{"id":"https://openalex.org/W4299818415","doi":"https://doi.org/10.1145/3133956.3134082","title":"Why Do Developers Get Password Storage Wrong?","display_name":"Why Do Developers Get Password Storage Wrong?","publication_year":2017,"publication_date":"2017-10-27","ids":{"openalex":"https://openalex.org/W4299818415","doi":"https://doi.org/10.1145/3133956.3134082"},"language":"en","primary_location":{"id":"doi:10.1145/3133956.3134082","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3133956.3134082","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5079036523","display_name":"Alena Naiakshina","orcid":"https://orcid.org/0009-0008-1843-2027"},"institutions":[{"id":"https://openalex.org/I135140700","display_name":"University of Bonn","ror":"https://ror.org/041nas322","country_code":"DE","type":"education","lineage":["https://openalex.org/I135140700"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Alena Naiakshina","raw_affiliation_strings":["University of Bonn, Bonn, Germany"],"affiliations":[{"raw_affiliation_string":"University of Bonn, Bonn, Germany","institution_ids":["https://openalex.org/I135140700"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5110054083","display_name":"Anastasia Danilova","orcid":null},"institutions":[{"id":"https://openalex.org/I135140700","display_name":"University of Bonn","ror":"https://ror.org/041nas322","country_code":"DE","type":"education","lineage":["https://openalex.org/I135140700"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Anastasia Danilova","raw_affiliation_strings":["University of Bonn, Bonn, Germany"],"affiliations":[{"raw_affiliation_string":"University of Bonn, Bonn, Germany","institution_ids":["https://openalex.org/I135140700"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5005498852","display_name":"Christian Tiefenau","orcid":"https://orcid.org/0000-0002-0904-1437"},"institutions":[{"id":"https://openalex.org/I135140700","display_name":"University of Bonn","ror":"https://ror.org/041nas322","country_code":"DE","type":"education","lineage":["https://openalex.org/I135140700"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Christian Tiefenau","raw_affiliation_strings":["University of Bonn, Bonn, Germany"],"affiliations":[{"raw_affiliation_string":"University of Bonn, Bonn, Germany","institution_ids":["https://openalex.org/I135140700"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5017690216","display_name":"Marco Herzog","orcid":null},"institutions":[{"id":"https://openalex.org/I135140700","display_name":"University of Bonn","ror":"https://ror.org/041nas322","country_code":"DE","type":"education","lineage":["https://openalex.org/I135140700"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Marco Herzog","raw_affiliation_strings":["University of Bonn, Bonn, Germany"],"affiliations":[{"raw_affiliation_string":"University of Bonn, Bonn, Germany","institution_ids":["https://openalex.org/I135140700"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5069280200","display_name":"Sergej Dechand","orcid":null},"institutions":[{"id":"https://openalex.org/I135140700","display_name":"University of Bonn","ror":"https://ror.org/041nas322","country_code":"DE","type":"education","lineage":["https://openalex.org/I135140700"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Sergej Dechand","raw_affiliation_strings":["University of Bonn, Bonn, Germany"],"affiliations":[{"raw_affiliation_string":"University of Bonn, Bonn, Germany","institution_ids":["https://openalex.org/I135140700"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5000498964","display_name":"Matthew Smith","orcid":"https://orcid.org/0000-0002-2724-1379"},"institutions":[{"id":"https://openalex.org/I135140700","display_name":"University of Bonn","ror":"https://ror.org/041nas322","country_code":"DE","type":"education","lineage":["https://openalex.org/I135140700"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Matthew Smith","raw_affiliation_strings":["University of Bonn, Bonn, Germany"],"affiliations":[{"raw_affiliation_string":"University of Bonn, Bonn, Germany","institution_ids":["https://openalex.org/I135140700"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5079036523"],"corresponding_institution_ids":["https://openalex.org/I135140700"],"apc_list":null,"apc_paid":null,"fwci":17.35432819,"has_fulltext":false,"cited_by_count":92,"citation_normalized_percentile":{"value":0.98940182,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"311","last_page":"328"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9979000091552734,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9602000117301941,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.9434071779251099},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.777775764465332},{"id":"https://openalex.org/keywords/usability","display_name":"Usability","score":0.7608075141906738},{"id":"https://openalex.org/keywords/password-policy","display_name":"Password policy","score":0.7303268909454346},{"id":"https://openalex.org/keywords/cognitive-password","display_name":"Cognitive password","score":0.6313368678092957},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.597998857498169},{"id":"https://openalex.org/keywords/one-time-password","display_name":"One-time password","score":0.5229902267456055},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.46171116828918457},{"id":"https://openalex.org/keywords/password-strength","display_name":"Password strength","score":0.4477081298828125},{"id":"https://openalex.org/keywords/salt","display_name":"Salt (chemistry)","score":0.41524386405944824},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.3814769685268402},{"id":"https://openalex.org/keywords/human\u2013computer-interaction","display_name":"Human\u2013computer interaction","score":0.2439422309398651}],"concepts":[{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.9434071779251099},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.777775764465332},{"id":"https://openalex.org/C170130773","wikidata":"https://www.wikidata.org/wiki/Q216378","display_name":"Usability","level":2,"score":0.7608075141906738},{"id":"https://openalex.org/C98705547","wikidata":"https://www.wikidata.org/wiki/Q3394687","display_name":"Password