{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T05:06:03Z","timestamp":1750309563958,"version":"3.41.0"},"reference-count":75,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2024,12,12]],"date-time":"2024-12-12T00:00:00Z","timestamp":1733961600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Wang-Dao Undergraduate Research Funding of Fudan University","award":["22015"],"award-info":[{"award-number":["22015"]}]},{"name":"Ministry of Education\u2019s Industry School Cooperation Collaborative Education Project, Ministry of Education, China","award":["CCS54WHZ4220491"],"award-info":[{"award-number":["CCS54WHZ4220491"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Priv. Secur."],"published-print":{"date-parts":[[2025,2,28]]},"abstract":"<jats:p>The predominant authentication method still relies on usernames and passwords. To enhance memorability, domain terms may have been opted to include as part of passwords. However, there is little analysis of the extent to which such practice affects password security, so there is a lack of guidance on how users use domain terms on websites with different domain characteristics. To address the problem, we propose a novel approach to analyze the security effect of using domain terms in passwords. The methodology primarily consists of three stages. First, we utilize Web crawlers to harvest domain vocabularies, subsequently leveraging the TextRank algorithm to rank their importance. Second, we propose an algorithm for constructing a simulated domain-specific password dataset by replacing password elements with domain terms. Third, password guessing experiments are done on the dataset using PCFG (Probabilistic Context-Free Grammar) and the Markov model to evaluate the impact of domain terms on password security. The experimental results indicate that, for systems without clear domain, 20% domain terms replacement in the test set can reduce the cracking rate by up to 5.45%. In contrast, for domain-specific systems, 20% domain terms replacement in the training set can increase the cracking rate by 6.45%. These findings provide practical guidance on the application of domain knowledge in password creation for different types of systems. In summary, this study offers a novel perspective for exploring the security implications of passwords influenced by specific domains.<\/jats:p>","DOI":"10.1145\/3703350","type":"journal-article","created":{"date-parts":[[2024,11,4]],"date-time":"2024-11-04T09:48:22Z","timestamp":1730713702000},"page":"1-29","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["The Effect of Domain Terms on Password Security"],"prefix":"10.1145","volume":"28","author":[{"ORCID":"https:\/\/orcid.org\/0009-0007-6753-6415","authenticated-orcid":false,"given":"Yubing","family":"Bao","sequence":"first","affiliation":[{"name":"Fudan University School of Computer Science, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3686-1454","authenticated-orcid":false,"given":"Jianping","family":"Zeng","sequence":"additional","affiliation":[{"name":"Fudan University School of Computer Science, Shanghai, China and Engineering Research Center of Cyber Security Auditing and Monitoring, Ministry of Education, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-1713-3437","authenticated-orcid":false,"given":"Jirui","family":"Yang","sequence":"additional","affiliation":[{"name":"Fudan University School of Computer Science, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-0303-8509","authenticated-orcid":false,"given":"Ruining","family":"Yang","sequence":"additional","affiliation":[{"name":"School of Computer Science, Fudan University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5706-7503","authenticated-orcid":false,"given":"Zhihui","family":"Lu","sequence":"additional","affiliation":[{"name":"Fudan University School of Computer Science, Shanghai, China"}]}],"member":"320","published-online":{"date-parts":[[2024,12,12]]},"reference":[{"key":"e_1_3_1_2_2","unstructured":"GitHub. 