{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T15:53:33Z","timestamp":1776095613785,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":100,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,11,15]],"date-time":"2023-11-15T00:00:00Z","timestamp":1700006400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Deutsche Forschungsgemeinschaft (DFG, German Research Foundation)","award":["Germany?s Excellence Strategy - EXC 2092 CASA - 390781972"],"award-info":[{"award-number":["Germany?s Excellence Strategy - EXC 2092 CASA - 390781972"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,11,15]]},"DOI":"10.1145\/3576915.3623072","type":"proceedings-article","created":{"date-parts":[[2023,11,21]],"date-time":"2023-11-21T12:35:13Z","timestamp":1700570113000},"page":"2740-2754","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":9,"title":["\"Make Them Change it Every Week!\": A Qualitative Exploration of Online Developer Advice on Usable and Secure Authentication"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6994-7206","authenticated-orcid":false,"given":"Jan H.","family":"Klemmer","sequence":"first","affiliation":[{"name":"Leibniz University Hannover, Hannover, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1400-5825","authenticated-orcid":false,"given":"Marco","family":"Gutfleisch","sequence":"additional","affiliation":[{"name":"Ruhr University Bochum, Bochum, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7942-5372","authenticated-orcid":false,"given":"Christian","family":"Stransky","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Hannover, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7167-7383","authenticated-orcid":false,"given":"Yasemin","family":"Acar","sequence":"additional","affiliation":[{"name":"Paderborn University, Paderborn, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1823-5505","authenticated-orcid":false,"given":"M. Angela","family":"Sasse","sequence":"additional","affiliation":[{"name":"Ruhr University Bochum, Bochum, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5644-3316","authenticated-orcid":false,"given":"Sascha","family":"Fahl","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Hannover, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2023,11,21]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/3313831.3376457"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.25"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2017.24"},{"key":"e_1_3_2_1_4_1","volume-title":"Proc. 2016 IEEE Secure Development Conference (SecDev'16)","author":"Acar Yasemin","unstructured":"Yasemin Acar, Sascha Fahl, and Michelle L. Mazurek. 2016. You are Not Your Developer, Either: A Research Agenda for Usable Security and Privacy Research Beyond End Users. In Proc. 2016 IEEE Secure Development Conference (SecDev'16). IEEE."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev.2017.17"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/322796.322806"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3532105.3535013"},{"key":"e_1_3_2_1_8_1","volume-title":"Face ID Security. (Nov","author":"Apple Inc. 2017.","year":"2017","unstructured":"Apple Inc. 2017. Face ID Security. (Nov. 2017). https:\/\/www.apple.com\/busine ss-docs\/FaceID_Security_Guide.pdf."},{"key":"e_1_3_2_1_9_1","volume-title":"van Oorschot","author":"Barrera David","year":"2022","unstructured":"David Barrera, Christopher Bellman, and Paul C. van Oorschot. 2022. A Close Look at a Systematic Method for Analyzing Sets of Security Advice. (2022). https:\/\/arxiv.org\/abs\/2209.04502 arXiv: 2209.04502 [cs.CR]."