{"id":"https://openalex.org/W2097267243","doi":"https://doi.org/10.1145/1866307.1866327","title":"Testing metrics for password creation policies by attacking large sets of revealed passwords","display_name":"Testing metrics for password creation policies by attacking large sets of revealed passwords","publication_year":2010,"publication_date":"2010-10-04","ids":{"openalex":"https://openalex.org/W2097267243","doi":"https://doi.org/10.1145/1866307.1866327","mag":"2097267243"},"language":"en","primary_location":{"id":"doi:10.1145/1866307.1866327","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1866307.1866327","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 17th ACM conference on Computer and communications security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5108520684","display_name":"Matt Weir","orcid":null},"institutions":[{"id":"https://openalex.org/I103163165","display_name":"Florida State University","ror":"https://ror.org/05g3dte14","country_code":"US","type":"education","lineage":["https://openalex.org/I103163165"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Matt Weir","raw_affiliation_strings":["Florida State University, Tallahassee, FL, USA","Florida State University , Tallahassee , FL , USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Florida State University, Tallahassee, FL, USA","institution_ids":["https://openalex.org/I103163165"]},{"raw_affiliation_string":"Florida State University , Tallahassee , FL , USA","institution_ids":["https://openalex.org/I103163165"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102143121","display_name":"Sudhir Aggarwal","orcid":null},"institutions":[{"id":"https://openalex.org/I103163165","display_name":"Florida State University","ror":"https://ror.org/05g3dte14","country_code":"US","type":"education","lineage":["https://openalex.org/I103163165"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sudhir Aggarwal","raw_affiliation_strings":["Florida State University, Tallahassee, FL, USA","Florida State University , Tallahassee , FL , USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Florida State University, Tallahassee, FL, USA","institution_ids":["https://openalex.org/I103163165"]},{"raw_affiliation_string":"Florida State University , Tallahassee , FL , USA","institution_ids":["https://openalex.org/I103163165"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5111220663","display_name":"Michael Collins","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Michael Collins","raw_affiliation_strings":["Redjack LLC, Washington D.C., DC, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Redjack LLC, Washington D.C., DC, USA","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5002249024","display_name":"Henry Stern","orcid":null},"institutions":[{"id":"https://openalex.org/I151281966","display_name":"Cisco Systems (China)","ror":"https://ror.org/02qy75381","country_code":"CN","type":"company","lineage":["https://openalex.org/I135428043","https://openalex.org/I151281966"]},{"id":"https://openalex.org/I135428043","display_name":"Cisco Systems (United States)","ror":"https://ror.org/03yt1ez60","country_code":"US","type":"company","lineage":["https://openalex.org/I135428043"]}],"countries":["CN","US"],"is_corresponding":false,"raw_author_name":"Henry Stern","raw_affiliation_strings":["Cisco IronPort Systems, San Bruno, CA, USA","Cisco IronPort Systems, San Bruno, CA, USA#TAB#"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Cisco IronPort Systems, San Bruno, CA, USA","institution_ids":["https://openalex.org/I135428043"]},{"raw_affiliation_string":"Cisco IronPort Systems, San Bruno, CA, USA#TAB#","institution_ids":["https://openalex.org/I151281966"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5108520684"],"corresponding_institution_ids":["https://openalex.org/I103163165"],"apc_list":null,"apc_paid":null,"fwci":49.9466,"has_fulltext":false,"cited_by_count":410,"citation_normalized_percentile":{"value":0.99786491,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"162","last_page":"175"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9909999966621399,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9671000242233276,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.9576506614685059},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.74363774061203},{"id":"https://openalex.org/keywords/password-cracking","display_name":"Password cracking","score":0.7352690100669861},{"id":"https://openalex.org/keywords/cognitive-password","display_name":"Cognitive password","score":0.7233642339706421},{"id":"https://openalex.org/keywords/password-policy","display_name":"Password policy","score":0.7095113396644592},{"id":"https://openalex.org/keywords/password-strength","display_name":"Password strength","score":0.6813200116157532},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6357027292251587},{"id":"https://openalex.org/keywords/s/key","display_name":"S/KEY","score":0.5506153702735901},{"id":"https://openalex.org/keywords/one-time-password","display_name":"One-time