{"id":"https://openalex.org/W1526870393","doi":"https://doi.org/10.1145/2739044","title":"A Large-Scale Evaluation of High-Impact Password Strength Meters","display_name":"A Large-Scale Evaluation of High-Impact Password Strength Meters","publication_year":2015,"publication_date":"2015-05-27","ids":{"openalex":"https://openalex.org/W1526870393","doi":"https://doi.org/10.1145/2739044","mag":"1526870393"},"language":"en","primary_location":{"id":"doi:10.1145/2739044","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2739044","pdf_url":null,"source":{"id":"https://openalex.org/S2642811","display_name":"ACM Transactions on Information and System Security","issn_l":"1094-9224","issn":["1094-9224","1557-7406"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Information and System Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5025487194","display_name":"Xavier de Carn\u00e9 de Carnavalet","orcid":"https://orcid.org/0000-0003-2664-3963"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Xavier De Carn\u00e9 De Carnavalet","raw_affiliation_strings":["Concordia University","Concordia University,"],"affiliations":[{"raw_affiliation_string":"Concordia University","institution_ids":["https://openalex.org/I60158472"]},{"raw_affiliation_string":"Concordia University,","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5055898168","display_name":"Mohammad Mannan","orcid":"https://orcid.org/0000-0002-9630-5858"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Mohammad Mannan","raw_affiliation_strings":["Concordia University","Concordia University,"],"affiliations":[{"raw_affiliation_string":"Concordia University","institution_ids":["https://openalex.org/I60158472"]},{"raw_affiliation_string":"Concordia University,","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5025487194"],"corresponding_institution_ids":["https://openalex.org/I60158472"],"apc_list":null,"apc_paid":null,"fwci":33.1665,"has_fulltext":false,"cited_by_count":100,"citation_normalized_percentile":{"value":0.99624097,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":100},"biblio":{"volume":"18","issue":"1","first_page":"1","last_page":"32"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9968000054359436,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9821000099182129,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.9659602642059326},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7732466459274292},{"id":"https://openalex.org/keywords/password-strength","display_name":"Password strength","score":0.7354134917259216},{"id":"https://openalex.org/keywords/cognitive-password","display_name":"Cognitive password","score":0.6266493201255798},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5985060930252075},{"id":"https://openalex.org/keywords/password-cracking","display_name":"Password cracking","score":0.5852488279342651},{"id":"https://openalex.org/keywords/password-policy","display_name":"Password policy","score":0.5604323744773865},{"id":"https://openalex.org/keywords/one-time-password","display_name":"One-time password","score":0.47910574078559875},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.4238373637199402}],"concepts":[{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.9659602642059326},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7732466459274292},{"id":"https://openalex.org/C70530487","wikidata":"https://www.wikidata.org/wiki/Q1990841","display_name":"Password strength","level":4,"score":0.7354134917259216},{"id":"https://openalex.org/C23875713","wikidata":"https://www.wikidata.org/wiki/Q5141232","display_name":"Cognitive password","level":5,"score":0.6266493201255798},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5985060930252075},{"id":"https://openalex.org/C3847113","wikidata":"https://www.wikidata.org/wiki/Q2746524","display_name":"Password cracking","level":5,"score":0.5852488279342651},{"id":"https://openalex.org/C98705547","wikidata":"https://www.wikidata.org/wiki/Q3394687","display_name":"Password