{"id":"https://openalex.org/W2394619600","doi":"https://doi.org/10.1145/2858036.2858546","title":"Do Users' Perceptions of Password Security Match Reality?","display_name":"Do Users' Perceptions of Password Security Match Reality?","publication_year":2016,"publication_date":"2016-05-05","ids":{"openalex":"https://openalex.org/W2394619600","doi":"https://doi.org/10.1145/2858036.2858546","mag":"2394619600"},"language":"en","primary_location":{"id":"doi:10.1145/2858036.2858546","is_oa":true,"landing_page_url":"https://doi.org/10.1145/2858036.2858546","pdf_url":"http://dl.acm.org/ft_gateway.cfm?id=2858546&type=pdf","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"http://dl.acm.org/ft_gateway.cfm?id=2858546&type=pdf","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5071246801","display_name":"Blase Ur","orcid":"https://orcid.org/0000-0001-9365-3155"},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Blase Ur","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, PA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, PA, USA","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5057971778","display_name":"Jonathan Bees","orcid":null},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jonathan Bees","raw_affiliation_strings":["The Pennsylvania State University, State College, PA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"The Pennsylvania State University, State College, PA, USA","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5023095278","display_name":"Sean M. Segreti","orcid":null},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sean M. Segreti","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, PA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, PA, USA","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5002939847","display_name":"Lujo Bauer","orcid":"https://orcid.org/0000-0002-8209-6792"},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Lujo Bauer","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, PA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, PA, USA","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5078075278","display_name":"Nicolas Christin","orcid":"https://orcid.org/0000-0002-2506-8031"},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Nicolas Christin","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, PA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, PA, USA","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5072760035","display_name":"Lorrie Faith Cranor","orcid":"https://orcid.org/0000-0003-2125-0124"},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Lorrie Faith Cranor","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, PA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, PA, USA","institution_ids":["https://openalex.org/I74973139"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":48.3252,"has_fulltext":true,"cited_by_count":157,"citation_normalized_percentile":{"value":0.9983573,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":95,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"3748","last_page":"3760"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10803","display_name":"Innovative Human-Technology Interaction","score":0.9876999855041504,"subfield":{"id":"https://openalex.org/subfields/1709","display_name":"Human-Computer Interaction"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9868999719619751,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.9681634902954102},{"id":"https://openalex.org/keywords/cognitive-password","display_name":"Cognitive password","score":0.8265471458435059},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6852871179580688},{"id":"https://openalex.org/keywords/password-strength","display_name":"Password strength","score":0.6546558737754822},{"id":"https://openalex.org/keywords/perception","display_name":"Perception","score":0.6031216979026794},{"id":"https://openalex.org/keywords/password-policy","display_name":"Password policy","score":0.5844541788101196},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5148648023605347},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.4806629419326782},{"id":"https://openalex.org/keywords/one-time-password","display_name":"One-time password","score":0.29528847336769104},{"id":"https://openalex.org/keywords/psychology","display_name":"Psychology","score":0.1637958586215973}],"concepts":[{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.9681634902954102},{"id":"https://openalex.org/C23875713","wikidata":"https://www.wikidata.org/wiki/Q5141232","display_name":"Cognitive password","level":5,"score":0.8265471458435059},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6852871179580688},{"id":"https://openalex.org/C70530487","wikidata":"https://www.wikidata.org/wiki/Q1990841","display_name":"Password strength","level":4,"score":0.6546558737754822},{"id":"https://openalex.org/C26760741","wikidata":"https://www.wikidata.org/wiki/Q160402","display_name":"Perception","level":2,"score":0.6031216979026794},{"id":"https://openalex.org/C98705547","wikidata":"https://www.wikidata.org/wiki/Q3394687","display_name":"Password policy","level":4,"score":0.5844541788101196},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5148648023605347},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.4806629419326782},{"id":"https://openalex.org/C89479133","wikidata":"https://www.wikidata.org/wiki/Q1137840","display_name":"One-time