{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,18]],"date-time":"2026-05-18T22:51:40Z","timestamp":1779144700212,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":72,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,11,15]],"date-time":"2023-11-15T00:00:00Z","timestamp":1700006400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"VolkswagenStiftung Nieders\u00e4chsisches Vorab","award":["ZN3695"],"award-info":[{"award-number":["ZN3695"]}]},{"name":"Deutsche Forschungsgemeinschaft (DFG, German Research Foundation)","award":["EXC 2092 CASA ? 390781972"],"award-info":[{"award-number":["EXC 2092 CASA ? 390781972"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,11,15]]},"DOI":"10.1145\/3576915.3623180","type":"proceedings-article","created":{"date-parts":[[2023,11,21]],"date-time":"2023-11-21T12:35:13Z","timestamp":1700570113000},"page":"3138-3152","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":15,"title":["\"We've Disabled MFA for You\": An Evaluation of the Security and Usability of Multi-Factor Authentication Recovery Deployments"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0002-2315-8989","authenticated-orcid":false,"given":"Sabrina","family":"Klivan","sequence":"first","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Hanover, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4284-0473","authenticated-orcid":false,"given":"Sandra","family":"H\u00f6ltervennhoff","sequence":"additional","affiliation":[{"name":"Leibniz University Hannover, Hanover, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2733-5073","authenticated-orcid":false,"given":"Nicolas","family":"Huaman","sequence":"additional","affiliation":[{"name":"Leibniz University Hannover, Hanover, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2993-2568","authenticated-orcid":false,"given":"Alexander","family":"Krause","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Hanover, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2191-1332","authenticated-orcid":false,"given":"Lucy","family":"Simko","sequence":"additional","affiliation":[{"name":"The George Washington University, Washington, DC, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7167-7383","authenticated-orcid":false,"given":"Yasemin","family":"Acar","sequence":"additional","affiliation":[{"name":"Paderborn University & The George Washington University, Paderborn, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5644-3316","authenticated-orcid":false,"given":"Sascha","family":"Fahl","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Hanover, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2023,11,21]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2factorauth. 2023. 2FA Directory. https: \/\/2fa.directory\/int\/(visited on 09\/06\/2023). (2023)."},{"key":"e_1_3_2_1_2_1","unstructured":"2factorauth. 2023. 2fa.directory Excluded Categories and Websites. https:\/\/gith ub.com\/2factorauth\/twofactorauth\/blob\/master\/EXCLUSION.md (visited on 09\/06\/2023). (2023)."},{"key":"e_1_3_2_1_3_1","unstructured":"2factorauth. 2023. Contributing to 2fa.directory. https:\/\/github.com\/2factorau th\/twofactorauth\/blob\/master\/CONTRIBUTING.md (visited on 09\/06\/2023). (2023)."},{"key":"e_1_3_2_1_4_1","volume-title":"Issue: Add Site with 2FA. https:\/\/github.com\/2factorauth\/tw ofactorauth\/issues\/new?assignees=&labels=addsite&template=01-add-site-with-2fa.yml&title=Add%5Bsitename%5D (visited on 09\/06\/2023).","year":"2023","unstructured":"2factorauth. 2023. Issue: Add Site with 2FA. https:\/\/github.com\/2factorauth\/tw ofactorauth\/issues\/new?assignees=&labels=addsite&template=01-add-site-with-2fa.yml&title=Add%5Bsitename%5D (visited on 09\/06\/2023). (2023)."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/3313831.3376457"},{"key":"e_1_3_2_1_6_1","volume-title":"Proc. 22nd Usenix Security Symposium (SEC'13)","author":"Akhawe Devdatta","year":"2013","unstructured":"Devdatta Akhawe and Adrienne Porter Felt. 2013. Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness. In Proc. 22nd Usenix Security Symposium (SEC'13). USENIX Association."