policy","level":4,"score":0.5604323744773865},{"id":"https://openalex.org/C89479133","wikidata":"https://www.wikidata.org/wiki/Q1137840","display_name":"One-time password","level":3,"score":0.47910574078559875},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.4238373637199402}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/2739044","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2739044","pdf_url":null,"source":{"id":"https://openalex.org/S2642811","display_name":"ACM Transactions on Information and System Security","issn_l":"1094-9224","issn":["1094-9224","1557-7406"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Information and System Security","raw_type":"journal-article"},{"id":"pmh:oai:https://spectrum.library.concordia.ca:978410","is_oa":false,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4306400871","display_name":"Spectrum Research Repository (Concordia University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I60158472","host_organization_name":"Concordia University","host_organization_lineage":["https://openalex.org/I60158472"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"acceptedVersion","is_accepted":true,"is_published":false,"raw_source_name":"","raw_type":"Thesis"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.4099999964237213,"display_name":"Quality Education","id":"https://metadata.un.org/sdg/4"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":56,"referenced_works":["https://openalex.org/W19073260","https://openalex.org/W42204834","https://openalex.org/W88813478","https://openalex.org/W143386018","https://openalex.org/W167157979","https://openalex.org/W178526229","https://openalex.org/W182239007","https://openalex.org/W1267153886","https://openalex.org/W1487941708","https://openalex.org/W1505010935","https://openalex.org/W1534468029","https://openalex.org/W1546147126","https://openalex.org/W1548573590","https://openalex.org/W1551931061","https://openalex.org/W1976421215","https://openalex.org/W1984314602","https://openalex.org/W1987516957","https://openalex.org/W1993263140","https://openalex.org/W1995344443","https://openalex.org/W2014833947","https://openalex.org/W2016605023","https://openalex.org/W2019578814","https://openalex.org/W2022580268","https://openalex.org/W2025448348","https://openalex.org/W2037202491","https://openalex.org/W2047917391","https://openalex.org/W2048755632","https://openalex.org/W2050296478","https://openalex.org/W2053030258","https://openalex.org/W2053474249","https://openalex.org/W2054626033","https://openalex.org/W2061956102","https://openalex.org/W2067768204","https://openalex.org/W2073342447","https://openalex.org/W2086553822","https://openalex.org/W2097267243","https://openalex.org/W2100783932","https://openalex.org/W2111397260","https://openalex.org/W2113266120","https://openalex.org/W2114525843","https://openalex.org/W2119545418","https://openalex.org/W2121386924","https://openalex.org/W2127171880","https://openalex.org/W2134080857","https://openalex.org/W2135359429","https://openalex.org/W2149929743","https://openalex.org/W2150341374","https://openalex.org/W2167841397","https://openalex.org/W2171920515","https://openalex.org/W2255369088","https://openalex.org/W2325203321","https://openalex.org/W2340738312","https://openalex.org/W2350778671","https://openalex.org/W2396697587","https://openalex.org/W4285719527","https://openalex.org/W4298423176"],"related_works":["https://openalex.org/W2097945858","https://openalex.org/W2257115038","https://openalex.org/W4283835082","https://openalex.org/W1844709308","https://openalex.org/W4321600778","https://openalex.org/W3013108623","https://openalex.org/W2185274381","https://openalex.org/W2079990687","https://openalex.org/W2025554913","https://openalex.org/W4284891686"],"abstract_inverted_index":{"Passwords":[0],"are":[1,54,67,102,123,166],"ubiquitous":[2],"in":[3,84,160,202,268,293,327],"our":[4,25],"daily":[5],"digital":[6],"lives.":[7],