1 |
M. Weir, S. Aggarwal, M. Collins, and H. Stern, "Testing metrics for password creation policies by attacking large sets of revealed passwords," In Proceedings of the 17th ACM conference on Computer and communications security, pp. 162-175, October, 2010.
|
2 |
P. G. Kelley, S. Komanduri, M. L. Mazurek, R. Shay, T. Vidas, L. Bauer, and J. Lopez, "Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms," In 2012 IEEE Symposium on Security and Privacy, pp. 523-537, May, 2012.
|
3 |
M. Weir, S. Aggarwal, B. De Medeiros, B., and B. Glodek, "Password cracking using probabilistic context-free grammars," In 2009 30th IEEE Symposium on Security and Privacy, pp. 391-405, May, 2009.
|
4 |
B. Ur, S. M. Segreti, L. Bauer, N. Christin, L. F. Cranor, S. Komanduri, R. Shay, "Measuring real-world accuracies and biases in modeling password guessability, "In 24th USENIX Security Symposium, pp. 463-481, 2015.
|
5 |
A. Rao, B. Jha, and G. Kini, "Effect of grammar on security of long passwords," In Proceedings of the third ACM conference on Data and application security and privacy, pp. 317-324, February, 2013.
|
6 |
A. Narayanan, and V. Shmatikov, "Fast dictionary attacks on passwords using time-space tradeoff," In Proceedings of the 12th ACM conference on Computer and communications security, pp. 364-372, Nov. 2005.
|
7 |
Dell' Amico, Matteo, P. Michiardi, and Y. Roudier, "Password Strength: An Empirical Analysis," In INFOCOM, Vol. 10, pp. 983-991, March, 2010.
|
8 |
C. Castelluccia, M. Dürmuth, and D. Perito, "Adaptive Password-Strength Meters from Markov Models," In NDSS, Feb., 2012.
|
9 |
J. Ma, W. Yang, M. Luo, and N. Li, "A study of probabilistic password models," In 2014 IEEE Symposium on Security and Privacy, pp. 689-704, May, 2014.
|
10 |
M. Durmuth, F. Angelstorf, C. Castelluccia, D. Perito, and A. Chaabane, "OMEN: Faster password guessing using an ordered markov enumerator," In International Symposium on Engineering Secure Software and Systems, pp. 119-132, March, 2015.
|
11 |
Y. Zhang, F. Monrose, and M. K. Reiter, "The security of modern password expiration: An algorithmic framework and empirical analysis," In Proceedings of the 17th ACM conference on Computer and communications security, pp. 176-186, Oct., 2010.
|
12 |
X. de C. de Carnavalet and M. Mannan, "From Very Weak to Very Strong: Analyzing Password-Strength Meters," In Proc. of NDSS, 2014.
|
13 |
D. L. Wheeler, "zxcvbn: Lowbudget password strength estimation," In Proc. of 25th USENIX Security Symposium, pp. 157-173, 2016.
|
14 |
B. Ur, P. G. Kelley, S. Komanduri, J. Lee, M. Maass, M. L. Mazurek, and L. Christin, "How does your password measure up? The effect of strength meters on password creation," In USENIX Security Symposium, pp. 65- 80, Aug., 2012.
|
15 |
김경훈, 권태경, "김경훈, 권태경, "국내 웹 사이트 패스워드 미터 분석," 정보보호학회논문지, Vol. 26, No. 3, pp. 757-767, 2016.
DOI
|
16 |
D. Florencio and C. Herley, "A Large-Scale Study of Web Password Habits," in Proc. of WWW, 2007.
|
17 |
B. Ur, F. Noma, J. Bees, S. M. Segreti, R. Shay, L. Bauer, N. Christin, and L. F. Cranor, ""I added '!' at the End to Make It Secure":Observing Password Creation in the Lab," in Proc. of SOUPS, 2015.
|
18 |
R. Veras, C. Collins, and J. Thorpe, "On the Semantic Patterns of Passwords and their Security Impact," in Proc. of NDSS, 2014.
|
19 |
A. Das, J. Bonneau, M. Caesar, N. Borisov, and X. F. Wang, "The Tangled Web of Password Reuse," In Proc. of NDSS, 2014.
|
20 |
S. Gaw and E. W. Felten, "Password Management Strategies for Online Accounts," in Proc. of SOUPS, 2006.
|
21 |
C. E. Shannon, "A mathematical theory of communication," ACM SIGMOBILE Mobile Computing and Communications Review, 5(1), pp. 3-55, 2001.
DOI
|
22 |
A. Rrnyi, RNYI, "On measures of entropy and information," In: Fourth Berkeley symposium on mathematical statistics and probability, pp. 547-561, 1961.
|
23 |
J. Bonneau, "The science of guessing: analyzing an anonymized corpus of 70 million passwords," In 2012 IEEE Symposium on Security and Privacy, pp. 538-552, May, 2012.
|
24 |
R. V. Hartley, "Transmission of information1," Bell System technical journal, 7(3), pp. 535-563, 1928.
DOI
|
25 |
R. Shay, S. Komanduri, P. G. Kelley, P. G. Leon, M. L. Mazurek, L. Bauer and L. F. Cranor, "Encountering stronger password requirements: user attitudes and behaviors," In Proceedings of the Sixth Symposium on Usable Privacy and Security ACM. July, 2010.
|
26 |
S. Egelman, A. Sotirakopoulos, I. Muslukhov, K. Beznosov, and C. Herley, "Does my password go up to eleven?: the impact of password meters on password selection," In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems ACM, pp. 2379-2388. April, 2013.
|
27 |
D. Malone, and K. Maher, "Investigating the distribution of password choices," In Proceedings of the 21st international conference on World Wide Web, ACM, pp. 301-310, April, 2012.
|
28 |
S. Komanduri, R. Shay, P. G. Kelley, M. L. Mazurek, L. Bauer, N. Christin, and S. Egelman, "Of passwords and people: measuring the effect of password-composition policies," In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, ACM, pp. 2595-2604, May, 2011.
|
29 |
W. E. Burr, D. F. Dodson, E. M. Newton, R. A. Perlner, W. T. Polk, S. Gupta, and E. A. Nabbus, "Sp 800-63-1. electronic authentication guideline," NIST, 2013.
|