password","level":3,"score":0.29528847336769104},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.1637958586215973},{"id":"https://openalex.org/C169760540","wikidata":"https://www.wikidata.org/wiki/Q207011","display_name":"Neuroscience","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2858036.2858546","is_oa":true,"landing_page_url":"https://doi.org/10.1145/2858036.2858546","pdf_url":"http://dl.acm.org/ft_gateway.cfm?id=2858546&type=pdf","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/2858036.2858546","is_oa":true,"landing_page_url":"https://doi.org/10.1145/2858036.2858546","pdf_url":"http://dl.acm.org/ft_gateway.cfm?id=2858546&type=pdf","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G7098812956","display_name":"IGERT: Usable Privacy and Security","funder_award_id":"0903659","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G7194801777","display_name":"TC: Small: An Empirical Study of Text-based Passwords and Their Users","funder_award_id":"1116776","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G7247753775","display_name":null,"funder_award_id":"DGE-0903659","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320308943","display_name":"Microsoft Research","ror":"https://ror.org/00d0nc645"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2394619600.pdf","grobid_xml":"https://content.openalex.org/works/W2394619600.grobid-xml"},"referenced_works_count":60,"referenced_works":["https://openalex.org/W143386018","https://openalex.org/W150647875","https://openalex.org/W178850302","https://openalex.org/W1267153886","https://openalex.org/W1463518955","https://openalex.org/W1463944966","https://openalex.org/W1466389411","https://openalex.org/W1481908410","https://openalex.org/W1534968492","https://openalex.org/W1554853440","https://openalex.org/W1582879267","https://openalex.org/W1591302859","https://openalex.org/W1931604409","https://openalex.org/W1963828660","https://openalex.org/W1970008263","https://openalex.org/W1971295515","https://openalex.org/W1971881814","https://openalex.org/W1984367702","https://openalex.org/W2007488200","https://openalex.org/W2019578814","https://openalex.org/W2020937129","https://openalex.org/W2025448348","https://openalex.org/W2030112111","https://openalex.org/W2033128885","https://openalex.org/W2037202491","https://openalex.org/W2046810302","https://openalex.org/W2048755632","https://openalex.org/W2050296478","https://openalex.org/W2054626033","https://openalex.org/W2067019646","https://openalex.org/W2073342447","https://openalex.org/W2080051698","https://openalex.org/W2089884450","https://openalex.org/W2091833612","https://openalex.org/W2097267243","https://openalex.org/W2098392629","https://openalex.org/W2098865355","https://openalex.org/W2099536489","https://openalex.org/W2104773223","https://openalex.org/W2111397260","https://openalex.org/W2114269021","https://openalex.org/W2119298903","https://openalex.org/W2121386924","https://openalex.org/W2121800893","https://openalex.org/W2133824719","https://openalex.org/W2134080857","https://openalex.org/W2141708418","https://openalex.org/W2163006719","https://openalex.org/W2167841397","https://openalex.org/W2167841977","https://openalex.org/W2171920515","https://openalex.org/W2174113119","https://openalex.org/W2213813610","https://openalex.org/W2218132318","https://openalex.org/W2260434259","https://openalex.org/W2361580210","https://openalex.org/W2404167293","https://openalex.org/W2406775074","https://openalex.org/W2521009787","https://openalex.org/W6670639817"],"related_works":["https://openalex.org/W2969720675","https://openalex.org/W2936467198","https://openalex.org/W1982158666","https://openalex.org/W78975431","https://openalex.org/W2596869006","https://openalex.org/W4214849386","https://openalex.org/W2203557291","https://openalex.org/W2115218409","https://openalex.org/W72859687","https://openalex.org/W143386018"],"abstract_inverted_index":{"Although":[0],"many":[1],"users":[2,10,131,143],"create":[3],"predictable":[4,15,134],"passwords,":[5,55],"the":[6,22,28,47,59,76,109],"extent":[7],"to":[8,45],"which":[9],"realize":[11],"these":[12],"passwords":[13,32,66,80,124],"are":[14],"is":[16],"not":[17],"well":[18,57],"understood.":[19],"We":[20,115,136],"investigate":[21],"relationship":[23],"between":[24],"users'":[25],"perceptions":[26,98],"of":[27,30,50,54,63,78,99,111,122],"strength":[29],"specific":[31],"and":[33,61,67,84,87],"their":[34],"actual":[35],"strength.":[36],"In":[37],"this":[38],"165-participant":[39],"online":[40],"study,":[41],"we":[42],"ask":[43],"participants":[44],"rate":[46],"comparative":[48],"security":[49,60],"carefully":[51],"juxtaposed":[52],"pairs":[53],"as":[56,58],"memorability":[62],"both":[64],"existing":[65],"common":[68,82],"password-creation":[69],"strategies.":[70],"Participants":[71],"had":[72],"serious":[73],"misconceptions":[74],"about":[75],"impact":[77],"basing":[79],"on":[81],"phrases":[83],"including":[85],"digits":[86],"keyboard":[88],"patterns":[89],"in":[90,93,119],"passwords.":[91,135,146],"However,":[92],"most":[94],"other":[95],"cases,":[96],"participants'":[97,120],"what":[100],"characteristics":[101],"make":[102,133,144],"a":[103],"password":[104],"secure":[105],"were":[106],"consistent":[107],"with":[108,138],"performance":[110],"current":[112],"password-cracking":[113],"tools.":[114],"find":[116],"large":[117],"variance":[118],"understanding":[121],"how":[123],"may":[125],"be":[126],"attacked,":[127],"potentially":[128],"explaining":[129],"why":[130],"nonetheless":[132],"conclude":[137],"design":[139],"directions":[140],"for":[141],"helping":[142],"better":[145]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":7},{"year":2024,"cited_by_count":12},{"year":2023,"cited_by_count":12},{"year":2022,"cited_by_count":15},{"year":2021,"cited_by_count":20},{"year":2020,"cited_by_count":20},{"year":2019,"cited_by_count":19},{"year":2018,"cited_by_count":23},{"year":2017,"cited_by_count":21},{"year":2016,"cited_by_count":7}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}