{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,23]],"date-time":"2026-04-23T07:56:00Z","timestamp":1776930960922,"version":"3.51.2"},"publisher-location":"New York, NY, USA","reference-count":92,"publisher":"ACM","funder":[{"DOI":"10.13039\/501100001659","name":"Deutsche Forschungsgemeinschaft","doi-asserted-by":"publisher","award":["390781972"],"award-info":[{"award-number":["390781972"]}],"id":[{"id":"10.13039\/501100001659","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2026,4,13]]},"DOI":"10.1145\/3772318.3791693","type":"proceedings-article","created":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T05:14:30Z","timestamp":1776057270000},"page":"1-33","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["\"The AI tool can\u2019t make it any worse.\" Investigating Developers\u2019 Security Behavior with AI Assistants in a Password Storage Study"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0005-6117-6581","authenticated-orcid":false,"given":"Asli","family":"Yardim","sequence":"first","affiliation":[{"name":"Ruhr University Bochum, Bochum, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9137-5072","authenticated-orcid":false,"given":"Raphael","family":"Serafini","sequence":"additional","affiliation":[{"name":"University of Cologne, Cologne, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-0542-6915","authenticated-orcid":false,"given":"Nadine","family":"Jost","sequence":"additional","affiliation":[{"name":"Ruhr University Bochum, Bochum, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5735-178X","authenticated-orcid":false,"given":"Anna-Marie","family":"Ortloff","sequence":"additional","affiliation":[{"name":"University of Bonn, Bonn, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-3500-8566","authenticated-orcid":false,"given":"Joshua","family":"Gabriel Speckels","sequence":"additional","affiliation":[{"name":"University of Cologne, Cologne, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-1843-2027","authenticated-orcid":false,"given":"Alena","family":"Naiakshina","sequence":"additional","affiliation":[{"name":"University of Cologne, Cologne, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2026,4,13]]},"reference":[{"key":"e_1_3_3_2_2_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.52"},{"key":"e_1_3_3_2_3_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.25"},{"key":"e_1_3_3_2_4_2","volume-title":"In 45th IEEE Symposium on Security and Privacy, IEEE S&P 2024, May 20-23, 2024","author":"Amft Sabrina","year":"2024","unstructured":"Sabrina Amft, Sandra H\u00f6ltervennhoff, Rebecca Panskus, Karola Marky, and Sascha Fahl. 2024. Everyone for Themselves? A Qualitative Study about Individual Security Setups of Open Source Software Contributors. In In 45th IEEE Symposium on Security and Privacy, IEEE S&P 2024, May 20-23, 2024. IEEE Computer Society. https:\/\/www.ieee-security.org\/TC\/SP2024\/accepted-papers.html"},{"key":"e_1_3_3_2_5_2","unstructured":"Argon 2025. GitHub - Argon2 Binding for the JVM. https:\/\/github.com\/phxql\/argon2-jvm. Accessed: September 2025."},{"key":"e_1_3_3_2_6_2","doi-asserted-by":"publisher","DOI":"10.1145\/3597503.3639154"},{"key":"e_1_3_3_2_7_2","doi-asserted-by":"publisher","unstructured":"Hala Assal Srivathsan\u00a0G Morkonda Muhammad\u00a0Zaid Arif and Sonia Chiasson. 