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3563392"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2736277.2741691"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.44"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2699390"},{"key":"e_1_3_2_1_14_1","volume-title":"Proc. 15th Symposium on Usable Privacy and Security (SOUPS'19)","author":"Busse Karoline","year":"2019","unstructured":"Karoline Busse, Julia Sch\u00e4fer, and Matthew Smith. 2019. Replication: No One Can Hack My Mind Revisiting a Study on Expert and Non-Expert Security Practices and Advice. In Proc. 15th Symposium on Usable Privacy and Security (SOUPS'19). USENIX."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2019.00065"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3173574.3174030"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"crossref","unstructured":"Sanchari Das Andrew Dingman and L. Jean Camp. 2018. Why Johnny Doesn't Use Two Factor A Two-Phase Usability Study of the FIDO U2F Security Key. In Financial Cryptography and Data Security. Sarah Meiklejohn and Kazue Sako (Eds.) Springer 160--179.","DOI":"10.1007\/978-3-662-58387-6_9"},{"key":"e_1_3_2_1_18_1","volume-title":"Back-linko","author":"Dean Brian","year":"2019","unstructured":"Brian Dean. 2019. We analyzed 5 million Google Search Results: Here's What We Learned About Organic Click Through Rate. Accessed: 2021-11-26. Back-linko, (2019). https:\/\/backlinko.com\/google-ctr-stats."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23268"},{"key":"e_1_3_2_1_20_1","volume-title":"Proc. 12th Symposium on Usable Privacy and Security (SOUPS'16)","author":"Fagan Michael","year":"2016","unstructured":"Michael Fagan and Mohammad Maifi Hasan Khan. 2016. Why Do They Do What They Do?: A Study of What Motivates Users to (Not) Follow Computer Security Advice. In Proc. 12th Symposium on Usable Privacy and Security (SOUPS'16). USENIX."},{"key":"e_1_3_2_1_21_1","volume-title":"Proc. 16th Symposium on Usable Privacy and Security (SOUPS'20)","author":"Farke Florian M.","year":"2020","unstructured":"Florian M. Farke, Lennart Lorenz, Theodor Schnitzler, Philipp Markert, and Markus D\u00fcrmuth. 2020. ?You still use the password after all\" - Exploring FIDO2 Security Keys in a Small Company. In Proc. 16th Symposium on Usable Privacy and Security (SOUPS'20). USENIX"},{"key":"e_1_3_2_1_22_1","unstructured":"FIDO Alliance. 2022. Apple Google and Microsoft Commit to Expanded Support for FIDO Standard to Accelerate Availability of Passwordless Sign-Ins. Accessed: 2022-11-27. (2022). https:\/\/fidoalliance.org\/apple-google-and-microsoft-commit-to-expanded-support-for-fido-standard-to-accelerate-a vailability-of-passwordless-sign-ins\/."},{"key":"e_1_3_2_1_23_1","unstructured":"FIDO Alliance. 2022. FIDO2. Accessed: 2022--11-09. (2022). https:\/\/fidoalliance.org\/fido2\/."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.31"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484763"},{"key":"e_1_3_2_1_26_1","volume-title":"Proc. 28th Usenix Security Symposium (SEC'19)","author":"Fischer Felix","year":"2019","unstructured":"Felix Fischer, Huang Xiao, Ching-Yu Kao, Yannick Stachelscheid, Benjamin Johnson, Danial Razar, Paul Fawkesley, Nat Buckley, Konstantin B\u00f6ttinger, Paul Muntean, and Jens Grossklags. 2019. Stack Overflow Considered Helpful! Deep Learning Security Nudges Towards Stronger Cryptography. In Proc. 28th Usenix Security Symposium (SEC'19). USENIX."},{"key":"e_1_3_2_1_27_1","volume-title":"Proc. 18th Symposium on Usable Privacy and Security (SOUPS'22)","author":"Gautam Anuj","year":"2022","unstructured":"Anuj Gautam, Shan Lalani, and Scott Ruoti. 2022. Improving Password Generation Through the Design of a Password Composition Policy Description Language. In Proc. 18th Symposium on Usable Privacy and Security (SOUPS'22). USENIX."