{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,25]],"date-time":"2026-04-25T14:35:14Z","timestamp":1777127714557,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":64,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,12,5]],"date-time":"2022-12-05T00:00:00Z","timestamp":1670198400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["1845300"],"award-info":[{"award-number":["1845300"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,12,5]]},"DOI":"10.1145\/3564625.3567981","type":"proceedings-article","created":{"date-parts":[[2022,12,3]],"date-time":"2022-12-03T01:01:29Z","timestamp":1670029289000},"page":"605-618","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["User Perceptions of Five-Word Passwords"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2198-5067","authenticated-orcid":false,"given":"Xiaoyuan","family":"Wu","sequence":"first","affiliation":[{"name":"Computer Science, The George Washington University, United States of America"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1987-1685","authenticated-orcid":false,"given":"Collins W.","family":"Munyendo","sequence":"additional","affiliation":[{"name":"Computer Science, The George Washington University, United States of America"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3653-6822","authenticated-orcid":false,"given":"Eddie","family":"Cosic","sequence":"additional","affiliation":[{"name":"Computer Science, The George Washington University, United States of America"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4566-5009","authenticated-orcid":false,"given":"Genevieve A.","family":"Flynn","sequence":"additional","affiliation":[{"name":"Computer Science, The George Washington University, United States of America"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4275-222X","authenticated-orcid":false,"given":"Olivia","family":"Legault","sequence":"additional","affiliation":[{"name":"Computer Science, The George Washington University, United States of America"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3792-2485","authenticated-orcid":false,"given":"Adam J.","family":"Aviv","sequence":"additional","affiliation":[{"name":"Computer Science, The George Washington University, United States of America"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2022,12,5]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818014"},{"key":"e_1_3_2_1_2_1","volume-title":"Towards Baselines for Shoulder Surfing on Mobile Authentication. In Annual Conference on Computer Security Applications(ACSAC\u00a0\u201917)","author":"Aviv J.","year":"2017","unstructured":"Adam\u00a0 J. Aviv , John\u00a0 T. Davin , Flynn Wolf , and Ravi Kuber . 2017 . Towards Baselines for Shoulder Surfing on Mobile Authentication. In Annual Conference on Computer Security Applications(ACSAC\u00a0\u201917) . ACM, Orlando, Florida, USA, 486\u2013498. Adam\u00a0J. Aviv, John\u00a0T. Davin, Flynn Wolf, and Ravi Kuber. 2017. Towards Baselines for Shoulder Surfing on Mobile Authentication. In Annual Conference on Computer Security Applications(ACSAC\u00a0\u201917). ACM, Orlando, Florida, USA, 486\u2013498."},{"key":"e_1_3_2_1_3_1","volume-title":"Smudge Attacks on Smartphone Touch Screens. In USENIX Workshop on Offensive Technologies(WOOT\u00a0\u201910)","author":"Aviv J.","year":"2010","unstructured":"Adam\u00a0 J. Aviv , Katherine Gibson , Evan Mossop , Matt Blaze , and Jonathan\u00a0 M. Smith . 2010 . Smudge Attacks on Smartphone Touch Screens. In USENIX Workshop on Offensive Technologies(WOOT\u00a0\u201910) . USENIX, Washington, District of Columbia, USA, 1\u20137. Adam\u00a0J. Aviv, Katherine Gibson, Evan Mossop, Matt Blaze, and Jonathan\u00a0M. Smith. 2010. Smudge Attacks on Smartphone Touch Screens. In USENIX Workshop on Offensive Technologies(WOOT\u00a0\u201910). USENIX, Washington, District of Columbia, USA, 1\u20137."