2025. Software security in practice: knowledge and motivation. Journal of Cybersecurity 11 1 (03 2025) tyaf005. arXiv:https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/11\/1\/tyaf005\/62386596\/tyaf005.pdf10.1093\/cybsec\/tyaf005","DOI":"10.1093\/cybsec\/tyaf005"},{"key":"e_1_3_3_2_8_2","unstructured":"Baeldung 2025. Baeldung - Hashing a Password in Java. https:\/\/www.baeldung.com\/java-password-hashing. Accessed: September 2025."},{"key":"e_1_3_3_2_9_2","doi-asserted-by":"publisher","unstructured":"Shraddha Barke Michael\u00a0B. James and Nadia Polikarpova. 2023. Grounded Copilot: How Programmers Interact with Code-Generating Models. Proc. ACM Program. Lang. 7 OOPSLA1 Article 78 (apr 2023) 27\u00a0pages. 10.1145\/3586030","DOI":"10.1145\/3586030"},{"key":"e_1_3_3_2_10_2","doi-asserted-by":"crossref","unstructured":"Alex Biryukov Daniel Dinu and Dmitry Khovratovich. 2015. Argon2: the memory-hard function for password hashing and other applications. Tech. rep. Password Hashing Competition (PHC). (2015).","DOI":"10.1109\/EuroSP.2016.31"},{"key":"e_1_3_3_2_11_2","volume-title":"Transforming Qualitative Information: Thematic Analysis and Code Development","author":"Boyatzis Richard\u00a0E","year":"1998","unstructured":"Richard\u00a0E Boyatzis. 1998. Transforming Qualitative Information: Thematic Analysis and Code Development. Sage Publications, Inc."},{"key":"e_1_3_3_2_12_2","unstructured":"JEPS Bulletin. 2019. Exploratory and Confirmatory Hypothesis Testing. https:\/\/blog.efpsa.org\/2019\/11\/20\/exploratory-and-confirmatory-hypothesis-testing\/ Accessed: September 2025."},{"key":"e_1_3_3_2_13_2","unstructured":"Business Insider 2025. Microsoft pushes staff to use internal AI tools more and may consider this in reviews. \u2019Using AI is no longer optional.\u2019. https:\/\/www.businessinsider.com\/microsoft-internal-memo-using-ai-no-longer-optional-github-copilot-2025-6. Accessed: September 2025."},{"key":"e_1_3_3_2_14_2","unstructured":"Calendly 2025. Calendly. https:\/\/calendly.com\/. Accessed: September 2025."},{"key":"e_1_3_3_2_15_2","unstructured":"ChatGPT 2020. OpenAI. OpenAI ChatGPT. https:\/\/chat.openai.com\/chat. Accessed: September 2025."},{"key":"e_1_3_3_2_16_2","doi-asserted-by":"publisher","unstructured":"Jacob Cohen. 1960. A Coefficient of Agreement for Nominal Scales. Educational and Psychological Measurement 20 1 (1960) 37\u201346. arXiv:10.1177\/00131644600200010410.1177\/001316446002000104","DOI":"10.1177\/001316446002000104"},{"key":"e_1_3_3_2_17_2","unstructured":"The Git\u00a0Development Community. [n. d.]. Git - Distributed Version Control System. https:\/\/git-scm.com\/. Version 2.44.0.windows.1 Accessed: September 2025)."},{"key":"e_1_3_3_2_18_2","unstructured":"Craigslist 2025. Craigslist. https:\/\/craigslist.org. Accessed: September 2025."},{"key":"e_1_3_3_2_19_2","first-page":"165","volume-title":"Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020)","author":"Danilova Anastasia","year":"2020","unstructured":"Anastasia Danilova, Alena Naiakshina, Johanna Deuter, and Matthew Smith. 2020. Replication: On the Ecological Validity of Online Security Developer Studies: Exploring Deception in a Password-Storage Study with Freelancers. In Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020). USENIX Association, 165\u2013183. https:\/\/www.usenix.org\/conference\/soups2020\/presentation\/danilova"},{"key":"e_1_3_3_2_20_2","unstructured":"Dinei Florencio Cormac Herley Paul C. van Oorschot. 