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/CCST.2018.8585576"},{"key":"e_1_3_2_1_8_1","unstructured":"FIDO Alliance. 2023. FIDO Security Key UX Guidelines. https:\/\/fidoalliance.or g\/ux-guidelines\/security-key-ux-guidelines\/ (visited on 09\/06\/2023). (2023)."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"crossref","unstructured":"Sabrina Klivan Sandra H\u00f6ltervennhoff Nicolas Huaman Alexander Krause Lucy Simko Yasemin Acar and Sascha Fahl. 2023. Website: \"We've Disabled MFA for You\": An Evaluation of the Security and Usability of Multi-Factor Authentication Recovery Deployments. https:\/\/publications.teamusec.de\/2023-ccs-multi-factor-recovery\/ (visited on 09\/06\/2023). (2023).","DOI":"10.1145\/3576915.3623180"},{"key":"e_1_3_2_1_10_1","volume-title":"Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021","author":"Bailey Daniel V.","year":"2021","unstructured":"Daniel V. Bailey, Philipp Markert, and Adam J. Aviv. 2021. \"I Have No Idea What They're Trying to Accomplish:\" Enthusiastic and Casual Signal Users' Understanding of Signal PINs. In Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021). USENIX Association, (Aug. 2021), 417--436. isbn: 978-1-939133-25-0. https:\/\/www.usenix.org\/conference\/soups2021\/presentati on\/bailey."},{"key":"e_1_3_2_1_11_1","volume-title":"Wired: How Twitter CEO Jack Dorsey's Account Was Hacked. https:\/\/www.wired.com\/story\/jack-dorsey-twitter-hacked\/ (visited on 09\/06\/2023).","author":"Barrett Brian","year":"2019","unstructured":"Brian Barrett. 2019. Wired: How Twitter CEO Jack Dorsey's Account Was Hacked. https:\/\/www.wired.com\/story\/jack-dorsey-twitter-hacked\/ (visited on 09\/06\/2023). (2019)."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-17533-1_18"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.49"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2736277.2741691"},{"key":"e_1_3_2_1_15_1","volume-title":"The Added Value of Commercial Threat Intelligence. In 29th USENIX Security Symposium (USENIX Security. USENIX Association, (Aug.","author":"Bouwman Xander","year":"2020","unstructured":"Xander Bouwman, Harm Griffioen, Jelle Egbers, Christian Doerr, Bram Klievink, and Michel van Eeten. 2020. A different Cup of TI? The Added Value of Commercial Threat Intelligence. In 29th USENIX Security Symposium (USENIX Security. USENIX Association, (Aug. 2020), 433--450. isbn: 978-1-939133-17-5. https: \/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/bouwman."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1180405.1180427"},{"key":"e_1_3_2_1_17_1","unstructured":"Brian Dean. 2019. We Analyzed 5 Million Google Search Results - Here's What We Learned About Organic Click Through Rate. https:\/\/backlinko.com\/google-ctr-stats (visited on 01\/04\/2022). (2019)."},{"key":"e_1_3_2_1_18_1","volume-title":"Fifteenth Symposium on Usable Privacy and Security (SOUPS","author":"Ciolino St\u00e9phane","year":"2019","unstructured":"St\u00e9phane Ciolino, Simon Parkin, and Paul Dunphy. 2019. Of Two Minds about Two-Factor: Understanding Everyday FIDO U2F Usability through Device Comparison and Experience Sampling. In Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019)."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3173574.3174030"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.21236\/ADA465464"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"crossref","unstructured":"D Dittrich and E Kenneally. 2012. The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research. https:\/\/catalog.caida.org\/paper\/2012_menlo_report_actual_formatted (visited on 09\/06\/2023). (2012).","DOI":"10.2139\/ssrn.2445102"},{"key":"e_1_3_2_1_22_1","unstructured":"Paul Ducklin. 2022. Slack Admits to Leaking Hashed Passwords for Five Years. https:\/\/nakedsecurity.sophos.com\/2022\/08\/08\/slack-admits-to-leaking-hashed-passwords-for-three-months\/ (visited on 09\/06\/2023). (2022)."},{"key":"e_1_3_2_1_23_1","unstructured":"erdgeist. 2022. Chaos Computer Club Hacks Video-Ident. https:\/\/www.ccc.de\/en\/updates\/2022\/chaos-computer-club-hackt-video-ident (visited on 09\/06\/2023). (2022)."