},{"key":"e_1_3_2_1_28_1","volume-title":"Proc. 18th Symposium on Usable Privacy and Security (SOUPS'22)","author":"Geierhaas Lisa","year":"2022","unstructured":"Lisa Geierhaas, Anna-Marie Ortloff, Matthew Smith, and Alena Naiakshina. 2022. Let's Hash: Helping Developers with Password Security. In Proc. 18th Symposium on Usable Privacy and Security (SOUPS'22). USENIX."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00047"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243769"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243767"},{"key":"e_1_3_2_1_32_1","unstructured":"Google Inc. 2022. Programmable Search Engine. (2022). https:\/\/developers.go ogle.com\/custom-search."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1093\/cybsec\/tyz014"},{"key":"e_1_3_2_1_34_1","volume-title":"Proc. 14th Symposium on Usable Privacy and Security (SOUPS'18)","author":"Gorski Peter Leo","year":"2018","unstructured":"Peter Leo Gorski, Luigi Lo Iacono, Dominik Wermke, Christian Stransky, Sebastian M\u00f6ller, Yasemin Acar, and Sascha Fahl. 2018. Developers Deserve Security Warnings, Too: On the Effect of Integrated Security Advice on Cryptographic API Misuse. In Proc. 14th Symposium on Usable Privacy and Security (SOUPS'18). USENIX."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2016.111"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833756"},{"key":"e_1_3_2_1_37_1","volume-title":"Proc. 14th Symposium on Usable Privacy and Security (SOUPS'18)","author":"Habib Hana","year":"2018","unstructured":"Hana Habib, Pardis Emami Naeini, Summer Devlin, Maggie Oates, Chelse Swoopes, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2018. User Behaviors and Attitudes Under Password Expiration Policies. In Proc. 14th Symposium on Usable Privacy and Security (SOUPS'18). USENIX."},{"key":"e_1_3_2_1_38_1","volume-title":"Proc. 18th Symposium on Usable Privacy and Security (SOUPS'22)","author":"Hasegawa Ayako A.","year":"2022","unstructured":"Ayako A. Hasegawa, Naomi Yamashita, Tatsuya Mori, Daisuke Inoue, and Mitsuaki Akiyama. 2022. Understanding Non-Experts' Security-and Privacy-Related Questions on a Q&A Site. In Proc. 18th Symposium on Usable Privacy and Security (SOUPS'22). USENIX."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/1719030.1719050"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00094"},{"key":"e_1_3_2_1_41_1","volume-title":"Proc. 2010 CHI Conference on Human Factors in Computing Systems (CHI'10)","author":"Inglesant Philip G.","unstructured":"Philip G. Inglesant and M. Angela Sasse. 2010. The true cost of unusable password policies: password use in the wild. In Proc. 2010 CHI Conference on Human Factors in Computing Systems (CHI'10). ACM."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-80825-9_1"},{"key":"e_1_3_2_1_43_1","volume-title":"Proc. 11th Symposium On Usable Privacy and Security (SOUPS'15)","author":"Ion Iulia","year":"2015","unstructured":"Iulia Ion, Rob Reeder, and Sunny Consolvo. 2015. ?...No one Can Hack My Mind\": Comparing Expert and Non-Expert Security Practices. In Proc. 11th Symposium On Usable Privacy and Security (SOUPS'15). USENIX."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3549015.3554208"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"crossref","unstructured":"Erin Kenneally and David Dittrich. 2012. The Menlo Report: Ethical principles guiding information and communication technology research. SSRN Electronic Journal.","DOI":"10.2139\/ssrn.2445102"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/1978942.1979321"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"crossref","unstructured":"Udo Kuckartz. 