{"id":"https://openalex.org/W2150341374","doi":"https://doi.org/10.1145/1753326.1753384","title":"The true cost of unusable password policies","display_name":"The true cost of unusable password policies","publication_year":2010,"publication_date":"2010-04-10","ids":{"openalex":"https://openalex.org/W2150341374","doi":"https://doi.org/10.1145/1753326.1753384","mag":"2150341374"},"language":"en","primary_location":{"id":"doi:10.1145/1753326.1753384","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1753326.1753384","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the SIGCHI Conference on Human Factors in Computing Systems","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5029742737","display_name":"Philip Inglesant","orcid":"https://orcid.org/0000-0002-5265-8707"},"institutions":[{"id":"https://openalex.org/I45129253","display_name":"University College London","ror":"https://ror.org/02jx3x895","country_code":"GB","type":"education","lineage":["https://openalex.org/I124357947","https://openalex.org/I45129253"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Philip G. Inglesant","raw_affiliation_strings":["University College London, London, United Kingdom"],"affiliations":[{"raw_affiliation_string":"University College London, London, United Kingdom","institution_ids":["https://openalex.org/I45129253"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5108226584","display_name":"M. Angela Sasse","orcid":"https://orcid.org/0000-0003-1823-5505"},"institutions":[{"id":"https://openalex.org/I45129253","display_name":"University College London","ror":"https://ror.org/02jx3x895","country_code":"GB","type":"education","lineage":["https://openalex.org/I124357947","https://openalex.org/I45129253"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"M. Angela Sasse","raw_affiliation_strings":["University College London, London, United Kingdom"],"affiliations":[{"raw_affiliation_string":"University College London, London, United Kingdom","institution_ids":["https://openalex.org/I45129253"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5029742737"],"corresponding_institution_ids":["https://openalex.org/I45129253"],"apc_list":null,"apc_paid":null,"fwci":47.8516,"has_fulltext":false,"cited_by_count":328,"citation_normalized_percentile":{"value":0.9977381,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"383","last_page":"392"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9937000274658203,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10803","display_name":"Innovative Human-Technology Interaction","score":0.9836999773979187,"subfield":{"id":"https://openalex.org/subfields/1709","display_name":"Human-Computer Interaction"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/workaround","display_name":"Workaround","score":0.9697731733322144},{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.9314740300178528},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6764320731163025},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6397321224212646},{"id":"https://openalex.org/keywords/password-policy","display_name":"Password policy","score":0.5813188552856445},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.48832961916923523},{"id":"https://openalex.org/keywords/password-strength","display_name":"Password strength","score":0.4779139459133148},{"id":"https://openalex.org/keywords/one-time-password","display_name":"One-time password","score":0.39023256301879883},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.05597186088562012}],"concepts":[{"id":"https://openalex.org/C194541083","wikidata":"https://www.wikidata.org/wiki/Q457174","display_name":"Workaround","level":2,"score":0.9697731733322144},{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.9314740300178528},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6764320731163025},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6397321224212646},{"id":"https://openalex.org/C98705547","wikidata":"https://www.wikidata.org/wiki/Q3394687","display_name":"Password policy","level":4,"score":0.5813188552856445},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.48832961916923523},{"id":"https://openalex.org/C70530487","wikidata":"https://www.wikidata.org/wiki/Q1990841","display_name":"Password strength","level":4,"score":0.4779139459133148},{"id":"https://openalex.org/C89479133","wikidata":"https://www.wikidata.org/wiki/Q1137840","display_name":"One-time password","level":3,"score":0.39023256301879883},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.05597186088562012}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/1753326.1753384","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1753326.1753384","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the SIGCHI Conference on Human Factors in Computing Systems","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":17,"referenced_works":["https://openalex.org/W19073260","https://openalex.org/W1582097881","https://openalex.org/W1582830784","https://openalex.org/W1605824561","https://openalex.org/W1964559040","https://openalex.org/W2016310229","https://openalex.org/W2037202491","https://openalex.org/W2042720915","https://openalex.org/W2045591401","https://openalex.org/W2078635913","https://openalex.org/W2084044852","https://openalex.org/W2100783932","https://openalex.org/W2138885258","https://openalex.org/W2149929743","https://openalex.org/W2161856816","https://openalex.org/W2165117198","https://openalex.org/W2171920515"],"related_works":["https://openalex.org/W2969720675","https://openalex.org/W2359085393","https://openalex.org/W2156083280","https://openalex.org/W2953105088","https://openalex.org/W1844709308","https://openalex.org/W2936467198","https://openalex.org/W2949495265","https://openalex.org/W2021087413","https://openalex.org/W72859687","https://openalex.org/W4214849386"],"abstract_inverted_index":{"HCI":[0],"research":[1],"published":[2],"10":[3],"years":[4],"ago":[5],"pointed":[6],"out":[7],"that":[8],"many":[9],"users":[10],"cannot":[11],"cope":[12],"with":[13],"the":[14,40],"number":[15],"and":[16,20,36],"complexity":[17],"of":[18],"passwords,":[19],"resort":[21],"to":[22],"insecure":[23],"workarounds":[24],"as":[25],"a":[26,30],"consequence.":[27],"We":[28],"present":[29],"study":[31],"which":[32],"re-examined":[33],"password":[34,37],"policies":[35],"practice":[38],"in":[39],"workplace":[41],"today.":[42]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":8},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":9},{"year":2022,"cited_by_count":9},{"year":2021,"cited_by_count":17},{"year":2020,"cited_by_count":21},{"year":2019,"cited_by_count":25},{"year":2018,"cited_by_count":33},{"year":2017,"cited_by_count":29},{"year":2016,"cited_by_count":33},{"year":2015,"cited_by_count":29},{"year":2014,"cited_by_count":40},{"year":2013,"cited_by_count":28},{"year":2012,"cited_by_count":17}],"updated_date":"2026-04-14T08:04:32.555800","created_date":"2025-10-10T00:00:00"}