2014. An Administrator\u2019s Guide to Internet Password Research. Proceedings of the USENIX conference on Large Installation System Administration (2014). https:\/\/www.usenix.org\/system\/files\/conference\/lisa14\/lisa14-paper-florencio.pdf"},{"key":"e_1_3_3_2_21_2","unstructured":"Discord 2025. Discord. https:\/\/discord.com\/. Accessed: September 2025."},{"key":"e_1_3_3_2_22_2","unstructured":"Eclipse Foundation. 2025. Eclipse - The Eclipse Foundation Open Source Community Website. https:\/\/www.eclipse.org\/ Accessed: September 2025."},{"key":"e_1_3_3_2_23_2","unstructured":"Eclipse Marketplace 2025. Copilot4Eclipse. https:\/\/marketplace.eclipse.org\/content\/copilot4eclipse. Accessed: September 2025."},{"key":"e_1_3_3_2_24_2","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511761676"},{"key":"e_1_3_3_2_25_2","doi-asserted-by":"publisher","unstructured":"Franz Faul Edgar Erdfelder Albert-Georg Lang and Axel Buchner. 2007. G*Power 3: A Flexible Statistical Power Analysis Program for the Social Behavioral and Biomedical Sciences. Behavior Research Methods 39 2 (May 2007) 175\u2013191. 10.3758\/BF03193146","DOI":"10.3758\/BF03193146"},{"key":"e_1_3_3_2_26_2","doi-asserted-by":"publisher","unstructured":"Lijuan Feng. 2024. Investigating the Effects of Artificial Intelligence-Assisted Language Learning Strategies on Cognitive Load and Learning Outcomes: A Comparative Study. Journal of Educational Computing Research (2024). 10.1177\/07356331241268349","DOI":"10.1177\/07356331241268349"},{"key":"e_1_3_3_2_27_2","doi-asserted-by":"publisher","DOI":"10.5555\/2502692"},{"key":"e_1_3_3_2_28_2","doi-asserted-by":"publisher","unstructured":"Felix Fischer Konstantin Bottinger Huang Xiao Christian Stransky Yasemin Acar Michael Backes and Sascha Fahl. 2017. Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security. 121\u2013136. 10.1109\/SP.2017.31","DOI":"10.1109\/SP.2017.31"},{"key":"e_1_3_3_2_29_2","volume-title":"Statistical Methods for Rates and Proportions","author":"Fleiss Joseph\u00a0L","year":"2013","unstructured":"Joseph\u00a0L Fleiss, Bruce Levin, and Myunghee\u00a0Cho Paik. 2013. Statistical Methods for Rates and Proportions. John Wiley & Sons."},{"key":"e_1_3_3_2_30_2","unstructured":"GitHub 2025. eclipse-github-copilot-integration. https:\/\/github.com\/masecla22\/eclipse-github-copilot-integration. Accessed: September 2025."},{"key":"e_1_3_3_2_31_2","unstructured":"GitHub 2025. Unofficial GitHub Copilot integration with Eclipse. https:\/\/github.com\/vgcpge\/eclipse.copilot. Accessed: September 2025."},{"key":"e_1_3_3_2_32_2","unstructured":"GitHub Copilot 2025. Getting free access to Copilot Pro as a student teacher or maintainer. https:\/\/docs.github.com\/en\/copilot\/managing-copilot\/managing-copilot-as-an-individual-subscriber\/managing-your-github-copilot-pro-subscription\/getting-free-access-to-copilot-pro-as-a-student-teacher-or-maintainer. Accessed: September 2025."},{"key":"e_1_3_3_2_33_2","unstructured":"GitHub Copilot 2025. GitHub. GitHub Copilot. https:\/\/github.com\/features\/copilot. Accessed: September 2025."},{"key":"e_1_3_3_2_34_2","unstructured":"GitHub Copilot Changelog 2025. Changelog. https:\/\/github.blog\/changelog\/label\/copilot\/. Accessed: November 2025."},{"key":"e_1_3_3_2_35_2","unstructured":"GPT-5 2025. Introducing GPT-5. https:\/\/openai.com\/index\/introducing-gpt-5\/. Accessed: November 2025."},{"key":"e_1_3_3_2_36_2","doi-asserted-by":"crossref","unstructured":"Paul\u00a0A Grassi James\u00a0L Fenton and M Elaine. 