2019. Qualitative Text Analysis: A Systematic Approach. In Compendium for Early Career Researchers in Mathematics Education. Gabriele Kaiser and Norma Presmeg (Eds.) Springer 181--197.","DOI":"10.1007\/978-3-030-15636-7_8"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833766"},{"key":"e_1_3_2_1_49_1","volume-title":"Proc. 16th Symposium on Usable Privacy and Security (SOUPS'20)","author":"Lee Kevin","year":"2020","unstructured":"Kevin Lee, Benjamin Kaiser, Jonathan Mayer, and Arvind Narayanan. 2020. An Empirical Study of Wireless Carrier Authentication for SIM Swaps. In Proc. 16th Symposium on Usable Privacy and Security (SOUPS'20). USENIX."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/eCrime54498.2021.9738792"},{"key":"e_1_3_2_1_51_1","volume-title":"Proc. 18th Symposium on Usable Privacy and Security (SOUPS'22)","author":"Lee Kevin","year":"2022","unstructured":"Kevin Lee, Sten Sj\u00f6berg, and Arvind Narayanan. 2022. Password policies of most top websites fail to follow best practices. In Proc. 18th Symposium on Usable Privacy and Security (SOUPS'22). USENIX."},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.14722\/eurousec.2018.23010"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2023.23362"},{"key":"e_1_3_2_1_54_1","unstructured":"Philipp Markert Florian Farke and Markus D\u00fcrmuth. 2019. View The Email to Get Hacked: Attacking SMS-Based Two-Factor Authentication. In Who Are You?! Adventures in Authentication Workshop (WAY'19)."},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"crossref","unstructured":"Philipp Mayring. 2015. Qualitative Content Analysis: Theoretical Background and Procedures. In Approaches to Qualitative Research in Mathematics Education: Examples of Methodology and Methods. Angelika Bikner-Ahsbahs Christine Knipping and Norma Presmeg (Eds.) Springer 365--380.","DOI":"10.1007\/978-94-017-9181-6_13"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3559394"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/3411764.3445085"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/3359174"},{"key":"e_1_3_2_1_59_1","volume-title":"Proc. 44th IEEE Symposium on Security and Privacy (SP'23)","author":"Munyendo Collins W.","unstructured":"Collins W. Munyendo, Yasemin Acar, and Adam J. Aviv. 2023. ?In Eighty Percent of the Cases, I Select the Password for Them\": Security and Privacy Challenges, Advice, and Opportunities at Cybercafes in Kenya. In Proc. 44th IEEE Symposium on Security and Privacy (SP'23). IEEE."},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134082"},{"key":"e_1_3_2_1_61_1","volume-title":"Developing Accessible and Usable Security (ACCUS) Heuristics. In Extended Abstracts of the 2018 CHI Conference on Human Factors in Computing Systems (CHI EA'18). ACM.","author":"Napoli Daniela","year":"2018","unstructured":"Daniela Napoli. 2018. Developing Accessible and Usable Security (ACCUS) Heuristics. In Extended Abstracts of the 2018 CHI Conference on Human Factors in Computing Systems (CHI EA'18). ACM."},{"key":"e_1_3_2_1_62_1","unstructured":"Net Marketshare. 2021. Search Engine Market Share. Accessed: 2021-11-16. (2021). https:\/\/netmarketshare.com\/search-engine-market-share.aspx."},{"key":"e_1_3_2_1_63_1","volume-title":"Proc. 24th ACM Conference on Computer and Communication Security (CCS'17)","author":"Nguyen Duc Cuong","year":"2017","unstructured":"Duc Cuong Nguyen, Dominik Wermke, Yasemin Acar, Michael Backes, Charles Weir, and Sascha Fahl. 2017. A Stitch in Time: Supporting Android Developers in Writing Secure Code. In Proc. 24th ACM Conference on Computer and Communication Security (CCS'17). ACM."},{"key":"e_1_3_2_1_64_1","unstructured":"NIST. 2017. Digital identity guidelines: authentication and lifecycle management. Accessed: 2022-12-01. (2017). https:\/\/pages.nist.gov\/800-63-3\/sp800-63 b.html."