},{"key":"e_1_3_2_1_24_1","volume-title":"Sixteenth Symposium on Usable Privacy and Security (SOUPS","author":"Farke Florian M","year":"2020","unstructured":"Florian M Farke, Lennart Lorenz, Theodor Schnitzler, Philipp Markert, and Markus D\u00fcrmuth. 2020. ?You Still Use the Password After All\"-Exploring FIDO2 Security Keys in a Small Company. In Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020), 19--35."},{"key":"e_1_3_2_1_25_1","unstructured":"SelfKey Foundation. 2022. All Data Breaches in 2019 - 2022 - An Alarming Timeline. https:\/\/selfkey.org\/data-breaches-in-2019\/ (visited on 09\/06\/2023). (2022)."},{"key":"e_1_3_2_1_26_1","volume-title":"Nineteenth Symposium on Usable Privacy and Security (SOUPS","author":"Gerlitz Eva","year":"2023","unstructured":"Eva Gerlitz, Maximilian H\u00e4ring, Charlotte Theresa M\u00e4dler, Matthew Smith, and Christian Tiefenau. 2023. Adventures in Recovery Land: Testing the Account Recovery of Popular Websites When the Second Factor is Lost. In Nineteenth Symposium on Usable Privacy and Security (SOUPS 2023). USENIX Association, 227--243."},{"key":"e_1_3_2_1_27_1","volume-title":"Seventeenth Symposium on Usable Privacy and Security (SOUPS","author":"Gerlitz Eva","year":"2021","unstructured":"Eva Gerlitz, Maximilian H\u00e4ring, and Matthew Smith. 2021. Please do not use!? _ or your License Plate Number: Analyzing Password Policies in German Companies. In Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021), 17--36."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2023.23362"},{"key":"e_1_3_2_1_29_1","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Gilsenan Conor","year":"2023","unstructured":"Conor Gilsenan, Fuzail Shakir, Noura Alomar, and Serge Egelman. 2023. Security and Privacy Failures in Popular 2FA Apps. In 32nd USENIX Security Symposium (USENIX Security 23)."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/2785830.2785839"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"crossref","unstructured":"Nadjla Hariri. 2011. Relevance Ranking on Google: Are Top Ranked Results Really Considered more Relevant by the Users? Online Information Review.","DOI":"10.1108\/14684521111161954"},{"key":"e_1_3_2_1_32_1","article-title":"In Google we Trust: Users Decisions on Rank, Position and Relevancy","author":"Hembrooke Helene","year":"2005","unstructured":"Helene Hembrooke, Bing Pan, Thorsten Joachims, Geri Gay, and Laura Granka. 2005. In Google we Trust: Users Decisions on Rank, Position and Relevancy. Journal of Computer-Mediated Communication, Special Issue on Search Engines.","journal-title":"Journal of Computer-Mediated Communication, Special Issue on Search Engines."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/1719030.1719050"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3424260"},{"key":"e_1_3_2_1_35_1","volume-title":"Fourteenth Symposium on Usable Privacy and Security (SOUPS","author":"Karunakaran Sowmya","year":"2018","unstructured":"Sowmya Karunakaran, Kurt Thomas, Elie Bursztein, and Oxana Comanescu. 2018. Data Breaches: User Comprehension, Expectations, and Concerns with Handling Exposed Data. In Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018), 217--234."},{"key":"e_1_3_2_1_36_1","volume-title":"June 1st and 2nd","author":"Kunke Johannes","year":"2021","unstructured":"Johannes Kunke, Stephan Wiefling, Markus Ullmann, and Luigi Lo Iacono. 2021. Evaluation of Account Recovery Strategies with FIDO2-Based Passwordless Authentication. In Ro\u00dfnagel, Schunck et al.(Eds.): Open Identity Summit 2021 (OID'21), Lyngby, Denmark, June 1st and 2nd, 2021. Gesellschaft f\u00fcr Informatik eV, 59--70."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23386"},{"key":"e_1_3_2_1_38_1","volume-title":"An Empirical Study of Wireless Carrier Authentication for SIM Swaps. In Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020","author":"Lee Kevin","year":"2020","unstructured":"Kevin Lee, Benjamin Kaiser, Jonathan Mayer, and Arvind Narayanan. 2020. An Empirical Study of Wireless Carrier Authentication for SIM Swaps. In Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020). USENIX Association, (Aug. 2020), 61--79. isbn: 978-1-939133-16-8. https:\/\/www.usenix.org\/conferen ce\/soups2020\/presentation\/lee."