2017. Newton Ray A Perlner Andrew R Regenscheid William E Burr Justin P Richer Naomi B Lefkovitz Jamie M Danker Yee-Yin Choong Kristen K Greene and Mary F Theofanos. 2017. Digital identity guidelines: authentication and lifecycle management. Digital identity guidelines: Authentication and lifecycle management. Special Publication (NIST SP)-800-63B (2017).","DOI":"10.6028\/NIST.SP.800-63b"},{"key":"e_1_3_3_2_37_2","doi-asserted-by":"crossref","unstructured":"Paul\u00a0A Grassi Michael\u00a0E Garcia and James\u00a0L Fenton. 2017. Draft nist special publication 800-63-3 digital identity guidelines. National Institute of Standards and Technology Los Altos CA (2017).","DOI":"10.6028\/NIST.SP.800-63-3"},{"key":"e_1_3_3_2_38_2","doi-asserted-by":"publisher","unstructured":"Matthew Green and Matthew Smith. 2016. Developers are Not the Enemy!: The Need for Usable Security APIs. IEEE Security & Privacy 14 5 (2016) 40\u201346. 10.1109\/MSP.2016.111","DOI":"10.1109\/MSP.2016.111"},{"key":"e_1_3_3_2_39_2","unstructured":"George Hatzivasilis Ioannis Papaefstathiou and Charalampos Manifavas. 2015. Password Hashing Competition - Survey and Benchmark. IACR Cryptol. ePrint Arch. 2015 (2015) 265. https:\/\/api.semanticscholar.org\/CorpusID:15654811"},{"key":"e_1_3_3_2_40_2","unstructured":"Hibernate Community. 2025. Hibernate - Relational Persistence for Idiomatic Java. https:\/\/hibernate.org\/ Accessed: September 2025."},{"key":"e_1_3_3_2_41_2","doi-asserted-by":"publisher","unstructured":"Jonas Hielscher Annette Kluge Uta Menges and Angela Sasse. 2021. \u201cTaking out the Trash\u201d: Why Security Behavior Change requires Intentional Forgetting. 10.1145\/3498891.3498902","DOI":"10.1145\/3498891.3498902"},{"key":"e_1_3_3_2_42_2","unstructured":"Sture Holm. 1979. A simple sequentially rejective multiple test procedure. Scandinavian Journal of Statistics 6 2 (1979) 65\u201370."},{"key":"e_1_3_3_2_43_2","doi-asserted-by":"publisher","DOI":"10.1145\/2556288.2557004"},{"key":"e_1_3_3_2_44_2","doi-asserted-by":"publisher","DOI":"10.1145\/3510454.3522684"},{"key":"e_1_3_3_2_45_2","unstructured":"Joseph Bonneau and S\u00f6ren Preibusch. 2010. The password thicket: technical and market failures in human authentication on the web. (2010). https:\/\/web.archive.org\/web\/20120110093533http:\/\/weis2010.econinfosec.org\/papers\/session3\/weis2010_bonneau.pdf"},{"key":"e_1_3_3_2_46_2","doi-asserted-by":"publisher","unstructured":"Iacovos Kirlappos Simon Parkin and M.\u00a0Angela Sasse. 2015. \"Shadow security\" as a tool for the learning organization. SIGCAS Comput. Soc. 45 1 (Feb. 2015) 29\u201337. 10.1145\/2738210.2738216","DOI":"10.1145\/2738210.2738216"},{"key":"e_1_3_3_2_47_2","unstructured":"Kleinanzeigen 2025. Kleinanzeigen. https:\/\/www.kleinanzeigen.de\/. Accessed: September 2025."},{"key":"e_1_3_3_2_48_2","doi-asserted-by":"publisher","unstructured":"S. Kruger J. Spath K. Ali E. Bodden and M. Mezini. 2021. CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs. IEEE Transactions on Software Engineering 47 11 (nov 2021) 2382\u20132400. 10.1109\/TSE.2019.2948910","DOI":"10.1109\/TSE.2019.2948910"},{"key":"e_1_3_3_2_49_2","doi-asserted-by":"publisher","unstructured":"T. Lunsford and B. Lunsford. 1995. The Research Sample Part I: Sampling. JPO Journal of Prosthetics and Orthotics 7 (1995) 17A. 10.1097\/00008526-199500730-00008","DOI":"10.1097\/00008526-199500730-00008"},{"key":"e_1_3_3_2_50_2","unstructured":"Manic Time 2025. Time Tracker Managment Tracking Software. https:\/\/www.manictime.com\/ Accessed: September 2025."