},{"key":"e_1_3_2_1_4_1","volume-title":"Comparing Video Based Shoulder Surfing with Live Simulation and Towards Baselines for Shoulder Surfing on Mobile Authentication. In Annual Conference on Computer Security Applications(ACSAC\u00a0\u201918)","author":"Aviv J.","year":"2018","unstructured":"Adam\u00a0 J. Aviv , Flynn Wolf , and Ravi Kuber . 2018 . Comparing Video Based Shoulder Surfing with Live Simulation and Towards Baselines for Shoulder Surfing on Mobile Authentication. In Annual Conference on Computer Security Applications(ACSAC\u00a0\u201918) . ACM, San Juan, Puerto Rico, USA, 453\u2013466. Adam\u00a0J. Aviv, Flynn Wolf, and Ravi Kuber. 2018. Comparing Video Based Shoulder Surfing with Live Simulation and Towards Baselines for Shoulder Surfing on Mobile Authentication. In Annual Conference on Computer Security Applications(ACSAC\u00a0\u201918). ACM, San Juan, Puerto Rico, USA, 453\u2013466."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.49"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.44"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2699390"},{"key":"e_1_3_2_1_8_1","volume-title":"Financial Cryptography and Data Security(FC\u00a0\u201912)","author":"Bonneau Joseph","unstructured":"Joseph Bonneau , S\u00f6ren Preibusch , and Ross Anderson . 2012. A Birthday Present Every Eleven Wallets? The Security of Customer-Chosen Banking PINs . In Financial Cryptography and Data Security(FC\u00a0\u201912) . Springer , Kralendijk, Bonaire , 25\u201340. Joseph Bonneau, S\u00f6ren Preibusch, and Ross Anderson. 2012. A Birthday Present Every Eleven Wallets? The Security of Customer-Chosen Banking PINs. In Financial Cryptography and Data Security(FC\u00a0\u201912). Springer, Kralendijk, Bonaire, 25\u201340."},{"key":"e_1_3_2_1_9_1","volume-title":"Symposium on Network and Distributed System Security(NDSS\u00a0\u201912)","author":"Castelluccia Claude","year":"2012","unstructured":"Claude Castelluccia , Markus D\u00fcrmuth , and Daniele Perito . 2012 . Adaptive Password-Strength Meters from Markov Models . In Symposium on Network and Distributed System Security(NDSS\u00a0\u201912) . ISOC, San Diego, California, USA. Claude Castelluccia, Markus D\u00fcrmuth, and Daniele Perito. 2012. Adaptive Password-Strength Meters from Markov Models. In Symposium on Network and Distributed System Security(NDSS\u00a0\u201912). ISOC, San Diego, California, USA."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10623-015-0071-9"},{"key":"e_1_3_2_1_11_1","volume-title":"Tip: Use passphrases when you need a secure but easy-to-type password: 1password. https:\/\/blog.1password.com\/tip-memorable-password-wifi-tv-apps\/","author":"Chioconi Emily","year":"2022","unstructured":"Emily Chioconi . 2022 . Tip: Use passphrases when you need a secure but easy-to-type password: 1password. https:\/\/blog.1password.com\/tip-memorable-password-wifi-tv-apps\/ Emily Chioconi. 2022. Tip: Use passphrases when you need a secure but easy-to-type password: 1password. https:\/\/blog.1password.com\/tip-memorable-password-wifi-tv-apps\/"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3173574.3174030"},{"key":"e_1_3_2_1_13_1","volume-title":"The Tangled Web of Password Reuse. In Symposium on Network and Distributed System Security(NDSS\u00a0\u201914)","author":"Das Anupam","year":"2014","unstructured":"Anupam Das , Joseph Bonneau , Matthew Caesar , Nikita Borisov , and XiaoFeng Wang . 2014 . The Tangled Web of Password Reuse. In Symposium on Network and Distributed System Security(NDSS\u00a0\u201914) . ISOC, San Diego, California, USA. Anupam Das, Joseph Bonneau, Matthew Caesar, Nikita Borisov, and XiaoFeng Wang. 2014. The Tangled Web of Password Reuse. In Symposium on Network and Distributed System Security(NDSS\u00a0\u201914). ISOC, San Diego, California, USA."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/eurospw.2019.00020"},{"key":"e_1_3_2_1_15_1","unstructured":"EF. 2020. 