1 |
X. de C. de Carnavalet and M. Mannan, "From Very Weak to Very Strong: Analyzing Password-Strength Meters," In Proc. of NDSS, Interent Society, 2014.
|
2 |
D.J. Gusaas ,"Password Strength Meters: Implementations and Effectiveness," In Proc. of Csci, Dec. 2015.
|
3 |
A. Das, J. Bonneau, M. Caesar, N. Borisov, and X. F. Wang, "The Tangled Web of Password Reuse," In Proc. of NDSS, Vol. 14, pp. 23-26, Feb. 2014.
|
4 |
H. Eiji, and H. Jason I, "A Diary Study of Password Usage in Daily Life," In Proc. of SIGSCHI, ACM, pp. 2627-2630, May. 2011.
|
5 |
D. Florencio and C. Herley, "A Large-Scale Study of Web Password Habits," In Proc. of WWW, pp. 657-666, May. 2007.
|
6 |
S. Furnell, "Assessing password guidance and enforcement on leading websites," In Proc. of Computer Fraud&Security, 2011(12), pp. 10-18, Dec. 2011.
|
7 |
S. Gaw and E. W. Felten, "Password Management Strategies for Online Accounts," In Proc. of SOUPS, pp. 44-55, July. 2006.
|
8 |
P. G. Kelley, S. Komanduri, M. L. Mazurek, R. Shay, T. V. L. Bauer, N. Christin, L. F. Cranor, and J. Lopez, "Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms," In Security and Privacy on IEEE, pp.523-537, May, 2012.
|
9 |
R. Morris and K. Thompson, "Password Security: A Case History," In Proc. of ACM, 22(11), Nov. 1979.
|
10 |
Scarfone, Karen, and M. Souppaya, "Guide to Enterprise Password Management." NIST Special Publication 800-118, 2009.
|
11 |
R. Veras, C. Collins, and J. Thorpe, "On the Semantic Patterns of Passwords and their Security Impact," In Proc. of NDSS, 2014.
|
12 |
B. Ur, P. G. Kelley, S. Komanduri, J. Lee, M. Maass, M. L. Mazurek, T. Passaro, R. Shay, T. Vidas, L. Bauer, N. Christin, and L. F. Cranor, "Helping Users Create Better Passwords," In Proc. of USENIX, 2012.
|
13 |
B. Ur, P. G. Kelley, S. Komanduri, J. Lee, M. Maass, M. L. Mazurek, T. Passaro, R. Shay, T. Vidas, L. Bauer, N. Christin, and L. F. Aranor, "How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation," In Proc. of USENIX Security, 2012.
|
14 |
Stobert, Elizabeth, and Robert Biddle. "The password life cycle: user behaviour in managing passwords." In Proc. SOUPS. pp. 243-255, July. 2014.
|
15 |
B. Ur, F. Noma, J. Bees, S. M. Segreti, R. Shay, L. Bauer, N. Christin, and L. F. Cranor, ""I added '!' at the End to Make It Secure":Observing Password Creation in the Lab," In Proc. of SOUPS, pp. 123-140, July. 2015.
|
16 |
E. Serge, S. Andreas, M. Ildar, B. Konstantin, and H. Cormac, "Does my password go up to eleven?: the impact of password meters on password selection." In Proc. of the SIGCHI Conference on Human Factors in Computing Systems. ACM, pp. 2379-2388, 2013.
|
17 |
R. Shay, S. Komanduri, P. G. Kelley, P. G. Leon, M. L. Mazurek, L. Bauer, N. Christin, and L. F. Cranor, "Encountering Stronger Password Requirements: User Attitudes and Behaviros," In Proc. of SOUPS, p.2, July. 2010.
|
18 |
방송통신위원회, KISA, "패스워드 선택 및 이용 안내서," KISA 안내.해설 제2010-22호.
|
19 |
S. Komanduri, R. Shay, P. G. Kelley, M. L. Mazurek, L. Bauer, N. Christin, L. F. Cranor, and S. Egelman, "Of Passwords and People: Measuring the Effect of Password-Composition Policies," In Proc. of CHI, pp. 2595-2604, May, 2011.
|
20 |
M. Weir, S. Aggarwal, M. Collins and H. Stern, "Testing metrics for password creation policies by attacking large sets of revealed passwords," In Proc. of CCS, pp. 162-175, Oct. 2010.
|
21 |
Alexa website, http://www.alexa.com/topsites
|
22 |
Relative frequencies of letters in text, Wikipedia. https://en.wikipedia.org/wiki/Letter_frequency
|
23 |
Hashcat, http://hashcat.net/hashcat/
|
24 |
Leaked Password Lists, Skullsecurity. https://wiki.skullsecurity.org/index.php?title=Passwords,
|
25 |
Dropbox TechBlog, zxcvbn: realistic password strength estimation. https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-strength-estimation
|