lowe","year":"2016"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"crossref","unstructured":"L. Xu C. Ge W. Qiu Z. Huang Z. Gong J. Guo and H. Lian. 2017. Password Guessing Based on LSTM Recurrent Neural Networks. In 2017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC) Vol. 1. 785--788. https:\/\/doi.org\/10.1109\/CSE-EUC.2017.155  L. Xu C. Ge W. Qiu Z. Huang Z. Gong J. Guo and H. Lian. 2017. Password Guessing Based on LSTM Recurrent Neural Networks. In 2017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC) Vol. 1. 785--788. https:\/\/doi.org\/10.1109\/CSE-EUC.2017.155","DOI":"10.1109\/CSE-EUC.2017.155"}],"event":{"name":"ASIA CCS '20: The 15th ACM Asia Conference on Computer and Communications Security","location":"Taipei Taiwan","acronym":"ASIA CCS '20","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 15th ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3320269.3384762","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3320269.3384762","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:41:28Z","timestamp":1750200088000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3320269.3384762"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,10,5]]},"references-count":39,"alternative-id":["10.1145\/3320269.3384762","10.1145\/3320269"],"URL":"https:\/\/doi.org\/10.1145\/3320269.3384762","relation":{},"subject":[],"published":{"date-parts":[[2020,10,5]]},"assertion":[{"value":"2020-10-05","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}