{"id":"https://openalex.org/W2121386924","doi":"https://doi.org/10.1145/1143120.1143129","title":"Human selection of mnemonic phrase-based passwords","display_name":"Human selection of mnemonic phrase-based passwords","publication_year":2006,"publication_date":"2006-01-01","ids":{"openalex":"https://openalex.org/W2121386924","doi":"https://doi.org/10.1145/1143120.1143129","mag":"2121386924"},"language":"en","primary_location":{"id":"doi:10.1145/1143120.1143129","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1143120.1143129","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the second symposium on Usable privacy and security  - SOUPS '06","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://figshare.com/articles/journal_contribution/Human_Selection_of_Mnemonic_Phrase-based_Passwords/6622463","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5087567997","display_name":"Cynthia Kuo","orcid":null},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Cynthia Kuo","raw_affiliation_strings":["Carnegie Mellon University"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5002725626","display_name":"Sasha Romanosky","orcid":null},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sasha Romanosky","raw_affiliation_strings":["Carnegie Mellon University"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5072760035","display_name":"Lorrie Faith Cranor","orcid":"https://orcid.org/0000-0003-2125-0124"},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Lorrie Faith Cranor","raw_affiliation_strings":["Carnegie Mellon University"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University","institution_ids":["https://openalex.org/I74973139"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5087567997"],"corresponding_institution_ids":["https://openalex.org/I74973139"],"apc_list":null,"apc_paid":null,"fwci":24.1643,"has_fulltext":false,"cited_by_count":212,"citation_normalized_percentile":{"value":0.99334219,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":95,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"67","last_page":"67"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9907000064849854,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10789","display_name":"Interactive and Immersive Displays","score":0.9526000022888184,"subfield":{"id":"https://openalex.org/subfields/1709","display_name":"Human-Computer Interaction"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.9246852397918701},{"id":"https://openalex.org/keywords/mnemonic","display_name":"Mnemonic","score":0.8692985773086548},{"id":"https://openalex.org/keywords/phrase","display_name":"Phrase","score":0.8328083157539368},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7585193514823914},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.6537721753120422},{"id":"https://openalex.org/keywords/cognitive-password","display_name":"Cognitive password","score":0.625340461730957},{"id":"https://openalex.org/keywords/vocabulary","display_name":"Vocabulary","score":0.4565829634666443},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.442929208278656},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.4105134904384613},{"id":"https://openalex.org/keywords/password-policy","display_name":"Password policy","score":0.3874598741531372},{"id":"https://openalex.org/keywords/speech-recognition","display_name":"Speech recognition","score":0.3665277361869812},{"id":"https://openalex.org/keywords/natural-language-processing","display_name":"Natural language processing","score":0.33164840936660767},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.28742918372154236},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.2674108147621155},{"id":"https://openalex.org/keywords/psychology","display_name":"Psychology","score":0.20529747009277344},{"id":"https://openalex.org/keywords/linguistics","display_name":"Linguistics","score":0.15489035844802856},{"id":"https://openalex.org/keywords/one-time-password","display_name":"One-time password","score":0.1360146701335907},{"id":"https://openalex.org/keywords/cognitive-psychology","display_name":"Cognitive psychology","score":0.10459601879119873}],"concepts":[{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.9246852397918701},{"id":"https://openalex.org/C197792726","wikidata":"https://www.wikidata.org/wiki/Q191062","display_name":"Mnemonic","level":2,"score":0.8692985773086548},{"id":"https://openalex.org/C2776224158","wikidata":"https://www.wikidata.org/wiki/Q187931","display_name":"Phrase","level":2,"score":0.8328083157539368},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7585193514823914},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.6537721753120422},{"id":"https://openalex.org/C23875713","wikidata":"https://www.wikidata.org/wiki/Q5141232","display_name":"Cognitive password","level":5,"score":0.625340461730957},{"id":"https://openalex.org/C2777601683","wikidata":"https://www.wikidata.org/wiki/Q6499736","display_name":"Vocabulary","level":2,"score":0.4565829634666443},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.442929208278656},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.4105134904384613},{"id":"https://openalex.org/C98705547","wikidata":"https://www.wikidata.org/wiki/Q3394687","display_name":"Password policy","level":4,"score":0.3874598741531372},{"id":"https://openalex.org/C28490314","wikidata":"https://www.wikidata.org/wiki/Q189436","display_name":"Speech recognition","level":1,"score":0.3665277361869812},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.33164840936660767},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.28742918372154236},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.2674108147621155},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.20529747009277344},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.15489035844802856},{"id":"https://openalex.org/C89479133","wikidata":"https://www.wikidata.org/wiki/Q1137840","display_name":"One-time password","level":3,"score":0.1360146701335907},{"id":"https://openalex.org/C180747234","wikidata":"https://www.wikidata.org/wiki/Q23373","display_name":"Cognitive psychology","level":1,"score":0.10459601879119873},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0}],"mesh":[],"locations_count":7,"locations":[{"id":"doi:10.1145/1143120.1143129","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1143120.1143129","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the