},{"key":"e_1_3_3_2_51_2","doi-asserted-by":"publisher","unstructured":"Nora McDonald Sarita Schoenebeck and Andrea Forte. 2019. Reliability and Inter-rater Reliability in Qualitative Research: Norms and Guidelines for CSCW and HCI Practice. Proc. ACM Hum.-Comput. Interact. 3 CSCW Article 72 (nov 2019) 23\u00a0pages. 10.1145\/3359174","DOI":"10.1145\/3359174"},{"key":"e_1_3_3_2_52_2","unstructured":"Microsoft 2024. AI-powered success -\u2014 with more than 1 000 stories of customer transformation and innovation. https:\/\/www.microsoft.com\/en-us\/microsoft-cloud\/blog\/2025\/07\/24\/ai-powered-success-with-1000-stories-of-customer-transformation-and-innovation\/. Accessed: August 2025."},{"key":"e_1_3_3_2_53_2","unstructured":"Microsoft Corporation. 2025. Azure Virtual Machines - Cloud Computing Services. https:\/\/azure.microsoft.com\/en-us\/products\/virtual-machines Accessed: September 2025."},{"key":"e_1_3_3_2_54_2","unstructured":"Microsoft Corporation. 2025. Understanding Remote Desktop Protocol. https:\/\/learn.microsoft.com\/en-us\/troubleshoot\/windows-server\/remote\/understanding-remote-desktop-protocol Accessed: September 2025."},{"key":"e_1_3_3_2_55_2","unstructured":"MicrosoftCopilot 2025. Microsoft 365 Copilot release notes. https:\/\/learn.microsoft.com\/en-us\/copilot\/microsoft-365\/release-notes. Accessed: November 2025."},{"key":"e_1_3_3_2_56_2","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884790"},{"key":"e_1_3_3_2_57_2","doi-asserted-by":"publisher","DOI":"10.1145\/3313831.3376791"},{"key":"e_1_3_3_2_58_2","doi-asserted-by":"publisher","DOI":"10.1145\/3290605.3300370"},{"key":"e_1_3_3_2_59_2","series-title":"(SOUPS \u201918)","first-page":"297","volume-title":"Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018)","author":"Naiakshina Alena","year":"2018","unstructured":"Alena Naiakshina, Anastasia Danilova, and Christian Tiefenau. 2018. Deception Task Design in Developer Password Studies: Exploring a Student Sample. In Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018)(SOUPS \u201918). USENIX Association, Baltimore, MD, 297\u2013313."},{"key":"e_1_3_3_2_60_2","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134082"},{"key":"e_1_3_3_2_61_2","doi-asserted-by":"publisher","DOI":"10.1145\/3524842.3528470"},{"key":"e_1_3_3_2_62_2","unstructured":"OBS 2025. OBS: Open Broadcaster Software. https:\/\/obsproject.com\/ Accessed: September 2025."},{"key":"e_1_3_3_2_63_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-45146-4_36"},{"key":"e_1_3_3_2_64_2","unstructured":"Sanghak Oh Kiho Lee Seonhye Park Doowon Kim and Hyoungshick Kim. 2023. Poisoned ChatGPT Finds Work for Idle Hands: Exploring Developers\u2019 Coding Practices with Insecure Suggestions from Poisoned AI Models. http:\/\/arxiv.org\/abs\/2312.06227 arXiv:https:\/\/arXiv.org\/abs\/2312.06227."},{"key":"e_1_3_3_2_65_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00046"},{"key":"e_1_3_3_2_66_2","unstructured":"Oracle Corporation. 2025. Java Developer Portal - Resources for Java Development. https:\/\/dev.java\/ Accessed: September 2025."},{"key":"e_1_3_3_2_67_2","unstructured":"OWASP 2025. OWASP - Password Storage Cheat Sheet. https:\/\/cheatsheetseries.owasp.org\/cheatsheets\/Password_Storage_Cheat_Sheet.html. Accessed: September 2025."