policy","level":4,"score":0.7303268909454346},{"id":"https://openalex.org/C23875713","wikidata":"https://www.wikidata.org/wiki/Q5141232","display_name":"Cognitive password","level":5,"score":0.6313368678092957},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.597998857498169},{"id":"https://openalex.org/C89479133","wikidata":"https://www.wikidata.org/wiki/Q1137840","display_name":"One-time password","level":3,"score":0.5229902267456055},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.46171116828918457},{"id":"https://openalex.org/C70530487","wikidata":"https://www.wikidata.org/wiki/Q1990841","display_name":"Password strength","level":4,"score":0.4477081298828125},{"id":"https://openalex.org/C2776371256","wikidata":"https://www.wikidata.org/wiki/Q12370","display_name":"Salt (chemistry)","level":2,"score":0.41524386405944824},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3814769685268402},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.2439422309398651},{"id":"https://openalex.org/C147789679","wikidata":"https://www.wikidata.org/wiki/Q11372","display_name":"Physical chemistry","level":1,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3133956.3134082","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3133956.3134082","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.4300000071525574}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":60,"referenced_works":["https://openalex.org/W5925040","https://openalex.org/W37525664","https://openalex.org/W41409728","https://openalex.org/W125279808","https://openalex.org/W1466389411","https://openalex.org/W1485200701","https://openalex.org/W1498060530","https://openalex.org/W1527059802","https://openalex.org/W1582830784","https://openalex.org/W1629032878","https://openalex.org/W1639305476","https://openalex.org/W1675566660","https://openalex.org/W1783768447","https://openalex.org/W2008810193","https://openalex.org/W2030515859","https://openalex.org/W2046895806","https://openalex.org/W2048627472","https://openalex.org/W2048755632","https://openalex.org/W2053072900","https://openalex.org/W2053154970","https://openalex.org/W2072133687","https://openalex.org/W2089870583","https://openalex.org/W2097267243","https://openalex.org/W2111397260","https://openalex.org/W2114827655","https://openalex.org/W2129426180","https://openalex.org/W2134080857","https://openalex.org/W2146270836","https://openalex.org/W2154835755","https://openalex.org/W2168164069","https://openalex.org/W2222978941","https://openalex.org/W2238162854","https://openalex.org/W2256695479","https://openalex.org/W2285687272","https://openalex.org/W2346878720","https://openalex.org/W2354711464","https://openalex.org/W2357927175","https://openalex.org/W2394619600","https://openalex.org/W2396697587","https://openalex.org/W2399052817","https://openalex.org/W2511044583","https://openalex.org/W2531102441","https://openalex.org/W2537669654","https://openalex.org/W2541261609","https://openalex.org/W2576128915","https://openalex.org/W2604352222","https://openalex.org/W2610414453","https://openalex.org/W2680793898","https://openalex.org/W2698406033","https://openalex.org/W2742082076","https://openalex.org/W2757526596","https://openalex.org/W2916399511","https://openalex.org/W3004133498","https://openalex.org/W3163114408","https://openalex.org/W3203734104","https://openalex.org/W4247129296","https://openalex.org/W4248361652","https://openalex.org/W4256538166","https://openalex.org/W6629666095","https://openalex.org/W6732343188"],"related_works":["https://openalex.org/W2969720675","https://openalex.org/W2359085393","https://openalex.org/W2021087413","https://openalex.org/W2936467198","https://openalex.org/W2156083280","https://openalex.org/W4214849386","https://openalex.org/W4361801999","https://openalex.org/W2911945468","https://openalex.org/W2953105088","https://openalex.org/W72859687"],"abstract_inverted_index":{"Passwords":[0],"are":[1,44,57,66],"still":[2],"a":[3,94,104,112,126],"mainstay":[4],"of":[5,14,21,103,154],"various":[6],"security":[7],"systems,":[8],"as":[9,11],"well":[10],"the":[12,46,61,101,152],"cause":[13],"many":[15,20],"usability":[16,51,129],"issues.":[17],"For":[18],"end-users,":[19],"these":[22],"issues":[23],"have":[24,50,98],"been":[25],"studied":[26],"extensively,":[27],"highlighting":[28],"problems":[29,52],"and":[30,37,110,144],"informing":[31],"design":[32],"decisions":[33],"for":[34],"better":[35],"policies":[36],"motivating":[38],"research":[39,147],"into":[40,148],"alternatives.":[41],"However,":[42],"end-users":[43],"not":[45],"only":[47],"ones":[48],"who":[49,56,92,106],"with":[53,59,86,131,141],"passwords!":[54],"Developers":[55],"tasked":[58],"writing":[60],"code":[62],"by":[63],"which":[64],"passwords":[65],"stored":[67],"must":[68],"do":[69],"so":[70],"securely.":[71],"Yet":[72],"history":[73],"has":[74],"shown":[75],"that":[76],"this":[77,122],"complex":[78],"task":[79],"often":[80],"fails":[81],"due":[82],"to":[83,108,117,136,145],"human":[84],"error":[85],"catastrophic":[87],"results.":[88],"While":[89],"an":[90],"end-user":[91],"selects":[93],"bad":[95],"password":[96,113,142,156],"can":[97,115],"dire":[99],"consequences,":[100],"consequences":[102],"developer":[105],"forgets":[107],"hash":[109],"salt":[111],"database":[114],"lead":[116],"far":[118],"larger":[119],"problems.":[120],"In":[121],"paper":[123],"we":[124],"present":[125],"first":[127],"qualitative":[128],"study":[130],"20":[132],"computer":[133],"science":[134],"students":[135],"discover":[137],"how":[138],"developers":[139,150],"deal":[140],"storage":[143],"inform":[146],"aiding":[149],"in":[151],"creation":[153],"secure":[155],"systems.":[157]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":12},{"year":2024,"cited_by_count":9},{"year":2023,"cited_by_count":16},{"year":2022,"cited_by_count":11},{"year":2021,"cited_by_count":12},{"year":2020,"cited_by_count":13},{"year":2019,"cited_by_count":12},{"year":2018,"cited_by_count":6}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2022-10-03T00:00:00"}