2009. phpBB Password Leak. Retrieved November 6 2024 from https:\/\/github.com\/danielmiessler\/SecLists\/blob\/master\/Passwords\/Leaked-Databases\/phpbb.txt"},{"key":"e_1_3_1_3_2","unstructured":"GitHub. 2009. RockYou Password Leak. Retrieved November 6 2024 from https:\/\/github.com\/danielmiessler\/SecLists\/blob\/master\/Passwords\/Leaked-Databases\/rockyou-10.txt"},{"key":"e_1_3_1_4_2","unstructured":"Bleeping Computer. 2011. CSDN Password Leak. Retrieved November 6 2024 from https:\/\/thehackernews.com\/2011\/12\/china-software-developer-network-csdn-6.html"},{"key":"e_1_3_1_5_2","unstructured":"DataBreaches.net. 2011. Renren Password Leak. Retrieved November 6 2024 from https:\/\/databreaches.net\/2011\/12\/23\/cn-rumor-renren-suffers-data-breach\/"},{"key":"e_1_3_1_6_2","unstructured":"GitHub. 2011. T178 Password Leak. Retrieved November 6 2024 fromhttps:\/\/haveibeenpwned.com\/PwnedWebsites"},{"key":"e_1_3_1_7_2","unstructured":"Ars Technica. 2012. Yahoo Password Leak. Retrieved November 6 2024 from https:\/\/arstechnica.com\/information-technology\/2012\/07\/hackers-post-450000-credentials-allegedly-stolen-from-yahoo\/"},{"key":"e_1_3_1_8_2","unstructured":"The Register. 2014. Alleged Gmail Password Leak. Retrieved November 6 2024 from https:\/\/www.theregister.com\/2014\/09\/11\/gmail_password_leak_flap\/"},{"key":"e_1_3_1_9_2","unstructured":"Forbes. 2015. 000Webhost Password Leak. Retrieved November 6 2024 from http:\/\/www.forbes.com\/sites\/thomasbrewster\/2015\/10\/28\/000webhost-database-leak\/"},{"key":"e_1_3_1_10_2","unstructured":"Krebs on Security. 2015. Ashley Madison Data Breach. Retrieved November 6 2024 from https:\/\/krebsonsecurity.com\/2022\/07\/a-retrospective-on-the-2015-ashley-madison-breach\/"},{"key":"e_1_3_1_11_2","unstructured":"HackRead.com. 2016. MuslimMatch Data Leak. Retrieved November 6 2024 from https:\/\/hackread.com\/muslim-dating-site-muslim-match-hacked\/"},{"key":"e_1_3_1_12_2","unstructured":"GitHub. 2021. Honeynet Project Data Leak. Retrieved November 6 2024 from https:\/\/github.com\/danielmiessler\/SecLists\/blob\/master\/Passwords\/Leaked-Databases\/"},{"key":"e_1_3_1_13_2","doi-asserted-by":"crossref","first-page":"853","DOI":"10.1109\/SP.2018.00009","volume-title":"Proceedings of the 2018 IEEE Symposium on Security and Privacy (SP \u201918)","author":"Blocki Jeremiah","year":"2018","unstructured":"Jeremiah Blocki, Benjamin Harsha, and Samson Zhou. 2018. On the economics of offline password cracking. In Proceedings of the 2018 IEEE Symposium on Security and Privacy (SP \u201918). IEEE, 853\u2013871."},{"key":"e_1_3_1_14_2","first-page":"831","volume-title":"Proceedings of the 1st International Conference on Computing, Communications, and Cyber-security (IC4S \u201920)","author":"Bodkhe Umesh","year":"2020","unstructured":"Umesh Bodkhe, Jay Chaklasiya, Pooja Shah, Sudeep Tanwar, and Maanuj Vora. 2020. Markov model for password attack prevention. In Proceedings of the 1st International Conference on Computing, Communications, and Cyber-security (IC4S \u201920). 831\u2013843."},{"key":"e_1_3_1_15_2","doi-asserted-by":"crossref","first-page":"553","DOI":"10.1109\/SP.2012.44","volume-title":"Proceedings of the 2012 IEEE Symposium on Security and Privacy (SP \u201912)","author":"Bonneau Joseph","year":"2012","unstructured":"Joseph Bonneau, Cormac Herley, Paul C. Van Oorschot, and Frank Stajano. 2012. The quest to replace passwords: A framework for comparative evaluation of web authentication schemes. In Proceedings of the 2012 IEEE Symposium on Security and Privacy (SP \u201912). IEEE, 553\u2013567."},{"key":"e_1_3_1_16_2","volume-title":"Entropies, Guessing, and Cryptography","author":"Boztas Serdar","year":"1999","unstructured":"Serdar Boztas. 