{"id":"https://openalex.org/W2593626168","doi":"https://doi.org/10.1108/ics-06-2016-0043","title":"Must I, can I? I don\u2019t understand your ambiguous password rules","display_name":"Must I, can I? I don\u2019t understand your ambiguous password rules","publication_year":2017,"publication_date":"2017-03-01","ids":{"openalex":"https://openalex.org/W2593626168","doi":"https://doi.org/10.1108/ics-06-2016-0043","mag":"2593626168"},"language":"en","primary_location":{"id":"doi:10.1108/ics-06-2016-0043","is_oa":false,"landing_page_url":"https://doi.org/10.1108/ics-06-2016-0043","pdf_url":null,"source":{"id":"https://openalex.org/S4210195545","display_name":"Information and Computer Security","issn_l":"2056-4961","issn":["2056-4961","2056-497X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information &amp; Computer Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5073638056","display_name":"Kristen Greene","orcid":"https://orcid.org/0000-0001-7034-3672"},"institutions":[{"id":"https://openalex.org/I1321296531","display_name":"National Institute of Standards and Technology","ror":"https://ror.org/05xpvk416","country_code":"US","type":"funder","lineage":["https://openalex.org/I1321296531","https://openalex.org/I1343035065"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Kristen K. Greene","raw_affiliation_strings":["National Institute of Standards and Technology, Gaithersburg, Maryland, USA"],"affiliations":[{"raw_affiliation_string":"National Institute of Standards and Technology, Gaithersburg, Maryland, USA","institution_ids":["https://openalex.org/I1321296531"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5041423966","display_name":"Yee\u2010Yin Choong","orcid":"https://orcid.org/0000-0002-3889-6047"},"institutions":[{"id":"https://openalex.org/I1321296531","display_name":"National Institute of Standards and Technology","ror":"https://ror.org/05xpvk416","country_code":"US","type":"funder","lineage":["https://openalex.org/I1321296531","https://openalex.org/I1343035065"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yee-Yin Choong","raw_affiliation_strings":["National Institute of Standards and Technology, Gaithersburg, Maryland, USA"],"affiliations":[{"raw_affiliation_string":"National Institute of Standards and Technology, Gaithersburg, Maryland, USA","institution_ids":["https://openalex.org/I1321296531"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5073638056"],"corresponding_institution_ids":["https://openalex.org/I1321296531"],"apc_list":null,"apc_paid":null,"fwci":1.5127,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.86541916,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":"25","issue":"1","first_page":"80","last_page":"99"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9635999798774719,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12553","display_name":"Psychedelics and Drug Studies","score":0.9506999850273132,"subfield":{"id":"https://openalex.org/subfields/3203","display_name":"Clinical Psychology"},"field":{"id":"https://openalex.org/fields/32","display_name":"Psychology"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.8440040946006775},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7956875562667847},{"id":"https://openalex.org/keywords/password-strength","display_name":"Password strength","score":0.6675037741661072},{"id":"https://openalex.org/keywords/cognitive-password","display_name":"Cognitive password","score":0.6592971682548523},{"id":"https://openalex.org/keywords/password-policy","display_name":"Password policy","score":0.6405366063117981},{"id":"https://openalex.org/keywords/alphanumeric","display_name":"Alphanumeric","score":0.5294223427772522},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.43280351161956787},{"id":"https://openalex.org/keywords/human\u2013computer-interaction","display_name":"Human\u2013computer interaction","score":0.34175798296928406},{"id":"https://openalex.org/keywords/one-time-password","display_name":"One-time password","score":0.2998674809932709},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.10031595826148987}],"concepts":[{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.8440040946006775},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7956875562667847},{"id":"https://openalex.org/C70530487","wikidata":"https://www.wikidata.org/wiki/Q1990841","display_name":"Password strength","level":4,"score":0.6675037741661072},{"id":"https://openalex.org/C23875713","wikidata":"https://www.wikidata.org/wiki/Q5141232","display_name":"Cognitive password","level":5,"score":0.6592971682548523},{"id":"https://openalex.org/C98705547","wikidata":"https://www.wikidata.org/wiki/Q3394687","display_name":"Password