},{"key":"e_1_3_2_1_65_1","unstructured":"NIST. 2016. Questions. . . and buzz surrounding draft NIST Special Publication 800-63-3. Accessed: 2022-11-27. (2016). https:\/\/www.nist.gov\/blogs\/cybersecu rity-insights\/questionsand-buzz-surrounding-draft-nist-special-publicatio n-800-63-3."},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1145\/3491102.3517534"},{"key":"e_1_3_2_1_67_1","unstructured":"OWASP. 2021. Authentication Cheat Sheet. Accessed: 2022-12-01. (2021). http s:\/\/cheatsheetseries.owasp.org\/cheatsheets\/Authentication_Cheat_Sheet.ht ml."},{"key":"e_1_3_2_1_68_1","unstructured":"OWASP. 2021. OWASP Cheat Sheet Series. Accessed: 2022-12-01. (2021). http s:\/\/cheatsheetseries.owasp.org\/."},{"key":"e_1_3_2_1_69_1","volume-title":"Proc. 17th Symposium on Usable Privacy and Security (SOUPS'21)","author":"Owens Kentrell","year":"2021","unstructured":"Kentrell Owens, Olabode Anise, Amanda Krauss, and Blase Ur. 2021. User Perceptions of the Usability and Security of Smartphones as FIDO2 Roaming Authenticators. In Proc. 17th Symposium on Usable Privacy and Security (SOUPS'21). USENIX."},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1111\/j.1083-6101.2007.00351.x"},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23036"},{"key":"e_1_3_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133973"},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1145\/2751323.2751327"},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1145\/3171533.3171539"},{"key":"e_1_3_2_1_75_1","volume-title":"Proc. 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS'16)","author":"Redmiles Elissa M.","unstructured":"Elissa M. Redmiles, Sean Kross, and Michelle L. Mazurek. 2016. How I Learned to Be Secure: A Census-Representative Survey of Security Advice Sources and Behavior. In Proc. 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS'16). ACM."},{"key":"e_1_3_2_1_76_1","volume-title":"Mazurek","author":"Redmiles Elissa M.","year":"2017","unstructured":"Elissa M. Redmiles, Everest Liu, and Michelle L. Mazurek. 2017. You Want Me To Do What? A Design Study of Two-Factor Authentication Messages. In 3rd Who Are You?! Adventures in Authentication Workshop (WAY'17). USENIX."},{"key":"e_1_3_2_1_77_1","volume-title":"Proc. 29th USENIX Security Symposium (SEC'20)","author":"Redmiles Elissa M.","unstructured":"Elissa M. Redmiles, Noel Warford, Amritha Jayanti, Aravind Koneru, Sean Kross, Miraida Morales, Rock Stevens, and Michelle L. Mazurek. 2020. A Comprehensive Quality Evaluation of Security and Privacy Advice on the Web. In Proc. 29th USENIX Security Symposium (SEC'20). USENIX."},{"key":"e_1_3_2_1_78_1","volume-title":"Proc. 7th Symposium on Usable Privacy and Security (SOUPS'11)","author":"Reeder Rob","year":"2011","unstructured":"Rob Reeder, E Cram Kowalczyk, and Adam Shostack. 2011. Poster: Helping engineers design NEAT security warnings. In Proc. 7th Symposium on Usable Privacy and Security (SOUPS'11). ACM."},{"key":"e_1_3_2_1_79_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2017.3681050"},{"key":"e_1_3_2_1_80_1","volume-title":"Proc. 15th Symposium on Usable Privacy and Security (SOUPS'19)","author":"Reese Ken","year":"2019","unstructured":"Ken Reese, Trevor Smith, Jonathan Dutson, Jonathan Armknecht, Jacob Cameron, and Kent Seamons. 2019. A usability study of five two-factor authentication methods. In Proc. 15th Symposium on Usable Privacy and Security (SOUPS'19). USENIX."