{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,24]],"date-time":"2026-01-24T19:50:23Z","timestamp":1769284223477,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":38,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,11,13]],"date-time":"2022-11-13T00:00:00Z","timestamp":1668297600000},"content-version":"vor","delay-in-days":366,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["2055549"],"award-info":[{"award-number":["2055549"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,12]]},"DOI":"10.1145\/3460120.3484791","type":"proceedings-article","created":{"date-parts":[[2021,11,13]],"date-time":"2021-11-13T12:05:34Z","timestamp":1636805134000},"page":"252-270","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":7,"title":["Don't Forget the Stuffing! Revisiting the Security Impact of Typo-Tolerant Password Authentication"],"prefix":"10.1145","author":[{"given":"Sena","family":"Sahin","sequence":"first","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}]},{"given":"Frank","family":"Li","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}]}],"member":"320","published-online":{"date-parts":[[2021,11,13]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"4iQ. 2020. Weaponized Data Breaches: Fueling Identity-based Attacks Across the Globe. https:\/\/https:\/\/4iq.com\/2020-identity-breach-report\/."},{"key":"e_1_3_2_1_2_1","unstructured":"Susan Antilla. 2015. Is Vanguard Making It Too Easy for Cybercriminals to Access Your Account? https:\/\/www.thestreet.com\/opinion\/is-vanguard-making-it-too-easy-for-cybercriminals-to-access-your-account-13213265."},{"key":"e_1_3_2_1_3_1","unstructured":"Bijeeta Pal. 2019. Password Similarity Models using Neural Networks. https:\/\/github.com\/Bijeeta\/credtweak\/tree\/master\/credTweakAttack."},{"key":"e_1_3_2_1_4_1","volume-title":"Making More Extensive and Efficient Typo-Tolerant Password Checkers","author":"Blanchard Enka","unstructured":"Enka Blanchard. 2020. Making More Extensive and Efficient Typo-Tolerant Password Checkers. In IEEE Annual Computers, Software, and Applications Conference (COMPSAC)."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.44"},{"key":"e_1_3_2_1_6_1","unstructured":"Julio Casal. 2017. 1.4 billion cleartext credentials discovered in a single database. https:\/\/medium.com\/4iqdelvedeep\/1--4-billion-clear-text-credentials -discovered-in-a-single-database-3131d0a1ae14."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.53"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134000"},{"key":"e_1_3_2_1_9_1","unstructured":"Katie Collins. 2017. Facebook buys black market passwords to keep your account safe. https:\/\/www.cnet.com\/news\/facebook-chief-security-officer-alex-stamos-web-summit-lisbon-hackers\/."},{"key":"e_1_3_2_1_10_1","volume-title":"The Tangled Web of Password Reuse. In Network and Distributed System Security Symposium (NDSS).","author":"Das Anupam","year":"2014","unstructured":"Anupam Das, Joseph Bonneau, Matthew Caesar, Nikita Borisov, and XiaoFeng Wang. 2014. The Tangled Web of Password Reuse. In Network and Distributed System Security Symposium (NDSS)."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23268"},{"key":"e_1_3_2_1_12_1","unstructured":"Dropbox. 2016. zxcvbn. https:\/\/github.com\/dropbox\/zxcvbn."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243767"},{"key":"e_1_3_2_1_14_1","volume-title":"Password Creation in the Presence of Blacklists. In Workshop on Usable Security and Privacy (USEC).","author":"Habib Hana","year":"2017","unstructured":"Hana Habib, Jessica Colnago, William Melicher, Blase Ur, Sean Segreti, Lujo Bauer, Nicolas Christin, and Lorrie Cranor. 2017. Password Creation in the Presence of Blacklists. In Workshop on Usable Security and Privacy (USEC)."},{"key":"e_1_3_2_1_15_1","unstructured":"Josh Hendrickson. 2019. Facebook Fudges Your Password for Your Convenience. https:\/\/www.howtogeek.com\/402761\/facebook-fudges-your-password-for-your-convenience\/."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23124"},{"key":"e_1_3_2_1_17_1","unstructured":"Troy Hunt. 2020. The 773 Million Record \"Collection #1\" Data Breach. https:\/\/www.troyhunt.com\/the-773-million-record-collection-1-data-reach\/."