3000 most common words in English. https:\/\/www.ef.edu\/english-resources\/english-vocabulary\/top-3000-words\/ as of 2022\/10\/18 18:58:47.  EF. 2020. 3000 most common words in English. https:\/\/www.ef.edu\/english-resources\/english-vocabulary\/top-3000-words\/ as of 2022\/10\/18 18:58:47."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242661"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427252"},{"key":"e_1_3_2_1_18_1","unstructured":"Electronic\u00a0Frontier Foundation. 2016. EFF Dice-Generated Passphrases. https:\/\/www.eff.org\/dice as of 2022\/10\/18 18:58:47.  Electronic\u00a0Frontier Foundation. 2016. EFF Dice-Generated Passphrases. https:\/\/www.eff.org\/dice as of 2022\/10\/18 18:58:47."},{"key":"e_1_3_2_1_19_1","volume-title":"Work in Progress: On the In-Accuracy and Influence of Android Pattern Strength Meters. In Workshop on Usable Security and Privacy(USEC\u00a0\u201919)","author":"Golla Maximilian","year":"2019","unstructured":"Maximilian Golla , Jan Rimkus , Adam\u00a0 J. Aviv , and Markus D\u00fcrmuth . 2019 . Work in Progress: On the In-Accuracy and Influence of Android Pattern Strength Meters. In Workshop on Usable Security and Privacy(USEC\u00a0\u201919) . ISOC, San Diego, California, USA. Maximilian Golla, Jan Rimkus, Adam\u00a0J. Aviv, and Markus D\u00fcrmuth. 2019. Work in Progress: On the In-Accuracy and Influence of Android Pattern Strength Meters. In Workshop on Usable Security and Privacy(USEC\u00a0\u201919). ISOC, San Diego, California, USA."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243767"},{"key":"e_1_3_2_1_21_1","volume-title":"User Behaviors and Attitudes Under Password Expiration Policies. In Fourteenth Symposium on Usable Privacy and Security(SOUPS\u00a0\u201918)","author":"Habib Hana","year":"2018","unstructured":"Hana Habib , Pardis\u00a0Emami Naeini , Summer Devlin , Maggie Oates , Chelse Swoopes , Lujo Bauer , Nicolas Christin , and Lorrie\u00a0Faith Cranor . 2018 . User Behaviors and Attitudes Under Password Expiration Policies. In Fourteenth Symposium on Usable Privacy and Security(SOUPS\u00a0\u201918) . USENIX, Baltimore, Maryland, USA, 13\u201330. Hana Habib, Pardis\u00a0Emami Naeini, Summer Devlin, Maggie Oates, Chelse Swoopes, Lujo Bauer, Nicolas Christin, and Lorrie\u00a0Faith Cranor. 2018. User Behaviors and Attitudes Under Password Expiration Policies. In Fourteenth Symposium on Usable Privacy and Security(SOUPS\u00a0\u201918). USENIX, Baltimore, Maryland, USA, 13\u201330."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3173574.3174144"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.150"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00094"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3025453.3025788"},{"key":"e_1_3_2_1_26_1","volume-title":"ACM Conference on Human Factors in Computing Systems(CHI\u00a0\u201910)","author":"G.","unstructured":"Philip\u00a0 G. Inglesant and Angela\u00a0M. Sasse. 2010. The true cost of unusable password policies: password use in the wild . In ACM Conference on Human Factors in Computing Systems(CHI\u00a0\u201910) . ACM, Atlanta, Georgia, USA, 383\u2013392. Philip\u00a0G. Inglesant and Angela\u00a0M. Sasse. 2010. The true cost of unusable password policies: password use in the wild. In ACM Conference on Human Factors in Computing Systems(CHI\u00a0\u201910). ACM, Atlanta, Georgia, USA, 383\u2013392."},{"key":"e_1_3_2_1_27_1","volume-title":"Comparing Expert and Non-Expert Security Practices. In Eleventh Symposium on Usable Privacy and Security","author":"Ion Iulia","year":"2015","unstructured":"Iulia Ion , Rob Reeder , and Sunny Consolvo . 2015 . \u201c... No One Can Hack My Min \u201d: Comparing Expert and Non-Expert Security Practices. In Eleventh Symposium on Usable Privacy and Security ( Ottawa, Canada) (SOUPS\u00a0\u201915). USENIX, USA, 327\u2013346. Iulia Ion, Rob Reeder, and Sunny Consolvo. 2015. \u201c...No One Can Hack My Min\u201d: Comparing Expert and Non-Expert Security Practices. In Eleventh Symposium on Usable Privacy and Security (Ottawa, Canada) (SOUPS\u00a0\u201915). USENIX, USA, 327\u2013346."