1999. Entropies, Guessing, and Cryptography. Technical Report. Royal Melbourne Institute of Technology."},{"key":"e_1_3_1_17_2","doi-asserted-by":"publisher","DOI":"10.1016\/S0169-7552(98)00110-X"},{"key":"e_1_3_1_18_2","volume-title":"Entropy Measures and Unconditional Security in Cryptography","author":"Cachin Christian","year":"1997","unstructured":"Christian Cachin. 1997. Entropy Measures and Unconditional Security in Cryptography. Technical Report. ETH Zurich."},{"issue":"1","key":"e_1_3_1_19_2","first-page":"Article 1, 32 p","article-title":"A large-scale evaluation of high-impact password strength meters","volume":"18","author":"Carnavalet Xavier De Carn\u00e9 De","year":"2015","unstructured":"Xavier De Carn\u00e9 De Carnavalet and Mohammad Mannan. 2015. A large-scale evaluation of high-impact password strength meters. ACM Transactions on Information and System Security 18, 1 (2015), Article 1, 32 pages.","journal-title":"ACM Transactions on Information and System Security"},{"key":"e_1_3_1_20_2","volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS \u201912)","author":"Castelluccia Claude","year":"2012","unstructured":"Claude Castelluccia, Markus D\u00fcrmuth, and Daniele Perito. 2012. Adaptive password-strength meters from markov models. In Proceedings of the Network and Distributed System Security Symposium (NDSS \u201912). 1\u201314."},{"key":"e_1_3_1_21_2","volume-title":"Three Random Words","author":"Centre UK National Cyber Security","year":"2021","unstructured":"UK National Cyber Security Centre. 2021. Three Random Words. Retrieved June 9, 2023 fromhttps:\/\/www.ncsc.gov.uk\/collection\/top-tips-for-staying-secure-online\/three-random-words"},{"issue":"1","key":"e_1_3_1_22_2","doi-asserted-by":"crossref","first-page":"77","DOI":"10.1109\/TDSC.2020.2987025","article-title":"DeepMnemonic: Password mnemonic generation via deep attentive encoder-decoder model","volume":"19","author":"Cheng Yao","year":"2020","unstructured":"Yao Cheng, Chang Xu, Zhen Hai, and Yingjiu Li. 2020. DeepMnemonic: Password mnemonic generation via deep attentive encoder-decoder model. IEEE Transactions on Dependable and Secure Computing 19, 1 (2020), 77\u201390.","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"e_1_3_1_23_2","first-page":"285","volume-title":"Proceedings of the 26th European Symposium on Research in Computer Security (ESORICS \u201921)","author":"David Liron","year":"2021","unstructured":"Liron David and Avishai Wool. 2021. An explainable online password strength estimator. In Proceedings of the 26th European Symposium on Research in Computer Security (ESORICS \u201921). 285\u2013304."},{"key":"e_1_3_1_24_2","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242661"},{"key":"e_1_3_1_25_2","doi-asserted-by":"publisher","DOI":"10.1145\/1280680.1280703"},{"key":"e_1_3_1_26_2","first-page":"661","volume-title":"Proceedings of the 2016 IEEE 30th International Conference on Advanced Information Networking and Applications (AINA \u201916)","author":"Fukumitsu Masayuki","year":"2016","unstructured":"Masayuki Fukumitsu, Shingo Hasegawa, Jun-ya Iwazaki, Masao Sakai, and Daiki Takahashi. 2016. A proposal of a password manager satisfying security and usability by using the secret sharing and a personal server. In Proceedings of the 2016 IEEE 30th International Conference on Advanced Information Networking and Applications (AINA \u201916). IEEE, 661\u2013668."},{"key":"e_1_3_1_27_2","doi-asserted-by":"publisher","DOI":"10.1145\/1143120.1143127"},{"key":"e_1_3_1_28_2","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978416"},{"key":"e_1_3_1_29_2","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243769"},{"key":"e_1_3_1_30_2","doi-asserted-by":"crossref","unstructured":"Paul A. Grassi James L. Fenton Elaine M. Newton Ray A. Perlner Andrew R. Regenscheid William E. Burr Justin P. Richer Naomi B. Lefkovitz Jamie M. Danker Yee-Yin Choong Kristen K. Greene and Mary F. Theofanos. 