second symposium on Usable privacy and security  - SOUPS '06","raw_type":"proceedings-article"},{"id":"pmh:oai:repository.cmu.edu:isr-1043","is_oa":false,"landing_page_url":"http://repository.cmu.edu/isr/36","pdf_url":null,"source":{"id":"https://openalex.org/S4306400668","display_name":"Research Showcase @ Carnegie Mellon University (Carnegie Mellon University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I74973139","host_organization_name":"Carnegie Mellon University","host_organization_lineage":["https://openalex.org/I74973139"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Institute for Software Research","raw_type":"text"},{"id":"pmh:doi:10.1184/r1/6622463","is_oa":false,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Journal contribution"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.125.6596","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.125.6596","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://cups.cs.cmu.edu/soups/2006/proceedings/p67_kuo.pdf","raw_type":"text"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.78.5824","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.78.5824","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.romanosky.net/pubs/kuo_romanosky_cranor-soups06.pdf","raw_type":"text"},{"id":"pmh:oai:figshare.com:article/6622463","is_oa":true,"landing_page_url":"https://figshare.com/articles/journal_contribution/Human_Selection_of_Mnemonic_Phrase-based_Passwords/6622463","pdf_url":null,"source":{"id":"https://openalex.org/S4377196282","display_name":"Figshare","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210132348","host_organization_name":"Figshare (United Kingdom)","host_organization_lineage":["https://openalex.org/I4210132348"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Text"},{"id":"doi:10.1184/r1/6622463.v1","is_oa":true,"landing_page_url":"https://doi.org/10.1184/r1/6622463.v1","pdf_url":null,"source":{"id":"https://openalex.org/S7407050927","display_name":"KiltHub Repository","issn_l":null,"issn":[],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article-journal"}],"best_oa_location":{"id":"pmh:oai:figshare.com:article/6622463","is_oa":true,"landing_page_url":"https://figshare.com/articles/journal_contribution/Human_Selection_of_Mnemonic_Phrase-based_Passwords/6622463","pdf_url":null,"source":{"id":"https://openalex.org/S4377196282","display_name":"Figshare","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210132348","host_organization_name":"Figshare (United Kingdom)","host_organization_lineage":["https://openalex.org/I4210132348"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Text"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320310207","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33"},{"id":"https://openalex.org/F4320338281","display_name":"Army Research Office","ror":"https://ror.org/05epdh915"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":9,"referenced_works":["https://openalex.org/W117099319","https://openalex.org/W178526229","https://openalex.org/W1582830784","https://openalex.org/W1605303397","https://openalex.org/W2016605023","https://openalex.org/W2037202491","https://openalex.org/W2042206148","https://openalex.org/W2171058675","https://openalex.org/W3216580706"],"related_works":["https://openalex.org/W2183044514","https://openalex.org/W2596869006","https://openalex.org/W2000803416","https://openalex.org/W2115218409","https://openalex.org/W2969720675","https://openalex.org/W2048203748","https://openalex.org/W165936246","https://openalex.org/W4385828295","https://openalex.org/W2090949570","https://openalex.org/W2936467198"],"abstract_inverted_index":{"Textual":[0],"passwords":[1,17,115,162,180,190],"are":[2,18,77],"often":[3],"the":[4,55,63,81,107,123,196],"only":[5],"mechanism":[6],"used":[7],"to":[8,26,33,58,88,92,101,168],"authenticate":[9],"users":[10,32,71],"of":[11,109,135,142,156],"a":[12,44,47,52,90,99,128,133,147,204],"networked":[13],"system.":[14],"Unfortunately,":[15],"many":[16],"easily":[19],"guessed":[20],"or":[21],"cracked.":[22],"In":[23,65],"an":[24],"attempt":[25],"strengthen":[27],"passwords,":[28],"some":[29,185],"systems":[30],"instruct":[31],"create":[34],"mnemonic":[35,39,74,94,114,129,143,161,179,189],"phrase-based":[36,95],"passwords.":[37,96,104,158,174],"A":[38],"password":[40,130],"is":[41,86],"one":[42],"where":[43],"user":[45],"chooses":[46],"memorable":[48],"phrase":[49],"and":[50,83,125,198],"uses":[51,186],"character":[53],"(often":[54],"first":[56],"letter)":[57],"represent":[59],"each":[60],"word":[61],"in":[62,145,195],"phrase.":[64],"this":[66],"paper,":[67],"we":[68,126],"hypothesize":[69],"that":[70,76,84,118,178],"will":[72],"select":[73],"phrases":[75,117],"commonly":[78],"available":[79],"on":[80,116,122],"Internet,":[82,124],"it":[85],"possible":[87],"build":[89],"dictionary":[91,131,139,149],"crack":[93],"We":[97,105],"conduct":[98],"survey":[100,110],"gather":[102],"user-generated":[103],"show":[106],"majority":[108],"respondents":[111],"based":[112],"their":[113],"can":[119],"be":[120,182,201],"found":[121],"generate":[127],"as":[132,203],"proof":[134],"concept.":[136],"Our":[137],"400,000-entry":[138],"cracked":[140,154],"4%":[141],"passwords;":[144],"comparison,":[146],"standard":[148],"with":[150],"1.2":[151],"million":[152],"entries":[153],"11%":[155],"control":[157,173],"The":[159],"usergenerated":[160],"were":[163],"also":[164],"slightly":[165],"more":[166,193],"resistant":[167],"brute":[169],"force":[170],"attacks":[171],"than":[172],"These":[175],"results":[176],"suggest":[177],"may":[181],"appropriate":[183],"for":[184],"today.":[187],"However,":[188],"could":[191],"become":[192],"vulnerable":[194],"future":[197],"should":[199],"not":[200],"treated":[202],"panacea.":[205]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":6},{"year":2021,"cited_by_count":4},{"year":2020,"cited_by_count":10},{"year":2019,"cited_by_count":10},{"year":2018,"cited_by_count":11},{"year":2017,"cited_by_count":11},{"year":2016,"cited_by_count":18},{"year":2015,"cited_by_count":17},{"year":2014,"cited_by_count":19},{"year":2013,"cited_by_count":13},{"year":2012,"cited_by_count":22}],"updated_date":"2026-05-21T09:19:25.381259","created_date":"2025-10-10T00:00:00"}