},{"key":"e_1_3_2_1_81_1","doi-asserted-by":"publisher","DOI":"10.5555\/3489212.3489220"},{"key":"e_1_3_2_1_82_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00067"},{"key":"e_1_3_2_1_83_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179288"},{"key":"e_1_3_2_1_84_1","doi-asserted-by":"publisher","DOI":"10.1145\/1572532.1572580"},{"key":"e_1_3_2_1_85_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560584"},{"key":"e_1_3_2_1_86_1","doi-asserted-by":"publisher","DOI":"10.1145\/2335356.2335366"},{"key":"e_1_3_2_1_87_1","doi-asserted-by":"publisher","DOI":"10.1145\/2891411"},{"key":"e_1_3_2_1_88_1","doi-asserted-by":"publisher","DOI":"10.1145\/2556288.2557377"},{"key":"e_1_3_2_1_89_1","volume-title":"Stack Overflow Developer Survey","author":"Overflow Stack","year":"2022","unstructured":"Stack Overflow. 2022. Stack Overflow Developer Survey 2022. Accessed: 2022-11-10. (2022). https:\/\/insights.stackoverflow.com\/survey\/2022."},{"key":"e_1_3_2_1_90_1","unstructured":"Statcounter. 2021. Search Engine Market Share Worldwide. Accessed: 2021-11-16. (2021). https:\/\/gs.statcounter.com\/search-engine-market-share."},{"key":"e_1_3_2_1_91_1","volume-title":"Proc. 10th Symposium on Usable Privacy and Security (SOUPS'14)","author":"Stobert Elizabeth","year":"2014","unstructured":"Elizabeth Stobert and Robert Biddle. 2014. The Password Life Cycle: User Behaviour in Managing Passwords. In Proc. 10th Symposium on Usable Privacy and Security (SOUPS'14). USENIX."},{"key":"e_1_3_2_1_92_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833755"},{"key":"e_1_3_2_1_93_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW.2019.00021"},{"key":"e_1_3_2_1_94_1","unstructured":"Upwork. 2022. Software Developer Hourly Rates. (2022). https:\/\/www.upwor k.com\/hire\/software-developers\/cost\/."},{"key":"e_1_3_2_1_95_1","volume-title":"Proc. 21st Usenix Security Symposium (SEC'12)","author":"Ur Blase","year":"2012","unstructured":"Blase Ur, Patrick Gage Kelley, Saranga Komanduri, Joel Lee, Michael Maass, Michelle L Mazurek, Timothy Passaro, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2012. How does your password measure up? The effect of strength meters on password creation. In Proc. 21st Usenix Security Symposium (SEC'12). USENIX."},{"key":"e_1_3_2_1_96_1","volume-title":"Proc. 32nd USENIX Security Symposium (SEC'23)","author":"Wang Ding","year":"2023","unstructured":"Ding Wang, Xuan Shan, Qiying Dong, Yaosheng Shen, and Chunfu Jia. 2023. No Single Silver Bullet: Measuring the Accuracy of Password Strength Meters. In Proc. 32nd USENIX Security Symposium (SEC'23). USENIX."},{"key":"e_1_3_2_1_97_1","doi-asserted-by":"publisher","DOI":"10.1145\/2601248.2601268"},{"key":"e_1_3_2_1_98_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11390-016-1672-0"},{"key":"e_1_3_2_1_99_1","volume-title":"Proc. 18th Symposium on Usable Privacy and Security (SOUPS'22)","author":"Zibaei Samira","year":"2022","unstructured":"Samira Zibaei, Dina Rinoa Malapaya, Benjamin Mercier, Amirali Salehi-Abari, and Julie Thorpe. 2022. Do Password Managers Nudge Secure (Random) Passwords? In Proc. 18th Symposium on Usable Privacy and Security (SOUPS'22). USENIX."},{"key":"e_1_3_2_1_100_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijhcs.2019.08.006"}],"event":{"name":"CCS '23: ACM SIGSAC Conference on Computer and Communications Security","location":"Copenhagen Denmark","acronym":"CCS '23","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3576915.3623072","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3576915.3623072","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,21]],"date-time":"2025-08-21T01:43:14Z","timestamp":1755740594000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3576915.3623072"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,15]]},"references-count":100,"alternative-id":["10.1145\/3576915.3623072","10.1145\/3576915"],"URL":"https:\/\/doi.org\/10.1145\/3576915.3623072","relation":{},"subject":[],"published":{"date-parts":[[2023,11,15]]},"assertion":[{"value":"2023-11-21","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}