2016. Digital Identify Guidelines: Authentication and Lifecycle Management. Special Publication 800-63B. NIST.","DOI":"10.6028\/NIST.SP.800-63b"},{"key":"e_1_3_1_31_2","doi-asserted-by":"publisher","DOI":"10.1145\/3173574.3174144"},{"key":"e_1_3_1_32_2","first-page":"3044","volume-title":"Proceedings of the 2022 IEEE International Conference on Acoustics, Speech, and Signal Processing (ICASSP \u201922)","author":"He Xiaoxi","year":"2022","unstructured":"Xiaoxi He, Haibo Cheng, Jiahong Xie, Ping Wang, and Kaitai Liang. 2022. Passtrans: An improved password reuse model based on transformer. In Proceedings of the 2022 IEEE International Conference on Acoustics, Speech, and Signal Processing (ICASSP \u201922). IEEE, 3044\u20133048."},{"key":"e_1_3_1_33_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-21568-2_11"},{"issue":"9","key":"e_1_3_1_34_2","doi-asserted-by":"crossref","first-page":"1776","DOI":"10.1109\/TIFS.2015.2428671","article-title":"Next-gen PCFG password cracking","volume":"10","author":"Houshmand Shiva","year":"2015","unstructured":"Shiva Houshmand, Sudhir Aggarwal, and Randy Flood. 2015. Next-gen PCFG password cracking. IEEE Transactions on Information Forensics and Security 10, 9 (2015), 1776\u20131791.","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"e_1_3_1_35_2","first-page":"43","volume-title":"Proceedings of the IFIP Annual Conference on Data and Applications Security and Privacy","author":"Hranick\u00fd Radek","year":"2019","unstructured":"Radek Hranick\u00fd, Filip Li\u0161tiak, D\u00e1vid Miku\u0161, and Ond\u0159ej Ry\u0161av\u00fd. 2019. On practical aspects of PCFG password cracking. In Proceedings of the IFIP Annual Conference on Data and Applications Security and Privacy. 43\u201360."},{"key":"e_1_3_1_36_2","first-page":"701","volume-title":"Proceedings of the European Symposium on Research in Computer Security","author":"Hranick\u00fd Radek","year":"2020","unstructured":"Radek Hranick\u00fd, Luk\u00e1\u0161 Zobal, Ond\u0159ej Ry\u0161av\u00fd, Du\u0161an Kol\u00e1\u0159, and D\u00e1vid Miku\u0161. 2020. Distributed PCFG password cracking. In Proceedings of the European Symposium on Research in Computer Security. 701\u2013719."},{"key":"e_1_3_1_37_2","doi-asserted-by":"crossref","first-page":"1367","DOI":"10.1109\/SP40001.2021.00094","volume-title":"Proceedings of the 2021 IEEE Symposium on Security and Privacy (SP \u201921)","author":"Huaman Nicolas","year":"2021","unstructured":"Nicolas Huaman, Sabrina Amft, Marten Oltrogge, Yasemin Acar, and Sascha Fahl. 2021. They would do better if they worked together: The case of interaction problems between password managers and websites. In Proceedings of the 2021 IEEE Symposium on Security and Privacy (SP \u201921). IEEE, 1367\u20131381."},{"key":"e_1_3_1_38_2","unstructured":"GitHub. 2020. ignis-sec\/Pwdb-Public: A Collection of over 1 Billion Unique Cleartext Passwords. Retrieved August 2 2024 from https:\/\/github.com\/ignis-sec\/Pwdb-PublicAccessed: 2024-08-02."},{"issue":"5","key":"e_1_3_1_39_2","first-page":"550","article-title":"Zero-sum password cracking game: A large-scale empirical study on the crackability, correlation, and security of passwords","volume":"14","author":"Ji Shouling","year":"2015","unstructured":"Shouling Ji, Shukun Yang, Xin Hu, Weili Han, Zhigong Li, and Raheem Beyah. 