},{"key":"e_1_3_3_2_68_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833571"},{"key":"e_1_3_3_2_69_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179324"},{"key":"e_1_3_3_2_70_2","doi-asserted-by":"publisher","unstructured":"Neil Perry Megha Srivastava Deepak Kumar and Dan Boneh. 2023. Do Users Write More Insecure Code with AI Assistants?(CCS \u201923). Association for Computing Machinery New York NY USA 2785\u20132799. 10.1145\/3576915.3623157","DOI":"10.1145\/3576915.3623157"},{"key":"e_1_3_3_2_71_2","doi-asserted-by":"publisher","unstructured":"Shari Pfleeger Angela Sasse and Adrian Furnham. 2014. From Weakest Link to Security Hero: Transforming Staff Security Behavior. Journal of Homeland Security and Emergency Management 11 (12 2014). 10.1515\/jhsem-2014-0035","DOI":"10.1515\/jhsem-2014-0035"},{"key":"e_1_3_3_2_72_2","unstructured":"PostgreSQL Global Development Group. 2025. PostgreSQL - The World\u2019s Most Advanced Open Source Relational Database. https:\/\/www.postgresql.org\/ Accessed: September 2025."},{"key":"e_1_3_3_2_73_2","doi-asserted-by":"publisher","unstructured":"James Prather Brent\u00a0N. Reeves Paul Denny Brett\u00a0A. Becker Juho Leinonen Andrew Luxton-Reilly Garrett Powell James Finnie-Ansley and Eddie\u00a0Antonio Santos. 2023. \u201cIt\u2019s Weird That It Knows What I Want\u201d: Usability and Interactions with Copilot for Novice Programmers. ACM Trans. Comput.-Hum. Interact. 31 1 Article 4 (nov 2023) 31\u00a0pages. 10.1145\/3617367","DOI":"10.1145\/3617367"},{"key":"e_1_3_3_2_74_2","unstructured":"Qualtrics 2025. Qaltrics. https:\/\/www.qualtrics.com\/. Accessed: September 2025."},{"key":"e_1_3_3_2_75_2","volume-title":"The Coding Manual for Qualitative Researchers (3rd ed.)","author":"Saldana Johnny","year":"2016","unstructured":"Johnny Saldana. 2016. The Coding Manual for Qualitative Researchers (3rd ed.). Sage Publications, London, UK."},{"key":"e_1_3_3_2_76_2","first-page":"2205","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Sandoval Gustavo","year":"2023","unstructured":"Gustavo Sandoval, Hammond Pearce, Teo Nys, Ramesh Karri, Siddharth Garg, and Brendan Dolan-Gavitt. 2023. Lost at C: A User Study on the Security Implications of Large Language Model Code Assistants. In 32nd USENIX Security Symposium (USENIX Security 23). USENIX Association, Anaheim, CA, 2205\u20132222. https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/sandoval"},{"key":"e_1_3_3_2_77_2","doi-asserted-by":"publisher","unstructured":"Johanna Schmidhuber Stephan Schl\u00f6gl and Christian Ploder. 2021. Cognitive Load and Productivity Implications in Human-Chatbot Interaction. 2021 IEEE 2nd International Conference on Human-Machine Systems (ICHMS) (2021) 1\u20136. 10.1109\/ICHMS53169.2021.9582445","DOI":"10.1109\/ICHMS53169.2021.9582445"},{"key":"e_1_3_3_2_78_2","doi-asserted-by":"publisher","DOI":"10.1145\/3706598.3713989"},{"key":"e_1_3_3_2_79_2","doi-asserted-by":"publisher","unstructured":"Martin Shepperd Nemitari Ajienka and Steve Counsell. 2018. The role and value of replication in empirical software engineering results. Information and Software Technology 99 (2018) 120\u2013132. 10.1016\/j.infsof.2018.01.006","DOI":"10.1016\/j.infsof.2018.01.006"},{"key":"e_1_3_3_2_80_2","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC57700.2023.00142"},{"key":"e_1_3_3_2_81_2","doi-asserted-by":"publisher","unstructured":"Katta Spiel Oliver\u00a0L. Haimson and Danielle Lottridge. 