policy","level":4,"score":0.6405366063117981},{"id":"https://openalex.org/C2781003394","wikidata":"https://www.wikidata.org/wiki/Q737372","display_name":"Alphanumeric","level":2,"score":0.5294223427772522},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.43280351161956787},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.34175798296928406},{"id":"https://openalex.org/C89479133","wikidata":"https://www.wikidata.org/wiki/Q1137840","display_name":"One-time password","level":3,"score":0.2998674809932709},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.10031595826148987}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1108/ics-06-2016-0043","is_oa":false,"landing_page_url":"https://doi.org/10.1108/ics-06-2016-0043","pdf_url":null,"source":{"id":"https://openalex.org/S4210195545","display_name":"Information and Computer Security","issn_l":"2056-4961","issn":["2056-4961","2056-497X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information &amp; Computer Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":21,"referenced_works":["https://openalex.org/W33243640","https://openalex.org/W157675578","https://openalex.org/W178850302","https://openalex.org/W201992386","https://openalex.org/W1534968492","https://openalex.org/W1582830784","https://openalex.org/W1611563803","https://openalex.org/W2014833947","https://openalex.org/W2047074192","https://openalex.org/W2048755632","https://openalex.org/W2050399908","https://openalex.org/W2054626033","https://openalex.org/W2066345778","https://openalex.org/W2073342447","https://openalex.org/W2097267243","https://openalex.org/W2100142573","https://openalex.org/W2104001538","https://openalex.org/W2114037292","https://openalex.org/W2135359429","https://openalex.org/W2167841397","https://openalex.org/W2171920515"],"related_works":["https://openalex.org/W2969720675","https://openalex.org/W2936467198","https://openalex.org/W2596869006","https://openalex.org/W2165646781","https://openalex.org/W1982158666","https://openalex.org/W78975431","https://openalex.org/W2896976260","https://openalex.org/W4214849386","https://openalex.org/W2203557291","https://openalex.org/W2115218409"],"abstract_inverted_index":{"Purpose":[0],"The":[1],"purpose":[2],"of":[3,11,42,60,69,94,108,124,140,172,226,233],"this":[4],"research":[5,48,65,182],"is":[6,215],"to":[7,24,34,49,104,115,145,221],"investigate":[8,116],"user":[9,58,231],"comprehension":[10,59,232],"ambiguous":[12,55,227],"terminology":[13,56,136],"in":[14,22,74,162],"password":[15,19,61,85,90,109,134,163,192,205,228],"rules.":[16,62,164],"Although":[17],"stringent":[18],"policies":[20],"are":[21,150,167],"place":[23],"protect":[25],"information":[26],"system":[27],"security,":[28,202],"such":[29],"complexity":[30],"does":[31,208],"not":[32,209],"have":[33,44],"mean":[35],"ambiguity":[36],"for":[37,101,191],"users.":[38],"While":[39],"many":[40],"aspects":[41],"passwords":[43],"been":[45],"studied,":[46],"no":[47],"date":[50],"has":[51],"systematically":[52,222],"examined":[53],"how":[54,117],"affects":[57],"Design/methodology/approach":[63],"This":[64,181,214],"used":[66],"a":[67,75],"combination":[68],"quantitative":[70],"and":[71,112,159],"qualitative":[72],"methods":[73],"usable":[76,218],"security":[77,211,219],"study":[78,220],"with":[79],"60":[80],"participants.":[81],"Study":[82],"tasks":[83,96,114],"contained":[84],"rules":[86,229],"based":[87],"on":[88,187,230],"real-world":[89],"requirements.":[91,212],"Tasks":[92],"consisted":[93],"character-selection":[95],"that":[97,132],"varied":[98],"the":[99,125,141,153,216,224,234],"terms":[100,154],"non-alphanumeric":[102],"characters":[103,174],"explore":[105],"users\u2019":[106,138],"interpretations":[107],"rule":[110,135,206],"language,":[111],"compliance-checking":[113],"well":[118],"users":[119,166],"can":[120],"apply":[121],"their":[122],"understanding":[123],"allowed":[126,142,173,235],"character":[127,143,236],"space.":[128,237],"Findings":[129],"Results":[130],"show":[131],"manipulating":[133],"causes":[137],"interpretation":[139],"space":[144],"shrink":[146],"or":[147,177],"expand.":[148],"Users":[149],"confused":[151,168],"by":[152,169],"\u201cnon-alphanumeric\u201d,":[155],"\u201csymbols\u201d,":[156],"\u201cspecial":[157],"characters\u201d":[158],"\u201cpunctuation":[160],"marks\u201d":[161],"Additionally,":[165],"partial":[170],"lists":[171],"using":[175],"\u201ce.g.\u201d":[176],"\u201cetc.\u201d":[178],"Practical":[179],"implications":[180],"provides":[183],"data-driven":[184],"usability":[185,199],"guidance":[186],"constructing":[188],"clearer":[189],"language":[190,195,207],"policies.":[193],"Improving":[194],"clarity":[196],"will":[197],"help":[198],"without":[200],"sacrificing":[201],"as":[203],"simplifying":[204],"change":[210],"Originality/value":[213],"first":[217],"measure":[223],"effects":[225]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":2}],"updated_date":"2026-03-13T16:22:10.518609","created_date":"2025-10-10T00:00:00"}