2015. Zero-sum password cracking game: A large-scale empirical study on the crackability, correlation, and security of passwords. IEEE Transactions on Dependable and Secure Computing 14, 5 (2015), 550\u2013564.","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"issue":"9","key":"e_1_3_1_40_2","first-page":"2130","article-title":"Leet usage and its effect on password security","volume":"16","author":"Li Wanda","year":"2021","unstructured":"Wanda Li and Jianping Zeng. 2021. Leet usage and its effect on password security. IEEE Transactions on Information Forensics and Security 16, 9 (2021), 2130\u20132143.","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"e_1_3_1_41_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2017.2705627"},{"key":"e_1_3_1_42_2","first-page":"559","volume-title":"Proceedings of the 23rd USENIX Security Symposium (USENIX Security \u201914)","author":"Li Zhigong","year":"2014","unstructured":"Zhigong Li, Weili Han, and Wenyuan Xu. 2014. A large-scale empirical analysis of Chinese web passwords. In Proceedings of the 23rd USENIX Security Symposium (USENIX Security \u201914). 559\u2013574."},{"key":"e_1_3_1_43_2","first-page":"559","volume-title":"Proceedings of the 23rd USENIX Security Symposium (USENIX Security \u201914)","author":"Li Zhigong","year":"2014","unstructured":"Zhigong Li, Weili Han, and Wenyuan Xu. 2014. A large-scale empirical analysis of Chinese web passwords. In Proceedings of the 23rd USENIX Security Symposium (USENIX Security \u201914). 559\u2013574."},{"key":"e_1_3_1_44_2","unstructured":"Tobias Lundberg. 2019. Comparison of Automated Password Guessing Strategies. Master\u2019s Thesis. Linkoping University."},{"key":"e_1_3_1_45_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.50"},{"key":"e_1_3_1_46_2","first-page":"175","volume-title":"Proceedings of the 25th USENIX Security Symposium (USENIX Security \u201916)","author":"Melicher William","year":"2016","unstructured":"William Melicher, Blase Ur, Sean M. Segreti, Saranga Komanduri, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2016. Fast, lean, and accurate: Modeling password guessability using neural networks. In Proceedings of the 25th USENIX Security Symposium (USENIX Security \u201916). 175\u2013191."},{"key":"e_1_3_1_47_2","first-page":"175","volume-title":"Proceedings of the 25th USENIX Security Symposium (USENIX Security \u201916)","author":"Melicher William","year":"2016","unstructured":"William Melicher, Blase Ur, Sean M. Segreti, Saranga Komanduri, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2016. Fast, lean, and accurate: Modeling password guessability using neural networks. In Proceedings of the 25th USENIX Security Symposium (USENIX Security \u201916). 175\u2013191."},{"key":"e_1_3_1_48_2","first-page":"404","volume-title":"Proceedings of the 2004 Conference on Empirical Methods in Natural Language Processing","author":"Mihalcea Rada","year":"2004","unstructured":"Rada Mihalcea and Paul Tarau. 2004. TextRank: Bringing order into text. In Proceedings of the 2004 Conference on Empirical Methods in Natural Language Processing. 404\u2013411."},{"key":"e_1_3_1_49_2","article-title":"Mnemonic-based graphical text password scheme","volume":"15","author":"Mohd Raj Mohammed","year":"2023","unstructured":"Raj Mohammed Mohd, C. Shoba Bindu, and D. Vasumathi. 2023. Mnemonic-based graphical text password scheme. International Journal of Early Childhood Special Education 15, 1 (2023), 9\u201314.","journal-title":"International Journal of Early Childhood Special Education"},{"key":"e_1_3_1_50_2","doi-asserted-by":"publisher","DOI":"10.1145\/359168.359172"},{"key":"e_1_3_1_51_2","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102168"},{"key":"e_1_3_1_52_2","first-page":"617","volume-title":"Proceedings of the Annual International Cryptology Conference","author":"Oechslin Philippe","year":"2003","unstructured":"Philippe Oechslin. 2003. Making a faster cryptanalytic time-memory trade-off. In Proceedings of the Annual International Cryptology Conference. 617\u2013630."},{"key":"e_1_3_1_53_2","first-page":"821","volume-title":"Proceedings of the 30th USENIX Security Symposium (USENIX Security \u201921)","author":"Pasquini Dario","year":"2021","unstructured":"Dario Pasquini, Marco Cianfriglia, Giuseppe Ateniese, and Massimo Bernaschi. 