2019. How to do better with gender on surveys: a guide for HCI researchers. Interactions 26 4 (June 2019) 62\u201365. 10.1145\/3338283","DOI":"10.1145\/3338283"},{"key":"e_1_3_3_2_82_2","unstructured":"Stack Overflow 2011. How to hash some String with SHA-256 in Java? https:\/\/stackoverflow.com\/questions\/5531455\/how-to-hash-some-string-with-sha-256-in-java. Accessed: September 2025."},{"key":"e_1_3_3_2_83_2","unstructured":"Stack Overflow 2023. Stack Overflow - Developer Survey 2023. https:\/\/survey.stackoverflow.co\/2023\/#ai. Accessed: September 2025."},{"key":"e_1_3_3_2_84_2","unstructured":"Stack Overflow 2024. Stack Overflow - Developer Survey 2024. https:\/\/survey.stackoverflow.co\/2024\/ai. Accessed: September 2025."},{"key":"e_1_3_3_2_85_2","unstructured":"Stackoverflow Thread 2025. Stack Overflow - Java Argon2 Hashing. https:\/\/stackoverflow.com\/questions\/66594009\/java-argon2-hashing. Accessed: September 2025."},{"key":"e_1_3_3_2_86_2","doi-asserted-by":"publisher","DOI":"10.1145\/3530019.3535307"},{"key":"e_1_3_3_2_87_2","unstructured":"Upwork 2015. Upwork Homepage. https:\/\/www.upwork.com\/. Accessed: September 2025."},{"key":"e_1_3_3_2_88_2","doi-asserted-by":"publisher","DOI":"10.1145\/3491101.3519665"},{"key":"e_1_3_3_2_89_2","doi-asserted-by":"publisher","unstructured":"Helena Vasconcelos Matthew J\u00f6rke Madeleine Grunde-McLaughlin Tobias Gerstenberg Michael Bernstein and Ranjay Krishna. 2022. Explanations Can Reduce Overreliance on AI Systems During Decision-Making. Proceedings of the ACM on Human-Computer Interaction 7 (2022) 1 \u2013 38. 10.1145\/3579605","DOI":"10.1145\/3579605"},{"key":"e_1_3_3_2_90_2","doi-asserted-by":"publisher","unstructured":"Feng\u00a0Hsu Wang. 2024. On the Effect of Explainable AI on Programming Learning: A Case Study of using Gradient Integration Technology. Education & Information Technology (2024). 10.5121\/csit.2024.141202","DOI":"10.5121\/csit.2024.141202"},{"key":"e_1_3_3_2_91_2","doi-asserted-by":"publisher","DOI":"10.1145\/3210459.3210483"},{"key":"e_1_3_3_2_92_2","first-page":"81","volume-title":"SOUPS 2017","author":"Acar Yasemin","year":"2017","unstructured":"Yasemin Acar, Christian Stransky, Dominik Wermke, Michelle L. Mazurek, and Sascha Fahl. 2017. Security Developer Studies with GitHub Users: Exploring a Convenience Sample. In SOUPS 2017. Santa Clara, California, 81\u201395. https:\/\/www.usenix.org\/conference\/soups2017\/technical-sessions\/presentation\/acar"},{"key":"e_1_3_3_2_93_2","doi-asserted-by":"publisher","DOI":"10.1145\/3558489.3559072"}],"event":{"name":"CHI 2026: CHI Conference on Human Factors in Computing Systems","location":"Barcelona Spain","acronym":"CHI '26","sponsor":["SIGCHI ACM Special Interest Group on Computer-Human Interaction"]},"container-title":["Proceedings of the 2026 CHI Conference on Human Factors in Computing Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3772318.3791693","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,17]],"date-time":"2026-04-17T09:00:34Z","timestamp":1776416434000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3772318.3791693"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,4,13]]},"references-count":92,"alternative-id":["10.1145\/3772318.3791693","10.1145\/3772318"],"URL":"https:\/\/doi.org\/10.1145\/3772318.3791693","relation":{},"subject":[],"published":{"date-parts":[[2026,4,13]]},"assertion":[{"value":"2026-04-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}