},{"key":"e_1_3_2_1_39_1","volume-title":"Eighteenth Symposium on Usable Privacy and Security (SOUPS","author":"Lee Kevin","year":"2022","unstructured":"Kevin Lee, Sten Sj\u00f6berg, and Arvind Narayanan. 2022. Password Policies of Most Top Websites Fail to Follow Best Practices. In Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022), 561--580."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2018.8486017"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.20"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3503514"},{"key":"e_1_3_2_1_43_1","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Mayer Peter","year":"2021","unstructured":"Peter Mayer, Yixin Zou, Florian Schaub, and Adam J Aviv. 2021. \"Now I'm a bit {angry:}\" Individuals' Awareness, Perception, and Responses to Data Breaches that Affected Them. In 30th USENIX Security Symposium (USENIX Security 21), 393--410."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"crossref","unstructured":"Philipp Mayring. 2014. Qualitative Content Analysis: Theoretical Foundation Basic Procedures and Software Solution. Social Science Open Access Repository (SSOAR) Klagenfurt 143.","DOI":"10.1007\/978-94-017-9181-6_13"},{"key":"e_1_3_2_1_45_1","volume-title":"30th USENIX Security Symposium. USENIX, 375--392","author":"McDonald Allison","year":"2021","unstructured":"Allison McDonald, Catherine Barwulor, Michelle L Mazurek, Florian Schaub, and Elissa M Redmiles. 2021. \"It's stressful having all these phones\": Investigating Sex Workers' Safety Goals, Risks, and Practices Online. In 30th USENIX Security Symposium. USENIX, 375--392."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/3411764.3445085"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"crossref","unstructured":"Nora McDonald Sarita Schoenebeck and Andrea Forte. 2019. Reliability and Inter-Rater Reliability in Qualitative Research: Norms and Guidelines for CSCW and HCI Practice. ACM on Human-Computer Interaction 3 CSCW Article 72 23 pages.","DOI":"10.1145\/3359174"},{"key":"e_1_3_2_1_48_1","volume-title":"Investigating Web Service Account Remediation Advice. In Seventeenth Symposium on Usable Privacy and Security (SOUPS","author":"Neil Lorenzo","year":"2021","unstructured":"Lorenzo Neil, Elijah Bouma-Sims, Evan Lafontaine, Yasemin Acar, and Bradley Reaves. 2021. Investigating Web Service Account Remediation Advice. In Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021), 359--376."},{"key":"e_1_3_2_1_49_1","volume-title":"FIDO Universal Second Factor Implementations for Purchasers. https:\/\/doi.org \/10.6028\/NIST.SP.1800-17. (July","author":"Newhouse William","year":"2019","unstructured":"William Newhouse, Brian Johnson, Sarah Kinling, Jason Kuruvilla, Blaine Mulugeta, and Kenneth Sandlin. 2019. NIST SPECIAL PUBLICATION 1800-17 Multifactor Authentication for E-Commerce Risk-Based, FIDO Universal Second Factor Implementations for Purchasers. https:\/\/doi.org \/10.6028\/NIST.SP.1800-17. (July 2019)."},{"key":"e_1_3_2_1_50_1","volume-title":"Proc. 30th Usenix Security Symposium (SEC'21)","author":"Oltrogge Marten","year":"2021","unstructured":"Marten Oltrogge, Nicolas Huaman, Sabrina Klivan, Yasemin Acar, Michael Backes, and Sascha Fahl. 2021. Why Eve and Mallory Still Love Android: Revisiting TLS (In)Security in Android Applications. In Proc. 30th Usenix Security Symposium (SEC'21). USENIX Association."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133973"},{"key":"e_1_3_2_1_52_1","unstructured":"Vilius Petkauskas. 2022. Thomson Reuters Collected and Leaked at Least 3TB of Sensitive Data. https:\/\/cybernews.com\/security\/thomson-reuters-leaked-ter abytes-sensitive-data\/ (visited on 09\/06\/2023). (2022)."},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/1408664.1408667"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.2981207"},{"key":"e_1_3_2_1_55_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Redmiles Elissa M","year":"2020","unstructured":"Elissa M Redmiles, Noel Warford, Amritha Jayanti, Aravind Koneru, Sean Kross, Miraida Morales, Rock Stevens, and Michelle L Mazurek. 