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.17705\/1jais.00184"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijhcs.2006.08.005"},{"key":"e_1_3_2_1_20_1","volume-title":"Protocols for Checking Compromised Credentials. In ACM Conference on Computer and Communications Security (CCS).","author":"Li Lucy","year":"2019","unstructured":"Lucy Li, Bijeeta Pal, Junade Ali, Nick Sullivan, Rahul Chatterjee, and Thomas Ristenpart. 2019. Protocols for Checking Compromised Credentials. In ACM Conference on Computer and Communications Security (CCS)."},{"key":"e_1_3_2_1_21_1","unstructured":"MITRE. 2020. Credential Stuffing. https:\/\/attack.mitre.org\/techniques\/T1110\/004\/."},{"key":"e_1_3_2_1_22_1","unstructured":"MITRE. 2020. Password Spraying. https:\/\/attack.mitre.org\/techniques\/T1110\/003\/."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363204"},{"key":"e_1_3_2_1_24_1","unstructured":"OWASP. 2020. Credential Stuffing. https:\/\/owasp.org\/www-community\/attacks\/Credential_stuffing."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00056"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133973"},{"key":"e_1_3_2_1_27_1","first-page":"2833","article-title":"Password security: What users know and what they actually do","volume":"8","author":"Riley Shannon","year":"2006","unstructured":"Shannon Riley. 2006. Password security: What users know and what they actually do. Usability News, Vol. 8, 1 (2006), 2833--2836.","journal-title":"Usability News"},{"key":"e_1_3_2_1_28_1","volume-title":"USENIX Conference on Hot Topics in Security (HotSec).","author":"Schechter Stuart","year":"2010","unstructured":"Stuart Schechter, Cormac Herley, and Michael Mitzenmacher. 2010. Popularity is everything: A new approach to protecting passwords from statistical-guessing attacks. In USENIX Conference on Hot Topics in Security (HotSec)."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2019.00048"},{"key":"e_1_3_2_1_30_1","unstructured":"Shape. 2020. Credential Spill Report. https:\/\/federalnewsnetwork.com\/wp-content\/uploads\/2020\/06\/Shape-Threat-Research-Credential-Spill-Report.pdf."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/1837110.1837113"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134067"},{"key":"e_1_3_2_1_33_1","volume-title":"USENIX Security Symposium.","author":"Thomas Kurt","year":"2019","unstructured":"Kurt Thomas, Jennifer Pullman, Kevin Yeo, Ananth Raghunathan, Patrick Gage Kelley, Luca Invernizzi, Borbala Benko, Tadek Pietraszek, Sarvar Patel, Dan Boneh, et al. 2019. Protecting Accounts from Credential Stuffing with Password Breach Alerting. In USENIX Security Symposium."},{"key":"e_1_3_2_1_34_1","unstructured":"Dylan Tweney. 2011. Amazon.com Security Flaw Accepts Passwords That Are Close But Not Exact. https:\/\/www.wired.com\/2011\/01\/amazon-password-problem\/."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3176258.3176332"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978339"},{"key":"e_1_3_2_1_37_1","volume-title":"USENIX Security Symposium.","author":"Wang Ke Coby","year":"2020","unstructured":"Ke Coby Wang and Michael K Reiter. 2020. Detecting Stuffing of a User's Credentials at Her Own Accounts. In USENIX Security Symposium."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866328"}],"event":{"name":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security","location":"Virtual Event Republic of Korea","acronym":"CCS '21","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484791","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3484791","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3484791","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T20:53:33Z","timestamp":1763499213000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484791"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,12]]},"references-count":38,"alternative-id":["10.1145\/3460120.3484791","10.1145\/3460120"],"URL":"https:\/\/doi.org\/10.1145\/3460120.3484791","relation":{},"subject":[],"published":{"date-parts":[[2021,11,12]]},"assertion":[{"value":"2021-11-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}