{"id":"https://openalex.org/W2987263720","doi":"https://doi.org/10.1145/3319535.3354229","title":"Protocols for Checking Compromised Credentials","display_name":"Protocols for Checking Compromised Credentials","publication_year":2019,"publication_date":"2019-11-06","ids":{"openalex":"https://openalex.org/W2987263720","doi":"https://doi.org/10.1145/3319535.3354229","mag":"2987263720"},"language":"en","primary_location":{"id":"doi:10.1145/3319535.3354229","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3319535.3354229","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3319535.3354229","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3319535.3354229","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5030215396","display_name":"Lucy Li","orcid":"https://orcid.org/0000-0002-1572-8470"},"institutions":[{"id":"https://openalex.org/I205783295","display_name":"Cornell University","ror":"https://ror.org/05bnh6r87","country_code":"US","type":"education","lineage":["https://openalex.org/I205783295"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Lucy Li","raw_affiliation_strings":["Cornell University, Ithaca, NY, USA"],"affiliations":[{"raw_affiliation_string":"Cornell University, Ithaca, NY, USA","institution_ids":["https://openalex.org/I205783295"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5014563673","display_name":"Bijeeta Pal","orcid":null},"institutions":[{"id":"https://openalex.org/I205783295","display_name":"Cornell University","ror":"https://ror.org/05bnh6r87","country_code":"US","type":"education","lineage":["https://openalex.org/I205783295"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Bijeeta Pal","raw_affiliation_strings":["Cornell University, Ithaca, NY, USA"],"affiliations":[{"raw_affiliation_string":"Cornell University, Ithaca, NY, USA","institution_ids":["https://openalex.org/I205783295"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5030138105","display_name":"Junade Ali","orcid":"https://orcid.org/0000-0002-0180-070X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Junade Ali","raw_affiliation_strings":["Cloudflare Inc., London, United Kingdom"],"affiliations":[{"raw_affiliation_string":"Cloudflare Inc., London, United Kingdom","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103253694","display_name":"Nick Sullivan","orcid":"https://orcid.org/0009-0003-0550-9228"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Nick Sullivan","raw_affiliation_strings":["Cloudflare Inc., San Francisco, CA, USA"],"affiliations":[{"raw_affiliation_string":"Cloudflare Inc., San Francisco, CA, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5047666431","display_name":"Rahul Chatterjee","orcid":"https://orcid.org/0000-0002-5112-3188"},"institutions":[{"id":"https://openalex.org/I135310074","display_name":"University of Wisconsin\u2013Madison","ror":"https://ror.org/01y2jtd41","country_code":"US","type":"education","lineage":["https://openalex.org/I135310074"]},{"id":"https://openalex.org/I205783295","display_name":"Cornell University","ror":"https://ror.org/05bnh6r87","country_code":"US","type":"education","lineage":["https://openalex.org/I205783295"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Rahul Chatterjee","raw_affiliation_strings":["University of Wisconsin-Madison & Cornell Tech, Madison, WI, USA"],"affiliations":[{"raw_affiliation_string":"University of Wisconsin-Madison & Cornell Tech, Madison, WI, USA","institution_ids":["https://openalex.org/I135310074","https://openalex.org/I205783295"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5003774887","display_name":"Thomas Ristenpart","orcid":"https://orcid.org/0000-0002-8642-9558"},"institutions":[{"id":"https://openalex.org/I205783295","display_name":"Cornell University","ror":"https://ror.org/05bnh6r87","country_code":"US","type":"education","lineage":["https://openalex.org/I205783295"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Thomas Ristenpart","raw_affiliation_strings":["Cornell Tech, New York, NY, USA"],"affiliations":[{"raw_affiliation_string":"Cornell Tech, New York, NY, USA","institution_ids":["https://openalex.org/I205783295"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5030215396"],"corresponding_institution_ids":["https://openalex.org/I205783295"],"apc_list":null,"apc_paid":null,"fwci":8.1027,"has_fulltext":true,"cited_by_count":46,"citation_normalized_percentile":{"value":0.97527075,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1387","last_page":"1403"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11045","display_name":"Privacy, Security, and Data Protection","score":0.9972000122070312,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9957000017166138,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/credential","display_name":"Credential","score":0.8782186508178711},{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.876953661441803},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7525275945663452},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7247812151908875},{"id":"https://openalex.org/keywords/hash-function","display_name":"Hash function","score":0.6299097537994385},{"id":"https://openalex.org/keywords/secrecy","display_name":"Secrecy","score":0.479525089263916},{"id":"https://openalex.org/keywords/prefix","display_name":"Prefix","score":0.43105950951576233},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.42162835597991943}],"concepts":[{"id":"https://openalex.org/C2777810591","wikidata":"https://www.wikidata.org/wiki/Q16861606","display_name":"Credential","level":2,"score":0.8782186508178711},{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.876953661441803},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7525275945663452},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7247812151908875},{"id":"https://openalex.org/C99138194","wikidata":"https://www.wikidata.org/wiki/Q183427","display_name":"Hash