2021. Reducing bias in modeling real-world password strength via deep learning and dynamic dictionaries. In Proceedings of the 30th USENIX Security Symposium (USENIX Security \u201921). 821\u2013838."},{"key":"e_1_3_1_54_2","doi-asserted-by":"crossref","first-page":"1382","DOI":"10.1109\/SP40001.2021.00016","volume-title":"Proceedings of the 2021 IEEE Symposium on Security and Privacy (SP \u201921)","author":"Pasquini Dario","year":"2021","unstructured":"Dario Pasquini, Ankit Gangwal, Giuseppe Ateniese, Massimo Bernaschi, and Mauro Conti. 2021. Improving password guessing via representation learning. In Proceedings of the 2021 IEEE Symposium on Security and Privacy (SP \u201921). IEEE, 1382\u20131399."},{"key":"e_1_3_1_55_2","first-page":"295","volume-title":"Proceedings of the 24th ACM-SIGSAC Conference on Computer and Communications Security (CCS \u201917)","author":"Pearman Sarah","year":"2017","unstructured":"Sarah Pearman, Jeremy Thomas, Pardis Emani Naeini, Hana Habib, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, and Alain Forget. 2017. Let\u2019s go in for a closer look: Observing passwords in their natural habitat. In Proceedings of the 24th ACM-SIGSAC Conference on Computer and Communications Security (CCS \u201917). 295\u2013310."},{"key":"e_1_3_1_56_2","first-page":"67","volume-title":"Proceedings of the International Conference on Cryptology in India","author":"Pliam John O.","year":"2000","unstructured":"John O. Pliam. 2000. On the incomparability of entropy and marginal guesswork in brute-force attacks. In Proceedings of the International Conference on Cryptology in India. 67\u201379."},{"issue":"4","key":"e_1_3_1_57_2","doi-asserted-by":"crossref","first-page":"312","DOI":"10.3390\/e20050312","article-title":"Password security as a game of entropies","volume":"20","author":"Rass Stefan","year":"2018","unstructured":"Stefan Rass and Sandra K\u00f6nig. 2018. Password security as a game of entropies. Entropy 20, 4 (2018), 312.","journal-title":"Entropy"},{"key":"e_1_3_1_58_2","first-page":"1","volume-title":"Proceedings of the 2022 IEEE Conference on Communications and Network Security (CNS \u201922)","author":"Reaz Khan","year":"2022","unstructured":"Khan Reaz and Gerhard Wunder. 2022. Expectation entropy as a password strength metric. In Proceedings of the 2022 IEEE Conference on Communications and Network Security (CNS \u201922). IEEE, 1\u20132."},{"key":"e_1_3_1_59_2","doi-asserted-by":"publisher","DOI":"10.1145\/361219.361220"},{"issue":"1","key":"e_1_3_1_60_2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2891411","article-title":"Designing password policies for strength and usability","volume":"18","author":"Shay Richard","year":"2016","unstructured":"Richard Shay, Saranga Komanduri, Adam L. Durity, Phillip Huh, Michelle L. Mazurek, Sean M. Segreti, Blase Ur, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2016. Designing password policies for strength and usability. ACM Transactions on Information and System Security 18, 1 (2016), 1\u201334.","journal-title":"ACM Transactions on Information and System Security"},{"key":"e_1_3_1_61_2","doi-asserted-by":"publisher","DOI":"10.1145\/2858036.2858546"},{"key":"e_1_3_1_62_2","first-page":"123","volume-title":"Proceedings of the 11th Symposium on Usable Privacy and Security (SOUPS \u201915)","author":"Ur Blase","year":"2015","unstructured":"Blase Ur, Fumiko Noma, Jonathan Bees, Sean M. Segreti, Richard Shay, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2015. \u201cI added \u2018!\u2019 at the end to make it secure\u201d: Observing password creation in the lab. In Proceedings of the 11th Symposium on Usable Privacy and Security (SOUPS \u201915). 123\u2013140."