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/975817.975820"},{"key":"e_1_3_2_1_29_1","volume-title":"Studying the Impact of Managers on Password Strength and Reuse. In USENIX Security Symposium(USENIX Security 18)","author":"Lyastani Sanam\u00a0Ghorbani","year":"2018","unstructured":"Sanam\u00a0Ghorbani Lyastani , Michael Schilling , Sascha Fahl , Michael Backes , and Sven Bugiel . 2018 . Better managed than memorized? Studying the Impact of Managers on Password Strength and Reuse. In USENIX Security Symposium(USENIX Security 18) . USENIX, Baltimore, MD, 203\u2013220. https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/lyastani Sanam\u00a0Ghorbani Lyastani, Michael Schilling, Sascha Fahl, Michael Backes, and Sven Bugiel. 2018. Better managed than memorized? Studying the Impact of Managers on Password Strength and Reuse. In USENIX Security Symposium(USENIX Security 18). USENIX, Baltimore, MD, 203\u2013220. https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/lyastani"},{"key":"e_1_3_2_1_30_1","volume-title":"This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs. In IEEE Symposium on Security and Privacy(SP\u00a0\u201920)","author":"Markert Philipp","year":"2020","unstructured":"Philipp Markert , Daniel\u00a0 V. Bailey , Maximilian Golla , Markus D\u00fcrmuth , and Adam\u00a0 J. Aviv . 2020 . This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs. In IEEE Symposium on Security and Privacy(SP\u00a0\u201920) . IEEE, San Francisco, California, USA, 286\u2013303. Philipp Markert, Daniel\u00a0V. Bailey, Maximilian Golla, Markus D\u00fcrmuth, and Adam\u00a0J. Aviv. 2020. This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs. In IEEE Symposium on Security and Privacy(SP\u00a0\u201920). IEEE, San Francisco, California, USA, 286\u2013303."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3473040"},{"key":"e_1_3_2_1_32_1","volume-title":"Large Educational Institution. In USENIX Security Symposium(USENIX Security 22)","author":"Mayer Peter","year":"2022","unstructured":"Peter Mayer , Collins\u00a0 W. Munyendo , Michelle\u00a0 L. Mazurek , and Adam\u00a0 J. Aviv . 2022 . Why Users (Don\u2019t) Use Password Managers at a Large Educational Institution. In USENIX Security Symposium(USENIX Security 22) . USENIX, Boston, Massachusetts, USA. Peter Mayer, Collins\u00a0W. Munyendo, Michelle\u00a0L. Mazurek, and Adam\u00a0J. Aviv. 2022. Why Users (Don\u2019t) Use Password Managers at a Large Educational Institution. In USENIX Security Symposium(USENIX Security 22). USENIX, Boston, Massachusetts, USA."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3167996.3167998"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516726"},{"key":"e_1_3_2_1_35_1","volume-title":"Usability and Security of Text Passwords on Mobile Devices. In ACM Conference on Human Factors in Computing Systems(CHI\u00a0\u201916)","author":"Melicher William","year":"2016","unstructured":"William Melicher , Darya Kurilova , Sean\u00a0 M. Segreti , Pranshu Kalvani , Richard Shay , Blase Ur , Lujo Bauer , Nicolas Christin , Lorrie\u00a0Faith Cranor , and Michelle\u00a0 L. Mazurek . 2016 . Usability and Security of Text Passwords on Mobile Devices. In ACM Conference on Human Factors in Computing Systems(CHI\u00a0\u201916) . ACM, San Jose, California, USA, 527\u2013539. William Melicher, Darya Kurilova, Sean\u00a0M. Segreti, Pranshu Kalvani, Richard Shay, Blase Ur, Lujo Bauer, Nicolas Christin, Lorrie\u00a0Faith Cranor, and Michelle\u00a0L. Mazurek. 2016. Usability and Security of Text Passwords on Mobile Devices. In ACM Conference on Human Factors in Computing Systems(CHI\u00a0\u201916). ACM, San Jose, California, USA, 527\u2013539."