function","level":2,"score":0.6299097537994385},{"id":"https://openalex.org/C2776452267","wikidata":"https://www.wikidata.org/wiki/Q1503443","display_name":"Secrecy","level":2,"score":0.479525089263916},{"id":"https://openalex.org/C141603448","wikidata":"https://www.wikidata.org/wiki/Q134830","display_name":"Prefix","level":2,"score":0.43105950951576233},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.42162835597991943},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3319535.3354229","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3319535.3354229","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3319535.3354229","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3319535.3354229","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3319535.3354229","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3319535.3354229","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G3427711698","display_name":"TWC: Medium: Collaborative: Distribution-Sensitive Cryptography","funder_award_id":"1514163","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G4065638449","display_name":null,"funder_award_id":"CNS-1514163,CNS-1564102","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G4626280046","display_name":null,"funder_award_id":"CNS-1514163","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G4955494390","display_name":"SaTC: CORE: Large: Collaborative: Accountable Information Use: Privacy and Fairness in Decision-Making Systems","funder_award_id":"1704527","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G505565355","display_name":null,"funder_award_id":"CNS-1564102","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G5923883542","display_name":"TTP: Medium: Democratizing Secure Password Management","funder_award_id":"1564102","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2987263720.pdf","grobid_xml":"https://content.openalex.org/works/W2987263720.grobid-xml"},"referenced_works_count":27,"referenced_works":["https://openalex.org/W1801457577","https://openalex.org/W1964835534","https://openalex.org/W2007488200","https://openalex.org/W2026179596","https://openalex.org/W2026409515","https://openalex.org/W2033498419","https://openalex.org/W2073342447","https://openalex.org/W2134479759","https://openalex.org/W2135930857","https://openalex.org/W2143087446","https://openalex.org/W2150307013","https://openalex.org/W2401976587","https://openalex.org/W2463456957","https://openalex.org/W2490171383","https://openalex.org/W2535199873","https://openalex.org/W2538793708","https://openalex.org/W2570008916","https://openalex.org/W2741648177","https://openalex.org/W2765239305","https://openalex.org/W2765667105","https://openalex.org/W2766393794","https://openalex.org/W2782867239","https://openalex.org/W2789400187","https://openalex.org/W2795178974","https://openalex.org/W2931153881","https://openalex.org/W4254884627","https://openalex.org/W6668907269"],"related_works":["https://openalex.org/W2389256677","https://openalex.org/W2013502867","https://openalex.org/W2353766896","https://openalex.org/W1986630940","https://openalex.org/W1859642347","https://openalex.org/W2123415650","https://openalex.org/W3088000181","https://openalex.org/W4387081478","https://openalex.org/W1806141658","https://openalex.org/W4285327239"],"abstract_inverted_index":{"To":[0],"prevent":[1],"credential":[2,49],"stuffing":[3],"attacks,":[4],"industry":[5],"best":[6],"practice":[7],"now":[8],"proactively":[9],"checks":[10],"if":[11],"user":[12,96],"credentials":[13],"are":[14,86],"present":[15],"in":[16,123,135],"known":[17],"data":[18],"breaches.":[19],"Recently,":[20],"some":[21,124],"web":[22],"services,":[23,61],"such":[24,45,119],"as":[25,47],"HaveIBeenPwned":[26],"(HIBP)":[27],"and":[28,65,68,156],"Google":[29],"Password":[30],"Checkup":[31],"(GPC),":[32],"have":[33,94],"started":[34],"providing":[35],"APIs":[36],"to":[37,44,131,163],"check":[38],"for":[39,113,151],"breached":[40],"passwords.":[41],"We":[42,53,109,142],"refer":[43],"services":[46,93],"compromised":[48],"checking":[50],"(C3)":[51],"services.":[52],"give":[54,70],"the":[55,79,95,106,116,127,136],"first":[56],"formal":[57],"description":[58],"of":[59,81,101,118,138],"C3":[60,92],"detailing":[62],"different":[63],"settings":[64],"operational":[66],"requirements,":[67],"we":[69],"relevant":[71],"threat":[72],"models.":[73],"One":[74],"key":[75],"security":[76],"requirement":[77],"is":[78],"secrecy":[80],"a":[82,98,102,111,132],"user's":[83,107],"passwords":[84],"that":[85,122,147,159],"being":[87],"checked.":[88],"Current":[89],"widely":[90],"deployed":[91],"share":[97],"small":[99],"prefix":[100],"hash":[103,128],"computed":[104],"over":[105],"password.":[108],"provide":[110,148],"framework":[112],"empirically":[114],"analyzing":[115],"leakage":[117],"protocols,":[120],"showing":[121],"contexts":[125],"knowing":[126],"prefixes":[129],"leads":[130],"12x":[133],"increase":[134],"efficacy":[137],"remote":[139],"guessing":[140],"attacks.":[141],"propose":[143],"two":[144],"new":[145],"protocols":[146],"stronger":[149],"protection":[150],"users'":[152],"passwords,":[153],"implement":[154],"them,":[155],"show":[157],"experimentally":[158],"they":[160],"remain":[161],"practical":[162],"deploy.":[164]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":7},{"year":2024,"cited_by_count":8},{"year":2023,"cited_by_count":6},{"year":2022,"cited_by_count":7},{"year":2021,"cited_by_count":10},{"year":2020,"cited_by_count":5},{"year":2019,"cited_by_count":1}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}