"They":[8],"protect":[9,132],"various":[10],"types":[11],"of":[12,100,157,240,250,259,274,304],"assets":[13],"ranging":[14],"from":[15,230],"a":[16,154,194,295],"simple":[17],"account":[18],"on":[19,28,108,169,245],"an":[20,324],"online":[21],"newspaper":[22],"website":[23],"to":[24,33,56,60,69,82,89,92,105,149,227],"health":[26],"information":[27],"government":[29],"websites.":[30],"However,":[31,163],"due":[32],"the":[34,215,218,223,247,265,302,308,328],"inherent":[35],"value":[36],"they":[37,95],"protect,":[38],"attackers":[39],"have":[40,140],"developed":[41],"insights":[42],"into":[43,127],"cracking/guessing":[44],"passwords":[45,59,116,229,277],"both":[46],"offline":[47],"and":[48,72,206,221,256,288,298,320],"online.":[49],"In":[50],"many":[51,275],"cases,":[52],"users":[53,71,93,101,148,292],"forced":[55],"choose":[57,150],"stronger":[58,296],"comply":[61],"with":[62,238,272],"password":[63,77,129,161,199,207,232,267],"policies;":[64],"such":[65],"policies":[66],"known":[68],"alienate":[70],"do":[73,180],"not":[74,181],"significantly":[75],"improve":[76,317],"quality.":[78],"Another":[79],"solution":[80],"is":[81,153],"put":[83],"place":[85],"proactive":[86],"password-strength":[87],"meters/checkers":[88],"give":[90],"feedback":[91],"while":[94],"create":[96],"new":[97],"passwords.":[98,137],"Millions":[99],"now":[103],"exposed":[104],"these":[106,121,164,305,313],"meters":[107,122,145,165,200,254,319],"highly":[109,260],"popular":[110,128,204],"web":[111,252],"services":[112],"that":[113,143],"use":[114],"user-chosen":[115],"for":[117,185,264],"authentication.":[118],"More":[119],"recently,":[120],"also":[124],"being":[125,278],"built":[126],"managers,":[130],"which":[131],"several":[133,231],"user":[134],"secrets":[135],"including":[136],"Recent":[138],"studies":[139],"found":[141],"evidence":[142],"some":[144,251],"actually":[146],"guide":[147],"better":[151],"passwords\u2014which":[152],"rare":[155],"bit":[156],"good":[158],"news":[159],"research.":[162],"mostly":[167],"based":[168],"ad":[170],"hoc":[171],"design.":[172],"At":[173],"least,":[174],"as":[175,193,280],"we":[176,242,311],"found,":[177],"most":[178],"vendors":[179],"provide":[182,257],"any":[183],"explanation":[184],"their":[186],"design":[187],"choices,":[188],"sometimes":[189],"making":[190],"them":[191,323],"appear":[192],"black":[195],"box.":[196],"We":[197,209],"analyze":[198],"deployed":[201],"selected":[203],"websites":[205],"managers.":[208],"document":[210],"obfuscated":[211],"source-available":[212],"meters,":[213,270],"infer":[214],"algorithm":[216],"behind":[217],"closed-source":[219],"ones,":[220],"measure":[222],"strength":[224,262],"labels":[225],"assigned":[226],"common":[228],"dictionaries.":[233],"From":[234],"this":[235],"empirical":[236],"analysis":[237],"millions":[239],"passwords,":[241],"shed":[243],"light":[244],"how":[246],"server":[248],"end":[249],"service":[253],"functions":[255],"examples":[258,273],"inconsistent":[261],"outcomes":[263],"same":[266],"different":[269],"along":[271],"weak":[276],"labeled":[279],"strong":[281],"or":[282],"even":[283],"excellent":[284],".":[285],"These":[286],"weaknesses":[287],"inconsistencies":[289],"may":[290,300,315],"confuse":[291],"choosing":[294],"password,":[297],"thus":[299],"weaken":[301],"purpose":[303],"meters.":[306],"On":[307],"other":[309],"hand,":[310],"believe":[312],"findings":[314],"help":[316],"existing":[318],"possibly":[321],"make":[322],"effective":[325],"tool":[326],"long":[329],"run.":[330]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":8},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":7},{"year":2021,"cited_by_count":10},{"year":2020,"cited_by_count":11},{"year":2019,"cited_by_count":14},{"year":2018,"cited_by_count":17},{"year":2017,"cited_by_count":11},{"year":2016,"cited_by_count":10},{"year":2015,"cited_by_count":2},{"year":2014,"cited_by_count":1}],"updated_date":"2026-03-13T16:22:10.518609","created_date":"2025-10-10T00:00:00"}