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/359168.359172"},{"key":"e_1_3_2_1_37_1","volume-title":"Seventeenth Symposium on Usable Privacy and Security(SOUPS\u00a0\u201921)","author":"Munyendo W.","year":"2021","unstructured":"Collins\u00a0 W. Munyendo , Miles Grant , Philipp Markert , Timothy\u00a0 J. Forman , and Adam\u00a0 J. Aviv . 2021 . Using a Blocklist to Improve the Security of User Selection of Android Patterns . In Seventeenth Symposium on Usable Privacy and Security(SOUPS\u00a0\u201921) . USENIX, Virtual Conference, 37\u201356. Collins\u00a0W. Munyendo, Miles Grant, Philipp Markert, Timothy\u00a0J. Forman, and Adam\u00a0J. Aviv. 2021. Using a Blocklist to Improve the Security of User Selection of Android Patterns. In Seventeenth Symposium on Usable Privacy and Security(SOUPS\u00a0\u201921). USENIX, Virtual Conference, 37\u201356."},{"key":"e_1_3_2_1_38_1","volume-title":"Digits. In USENIX Security Symposium(USENIX Security 22)","author":"Munyendo W.","year":"2022","unstructured":"Collins\u00a0 W. Munyendo , Philipp Markert , Alexandra Nisenoff , Miles Grant , Elena Korkes , Blase Ur , and Adam\u00a0 J. Aviv . 2022 . \u201c The Same PIN, Just Longer\u201d: On the (In)Security of Upgrading PINs from 4 to 6 Digits. In USENIX Security Symposium(USENIX Security 22) . USENIX, Boston, Massachusetts, USA. Collins\u00a0W. Munyendo, Philipp Markert, Alexandra Nisenoff, Miles Grant, Elena Korkes, Blase Ur, and Adam\u00a0J. Aviv. 2022. \u201cThe Same PIN, Just Longer\u201d: On the (In)Security of Upgrading PINs from 4 to 6 Digits. In USENIX Security Symposium(USENIX Security 22). USENIX, Boston, Massachusetts, USA."},{"key":"e_1_3_2_1_39_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20). USENIX, Virtual Conference, 2165\u20132182","author":"Oesch Sean","year":"2020","unstructured":"Sean Oesch and Scott Ruoti . 2020 . That Was Then, This Is Now: A Security Evaluation of Password Generation, Storage, and Autofill in Browser-Based Password Managers . In 29th USENIX Security Symposium (USENIX Security 20). USENIX, Virtual Conference, 2165\u20132182 . https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/oesch Sean Oesch and Scott Ruoti. 2020. That Was Then, This Is Now: A Security Evaluation of Password Generation, Storage, and Autofill in Browser-Based Password Managers. In 29th USENIX Security Symposium (USENIX Security 20). USENIX, Virtual Conference, 2165\u20132182. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/oesch"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3491102.3517534"},{"key":"e_1_3_2_1_41_1","volume-title":"Fifteenth Symposium On Usable Privacy and Security(SOUPS\u00a0\u201919)","author":"Pearman Sarah","year":"2019","unstructured":"Sarah Pearman , Shikun\u00a0Aerin Zhang , Lujo Bauer , Nicolas Christin , and Lorrie\u00a0Faith Cranor . 2019 . Why people (don\u2019t) use password managers effectively . In Fifteenth Symposium On Usable Privacy and Security(SOUPS\u00a0\u201919) . USENIX, Santa Clara, CA, 319\u2013338. Sarah Pearman, Shikun\u00a0Aerin Zhang, Lujo Bauer, Nicolas Christin, and Lorrie\u00a0Faith Cranor. 2019. Why people (don\u2019t) use password managers effectively. In Fifteenth Symposium On Usable Privacy and Security(SOUPS\u00a0\u201919). USENIX, Santa Clara, CA, 319\u2013338."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/2751323.2751327"},{"key":"e_1_3_2_1_43_1","volume-title":"https:\/\/www.prolific.co\/, as of","year":"2022","unstructured":"Prolific. 2022. Prolific. https:\/\/www.prolific.co\/, as of June 8, 2022 . Prolific. 2022. Prolific. https:\/\/www.prolific.co\/, as of June 8, 2022."},{"key":"e_1_3_2_1_44_1","volume-title":"Google: Less than 10% of Gmail users enable two-factor authentication. https:\/\/www.techrepublic.com\/article\/google-less-than-10-of-gmail-users-enable-two-factor-authentication\/","author":"Rayome DeNisco","year":"2018","unstructured":"Alison\u00a0 DeNisco Rayome . 2018 . Google: Less than 10% of Gmail users enable two-factor authentication. https:\/\/www.techrepublic.com\/article\/google-less-than-10-of-gmail-users-enable-two-factor-authentication\/ Alison\u00a0DeNisco Rayome. 