},{"key":"e_1_3_1_63_2","doi-asserted-by":"crossref","unstructured":"M. Valois P. Lacharme and J. M. L. Bars. 2019. Performance of password guessing enumerators under cracking conditions. In ICT Systems Security and Privacy Protection. IFIP Advances in Information and Communication Technology Vol. 562. Springer 67\u201380.","DOI":"10.1007\/978-3-030-22312-0_5"},{"issue":"1","key":"e_1_3_1_64_2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3448608","article-title":"A large-scale analysis of the semantic password model and linguistic patterns in passwords","volume":"24","author":"Veras Rafael","year":"2021","unstructured":"Rafael Veras, Christopher Collins, and Julie Thorpe. 2021. A large-scale analysis of the semantic password model and linguistic patterns in passwords. ACM Transactions on Privacy and Security 24, 1 (2021), 1\u201321.","journal-title":"ACM Transactions on Privacy and Security"},{"key":"e_1_3_1_65_2","article-title":"Empirical analysis of password reuse and modification across online services","author":"Wang Chun","year":"2017","unstructured":"Chun Wang, Steve T. K. Jan, Hang Hu, and Gang Wang. 2017. Empirical analysis of password reuse and modification across online services. arXiv preprint arXiv:1706.01939 (2017).","journal-title":"arXiv preprint arXiv:1706.01939"},{"key":"e_1_3_1_66_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2017.2721359"},{"key":"e_1_3_1_67_2","first-page":"595","volume-title":"Proceedings of the 2016 46th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN \u201916)","author":"Wang Ding","year":"2016","unstructured":"Ding Wang, Ping Wang, Debiao He, and Yuan Tian. 2016. fuzzyPSM: A new password strength meter using fuzzy probabilistic context-free grammars. In Proceedings of the 2016 46th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN \u201916). IEEE, 595\u2013606."},{"key":"e_1_3_1_68_2","first-page":"1537","volume-title":"Proceedings of the 28th USENIX Security Symposium (USENIX Security \u201919)","author":"Wang Ding","year":"2019","unstructured":"Ding Wang, Ping Wang, Debiao He, and Yuan Tian. 2019. Birthday, name and bifacial-security: Understanding passwords of Chinese web users. In Proceedings of the 28th USENIX Security Symposium (USENIX Security \u201919). 1537\u20131555."},{"key":"e_1_3_1_69_2","doi-asserted-by":"publisher","DOI":"10.5555\/3620237.3620292"},{"key":"e_1_3_1_70_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.8"},{"key":"e_1_3_1_71_2","doi-asserted-by":"crossref","unstructured":"Nannan Xie Hongpeng Bai Rui Sun and Xiaoqiang Di. 2020. Android vault application behavior analysis and detection. In Data Science. Communications in Computer and Information Science Vol. 1257. Springer 428\u2013439.","DOI":"10.1007\/978-981-15-7981-3_31"},{"key":"e_1_3_1_72_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2004.81"},{"key":"e_1_3_1_73_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2022.3152357"},{"key":"e_1_3_1_74_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.04.009"},{"key":"e_1_3_1_75_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2018.10.004"},{"key":"e_1_3_1_76_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3027567"}],"container-title":["ACM Transactions on Privacy and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3703350","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3703350","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:19:03Z","timestamp":1750295943000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3703350"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,12]]},"references-count":75,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2025,2,28]]}},"alternative-id":["10.1145\/3703350"],"URL":"https:\/\/doi.org\/10.1145\/3703350","relation":{},"ISSN":["2471-2566","2471-2574"],"issn-type":[{"type":"print","value":"2471-2566"},{"type":"electronic","value":"2471-2574"}],"subject":[],"published":{"date-parts":[[2024,12,12]]},"assertion":[{"value":"2023-10-16","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-10-30","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-12-12","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}