2020. A Comprehensive Quality Evaluation of Security and Privacy Advice on the Web. In 29th USENIX Security Symposium (USENIX Security 20), 89--108."},{"key":"e_1_3_2_1_56_1","volume-title":"Fifteenth Symposium on Usable Privacy and Security (SOUPS","author":"Reese Ken","year":"2019","unstructured":"Ken Reese, Trevor Smith, Jonathan Dutson, Jonathan Armknecht, Jacob Cameron, and Kent Seamons. 2019. A Usability Study of Five Two-Factor Authentication Methods. In Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019)."},{"key":"e_1_3_2_1_57_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Reynolds Joshua","year":"2020","unstructured":"Joshua Reynolds, Nikita Samarin, Joseph Barnes, Taylor Judd, Joshua Mason, Michael Bailey, and Serge Egelman. 2020. Empirical Measurement of Systemic 2FA Usability. In 29th USENIX Security Symposium (USENIX Security 20), 127--143."},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00067"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.11"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/1518701.1519003"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2016.09.009"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133966"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833755"},{"key":"e_1_3_2_1_64_1","volume-title":"Proc. 18th Usenix Security Symposium (SEC'09)","author":"Sunshine Joshua","year":"2009","unstructured":"Joshua Sunshine, Serge Egelman, Hazim Almuhimedi, Neha Atri, and Lorrie Faith Cranor. 2009. Crying Wolf: An Empirical Study of SSL Warning Effectiveness. In Proc. 18th Usenix Security Symposium (SEC'09). USENIX Association."},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417882"},{"key":"e_1_3_2_1_66_1","volume-title":"Symposium on Usable Privacy and Security (SOUPS).","author":"Ur Blase","year":"2015","unstructured":"Blase Ur, Fumiko Noma, Jonathan Bees, Sean M Segreti, Richard Shay, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2015. ?I Added ?!'at the End to Make It Secure\": Observing Password Creation in the Lab. In Symposium on Usable Privacy and Security (SOUPS)."},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23360"},{"key":"e_1_3_2_1_68_1","volume-title":"Twelfth Symposium on Usable Privacy and Security (SOUPS","author":"Wash Rick","year":"2016","unstructured":"Rick Wash, Emilee Rader, Ruthie Berman, and Zac Wellmer. 2016. Understanding Password Choices: How Frequently Entered Passwords are Re-used Across Websites. In Twelfth Symposium on Usable Privacy and Security (SOUPS 2016), 175--188."},{"key":"e_1_3_2_1_69_1","volume-title":"Proc. 12th Symposium on Usable Privacy and Security (SOUPS'16)","author":"Weinberger Joel","year":"2016","unstructured":"Joel Weinberger and Adrienne Porter Felt. 2016. A Week to Remember: The Impact of Browser Warning Storage Policies. In Proc. 12th Symposium on Usable Privacy and Security (SOUPS'16). USENIX Association."},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833686"},{"key":"e_1_3_2_1_71_1","unstructured":"Davey Winder. 2019. Forbes: Collection 1: More Than 770M People Pwned In Biggest Stolen Data Dump Yet. https:\/\/www.forbes.com\/sites\/daveywinder\/20 19\/01\/17\/collection-1-more-than-770m-people-pwned-in-biggest-stolen-dat a-dump-yet\/ (visited on 09\/06\/2023). (2019)."},{"key":"e_1_3_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1145\/2531602.2531722"}],"event":{"name":"CCS '23: ACM SIGSAC Conference on Computer and Communications Security","location":"Copenhagen Denmark","acronym":"CCS '23","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3576915.3623180","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3576915.3623180","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,21]],"date-time":"2025-08-21T01:45:47Z","timestamp":1755740747000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3576915.3623180"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,15]]},"references-count":72,"alternative-id":["10.1145\/3576915.3623180","10.1145\/3576915"],"URL":"https:\/\/doi.org\/10.1145\/3576915.3623180","relation":{},"subject":[],"published":{"date-parts":[[2023,11,15]]},"assertion":[{"value":"2023-11-21","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}