2018. Google: Less than 10% of Gmail users enable two-factor authentication. https:\/\/www.techrepublic.com\/article\/google-less-than-10-of-gmail-users-enable-two-factor-authentication\/"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.24"},{"key":"e_1_3_2_1_47_1","volume-title":"USENIX Security Symposium(USENIX Security 20). USENIX, Virtual Conference, 127\u2013143","author":"Reynolds Joshua","year":"2020","unstructured":"Joshua Reynolds , Nikita Samarin , Joseph Barnes , Taylor Judd , Joshua Mason , Michael Bailey , and Serge Egelman . 2020 . Empirical Measurement of Systemic 2FA Usability . In USENIX Security Symposium(USENIX Security 20). USENIX, Virtual Conference, 127\u2013143 . https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/reynolds Joshua Reynolds, Nikita Samarin, Joseph Barnes, Taylor Judd, Joshua Mason, Michael Bailey, and Serge Egelman. 2020. Empirical Measurement of Systemic 2FA Usability. In USENIX Security Symposium(USENIX Security 20). USENIX, Virtual Conference, 127\u2013143. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/reynolds"},{"key":"e_1_3_2_1_48_1","volume-title":"On the Security of LG\u2019s Knock Codes. In Sixteenth Symposium on Usable Privacy and Security(SOUPS\u00a0\u201920)","author":"Samuel Raina","year":"2020","unstructured":"Raina Samuel , Philipp Markert , Adam\u00a0 J. Aviv , and Iulian Neamtiu . 2020 . Knock, Knock. Who\u2019s There? On the Security of LG\u2019s Knock Codes. In Sixteenth Symposium on Usable Privacy and Security(SOUPS\u00a0\u201920) . USENIX, Virtual Conference, 37\u201359. Raina Samuel, Philipp Markert, Adam\u00a0J. Aviv, and Iulian Neamtiu. 2020. Knock, Knock. Who\u2019s There? On the Security of LG\u2019s Knock Codes. In Sixteenth Symposium on Usable Privacy and Security(SOUPS\u00a0\u201920). USENIX, Virtual Conference, 37\u201359."},{"key":"e_1_3_2_1_49_1","volume-title":"Password Entry Usability and Shoulder Surfing Susceptibility on Different Smartphone Platforms. In International Conference on Mobile and Ubiquitous Multimedia(MUM\u00a0\u201912)","author":"Schaub Florian","year":"2012","unstructured":"Florian Schaub , Ruben Deyhle , and Michael Weber . 2012 . Password Entry Usability and Shoulder Surfing Susceptibility on Different Smartphone Platforms. In International Conference on Mobile and Ubiquitous Multimedia(MUM\u00a0\u201912) . ACM, Ulm, Germany, 13:1\u201313:10. Florian Schaub, Ruben Deyhle, and Michael Weber. 2012. Password Entry Usability and Shoulder Surfing Susceptibility on Different Smartphone Platforms. In International Conference on Mobile and Ubiquitous Multimedia(MUM\u00a0\u201912). ACM, Ulm, Germany, 13:1\u201313:10."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/2702123.2702586"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/1837110.1837113"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-24192-0_4"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/3183341"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417882"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516700"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/3025453.3026050"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/2858036.2858546"},{"key":"e_1_3_2_1_58_1","volume-title":"The Effect of Strength Meters on Password Creation. In USENIX Security Symposium(USENIX Security 12)","author":"Ur Blase","year":"2012","unstructured":"Blase Ur , Patrick\u00a0Gage Kelley , Saranga Komanduri , Joel Lee , Michael Maass , Michelle\u00a0 L. Mazurek , Timothy Passaro , Richard Shay , Timothy Vidas , Lujo Bauer , Nicolas Christin , and Lorrie\u00a0Faith Cranor . 2012 . How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation. In USENIX Security Symposium(USENIX Security 12) . USENIX, Bellevue, WA, 65\u201380. https:\/\/www.usenix.org\/conference\/usenixsecurity12\/technical-sessions\/presentation\/ur Blase Ur, Patrick\u00a0Gage Kelley, Saranga Komanduri, Joel Lee, Michael Maass, Michelle\u00a0L. Mazurek, Timothy Passaro, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, and Lorrie\u00a0Faith Cranor. 