password","score":0.5067344307899475},{"id":"https://openalex.org/keywords/nist","display_name":"NIST","score":0.4388166666030884},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.4265791177749634}],"concepts":[{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.9576506614685059},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.74363774061203},{"id":"https://openalex.org/C3847113","wikidata":"https://www.wikidata.org/wiki/Q2746524","display_name":"Password cracking","level":5,"score":0.7352690100669861},{"id":"https://openalex.org/C23875713","wikidata":"https://www.wikidata.org/wiki/Q5141232","display_name":"Cognitive password","level":5,"score":0.7233642339706421},{"id":"https://openalex.org/C98705547","wikidata":"https://www.wikidata.org/wiki/Q3394687","display_name":"Password policy","level":4,"score":0.7095113396644592},{"id":"https://openalex.org/C70530487","wikidata":"https://www.wikidata.org/wiki/Q1990841","display_name":"Password strength","level":4,"score":0.6813200116157532},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6357027292251587},{"id":"https://openalex.org/C4957475","wikidata":"https://www.wikidata.org/wiki/Q242186","display_name":"S/KEY","level":3,"score":0.5506153702735901},{"id":"https://openalex.org/C89479133","wikidata":"https://www.wikidata.org/wiki/Q1137840","display_name":"One-time password","level":3,"score":0.5067344307899475},{"id":"https://openalex.org/C111219384","wikidata":"https://www.wikidata.org/wiki/Q6954384","display_name":"NIST","level":2,"score":0.4388166666030884},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.4265791177749634},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/1866307.1866327","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1866307.1866327","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 17th ACM conference on Computer and communications security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.550000011920929,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":17,"referenced_works":["https://openalex.org/W12010980","https://openalex.org/W1599547597","https://openalex.org/W1995875735","https://openalex.org/W2045591401","https://openalex.org/W2054327776","https://openalex.org/W2086553822","https://openalex.org/W2100307718","https://openalex.org/W2100783932","https://openalex.org/W2109744978","https://openalex.org/W2111374852","https://openalex.org/W2123097583","https://openalex.org/W2131589410","https://openalex.org/W2135359429","https://openalex.org/W2149929743","https://openalex.org/W2343130604","https://openalex.org/W2396697587","https://openalex.org/W6677907878"],"related_works":["https://openalex.org/W2969720675","https://openalex.org/W2953105088","https://openalex.org/W2021087413","https://openalex.org/W2047210152","https://openalex.org/W1844709308","https://openalex.org/W4283835082","https://openalex.org/W2079990687","https://openalex.org/W2185274381","https://openalex.org/W2993348482","https://openalex.org/W2058558042"],"abstract_inverted_index":{"In":[0,87],"this":[1,76],"paper":[2],"we":[3,89],"attempt":[4],"to":[5,85],"determine":[6],"the":[7,21,34,55,79],"effectiveness":[8],"of":[9,20,37,78],"using":[10],"entropy,":[11],"as":[12,17,101],"defined":[13],"in":[14],"NIST":[15],"SP800-63,":[16],"a":[18],"measurement":[19],"security":[22,84],"provided":[23],"by":[24,32],"various":[25],"password":[26,39,83,97,103],"creation":[27,98],"policies.":[28],"This":[29,63],"is":[30],"accomplished":[31],"modeling":[33],"success":[35],"rate":[36],"current":[38],"cracking":[40],"techniques":[41],"against":[42],"real":[43,70],"user":[44,71],"passwords.":[45,62],"These":[46],"data":[47],"sets":[48],"were":[49],"collected":[50],"from":[51],"several":[52],"different":[53],"websites,":[54],"largest":[56,80],"one":[57,77],"containing":[58],"over":[59],"32":[60],"million":[61],"focus":[64],"on":[65,82],"actual":[66],"attack":[67],"methodologies":[68],"and":[69,105],"passwords":[72],"quite":[73],"possibly":[74],"makes":[75],"studies":[81],"date.":[86],"addition":[88],"examine":[90],"what":[91],"these":[92],"results":[93],"mean":[94],"for":[95],"standard":[96],"policies,":[99],"such":[100],"minimum":[102],"length,":[104],"character":[106],"set":[107],"requirements.":[108]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":17},{"year":2024,"cited_by_count":10},{"year":2023,"cited_by_count":8},{"year":2022,"cited_by_count":20},{"year":2021,"cited_by_count":27},{"year":2020,"cited_by_count":28},{"year":2019,"cited_by_count":36},{"year":2018,"cited_by_count":26},{"year":2017,"cited_by_count":45},{"year":2016,"cited_by_count":45},{"year":2015,"cited_by_count":46},{"year":2014,"cited_by_count":30},{"year":2013,"cited_by_count":32},{"year":2012,"cited_by_count":23}],"updated_date":"2026-05-06T08:25:59.206177","created_date":"2025-10-10T00:00:00"}