2012. How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation. In USENIX Security Symposium(USENIX Security 12). USENIX, Bellevue, WA, 65\u201380. https:\/\/www.usenix.org\/conference\/usenixsecurity12\/technical-sessions\/presentation\/ur"},{"key":"e_1_3_2_1_59_1","volume-title":"Observing Password Creation in the Lab. In Eleventh Symposium On Usable Privacy and Security(SOUPS\u00a0\u201915)","author":"Ur Blase","year":"2015","unstructured":"Blase Ur , Fumiko Noma , Jonathan Bees , Sean\u00a0 M. Segreti , Richard Shay , Lujo Bauer , Nicolas Christin , and Lorrie\u00a0Faith Cranor . 2015 . \u201c I Added \u2019!\u2019 at the End to Make It Secure \u201d: Observing Password Creation in the Lab. In Eleventh Symposium On Usable Privacy and Security(SOUPS\u00a0\u201915) . USENIX, Ottawa, 123\u2013140. https:\/\/www.usenix.org\/conference\/soups 2015\/proceedings\/presentation\/ur Blase Ur, Fumiko Noma, Jonathan Bees, Sean\u00a0M. Segreti, Richard Shay, Lujo Bauer, Nicolas Christin, and Lorrie\u00a0Faith Cranor. 2015. \u201cI Added \u2019!\u2019 at the End to Make It Secure\u201d: Observing Password Creation in the Lab. In Eleventh Symposium On Usable Privacy and Security(SOUPS\u00a0\u201915). USENIX, Ottawa, 123\u2013140. https:\/\/www.usenix.org\/conference\/soups2015\/proceedings\/presentation\/ur"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/2702123.2702202"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/3176258.3176332"},{"key":"e_1_3_2_1_62_1","volume-title":"Distribution and Security. In ACM Asia Conference on Computer and Communications Security(ASIA\u00a0CCS\u00a0\u201917)","author":"Wang Ding","year":"2017","unstructured":"Ding Wang , Qianchen Gu , Xinyi Huang , and Ping Wang . 2017 . Understanding Human-Chosen PINs: Characteristics , Distribution and Security. In ACM Asia Conference on Computer and Communications Security(ASIA\u00a0CCS\u00a0\u201917) . ACM, Abu Dhabi, United Arab Emirates, 372\u2013385. Ding Wang, Qianchen Gu, Xinyi Huang, and Ping Wang. 2017. Understanding Human-Chosen PINs: Characteristics, Distribution and Security. In ACM Asia Conference on Computer and Communications Security(ASIA\u00a0CCS\u00a0\u201917). ACM, Abu Dhabi, United Arab Emirates, 372\u2013385."},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866327"},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"crossref","unstructured":"M. Yildirim and I. Mackie. 2019. Encouraging users to improve password security and memorability. International Journal of Information Security 18 (April 2019) 741\u2013759.  M. Yildirim and I. Mackie. 2019. Encouraging users to improve password security and memorability. International Journal of Information Security 18 (April 2019) 741\u2013759.","DOI":"10.1007\/s10207-019-00429-y"},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866328"}],"event":{"name":"ACSAC: Annual Computer Security Applications Conference","location":"Austin TX USA","acronym":"ACSAC"},"container-title":["Proceedings of the 38th Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3564625.3567981","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3564625.3567981","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3564625.3567981","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T18:09:12Z","timestamp":1750183752000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3564625.3567981"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,12,5]]},"references-count":64,"alternative-id":["10.1145\/3564625.3567981","10.1145\/3564625"],"URL":"https:\/\/doi.org\/10.1145\/3564625.3567981","relation":{},"subject":[],"published":{"date-parts":[[2022,12,5]]},"assertion":[{"value":"2022-12-05","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}