{"id":"https://openalex.org/W2983838566","doi":"https://doi.org/10.1145/3319535.3363204","title":"How to (not) Share a Password","display_name":"How to (not) Share a Password","publication_year":2019,"publication_date":"2019-11-06","ids":{"openalex":"https://openalex.org/W2983838566","doi":"https://doi.org/10.1145/3319535.3363204","mag":"2983838566"},"language":"en","primary_location":{"id":"doi:10.1145/3319535.3363204","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3319535.3363204","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5002372704","display_name":"Moni Naor","orcid":"https://orcid.org/0000-0003-3381-0221"},"institutions":[{"id":"https://openalex.org/I53964585","display_name":"Weizmann Institute of Science","ror":"https://ror.org/0316ej306","country_code":"IL","type":"education","lineage":["https://openalex.org/I53964585"]}],"countries":["IL"],"is_corresponding":true,"raw_author_name":"Moni Naor","raw_affiliation_strings":["Weizmann Institute of Science, Rehovot, Israel"],"affiliations":[{"raw_affiliation_string":"Weizmann Institute of Science, Rehovot, Israel","institution_ids":["https://openalex.org/I53964585"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5089439033","display_name":"Benny Pinkas","orcid":"https://orcid.org/0000-0002-9053-3024"},"institutions":[{"id":"https://openalex.org/I13955877","display_name":"Bar-Ilan University","ror":"https://ror.org/03kgsv495","country_code":"IL","type":"education","lineage":["https://openalex.org/I13955877"]}],"countries":["IL"],"is_corresponding":false,"raw_author_name":"Benny Pinkas","raw_affiliation_strings":["Bar-Ilan University, Ramat-Gan, Israel"],"affiliations":[{"raw_affiliation_string":"Bar-Ilan University, Ramat-Gan, Israel","institution_ids":["https://openalex.org/I13955877"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5000713291","display_name":"Eyal Ronen","orcid":"https://orcid.org/0000-0002-6013-7426"},"institutions":[{"id":"https://openalex.org/I16391192","display_name":"Tel Aviv University","ror":"https://ror.org/04mhzgx49","country_code":"IL","type":"education","lineage":["https://openalex.org/I16391192"]}],"countries":["IL"],"is_corresponding":false,"raw_author_name":"Eyal Ronen","raw_affiliation_strings":["Tel Aviv University &amp; KU Leuven, Tel Aviv, Israel"],"affiliations":[{"raw_affiliation_string":"Tel Aviv University &amp; KU Leuven, Tel Aviv, Israel","institution_ids":["https://openalex.org/I16391192"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5002372704"],"corresponding_institution_ids":["https://openalex.org/I53964585"],"apc_list":null,"apc_paid":null,"fwci":3.7307,"has_fulltext":false,"cited_by_count":19,"citation_normalized_percentile":{"value":0.94222084,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":91,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1369","last_page":"1386"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.8980849385261536},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8344842195510864},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7614361047744751},{"id":"https://openalex.org/keywords/one-time-password","display_name":"One-time password","score":0.4953133165836334},{"id":"https://openalex.org/keywords/password-strength","display_name":"Password strength","score":0.4490719735622406},{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.43686509132385254},{"id":"https://openalex.org/keywords/hacker","display_name":"Hacker","score":0.42534157633781433},{"id":"https://openalex.org/keywords/password-cracking","display_name":"Password cracking","score":0.4192661643028259},{"id":"https://openalex.org/keywords/password-policy","display_name":"Password policy","score":0.4145861268043518},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.39972400665283203},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.36705756187438965},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.20432719588279724}],"concepts":[{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.8980849385261536},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8344842195510864},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7614361047744751},{"id":"https://openalex.org/C89479133","wikidata":"https://www.wikidata.org/wiki/Q1137840","display_name":"One-time password","level":3,"score":0.4953133165836334},{"id":"https://openalex.org/C70530487","wikidata":"https://www.wikidata.org/wiki/Q1990841","display_name":"Password strength","level":4,"score":0.4490719735622406},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.43686509132385254},{"id":"https://openalex.org/C86844869","wikidata":"https://www.wikidata.org/wiki/Q2798820","display_name":"Hacker","level":2,"score":0.42534157633781433},{"id":"https://openalex.org/C3847113","wikidata":"https://www.wikidata.org/wiki/Q2746524","display_name":"Password cracking","level":5,"score":0.4192661643028259},{"id":"https://openalex.org/C98705547","wikidata":"https://www.wikidata.org/wiki/Q3394687","display_name":"Password policy","level":4,"score":0.4145861268043518},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.39972400665283203},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.36705756187438965},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.20432719588279724}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3319535.3363204","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3319535.3363204","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":25,"referenced_works":["https://openalex.org/W5855678","https://openalex.org/W1502953220","https://openalex.org/W1586353361","https://openalex.org/W1589034595","https://openalex.org/W1601518260","https://openalex.org/W1694136297","https://openalex.org/W1986293063","https://openalex.org/W2012992615","https://openalex.org/W2027595342","https://openalex.org/W2048755632","https://openalex.org/W2084682902","https://openalex.org/W2099868491","https://openalex.org/W2106217851","https://openalex.org/W2145818182","https://openalex.org/W2167236842","https://openalex.org/W2167372639","https://openalex.org/W2578455612","https://openalex.org/W2605062226","https://openalex.org/W2610672090","https://openalex.org/W2662464606","https://openalex.org/W2734150319","https://openalex.org/W3102859907","https://openalex.org/W3103108607","https://openalex.org/W4210300416","https://openalex.org/W6657138077"],"related_works":["https://openalex.org/W4299928509","https://openalex.org/W2969720675","https://openalex.org/W2743151892","https://openalex.org/W2017283799","https://openalex.org/W1571454820","https://openalex.org/W3157555135","https://openalex.org/W2953105088","https://openalex.org/W2596766976","https://openalex.org/W2989690789","https://openalex.org/W3088784215"],"abstract_inverted_index":{"Bad":[0],"choices":[1],"of":[2,82,104,169,181,197,259],"passwords":[3,13,27,75,84],"were":[4,31],"and":[5,25,38,78,111,133,151,232,234],"are":[6,118],"a":[7,55,70,80,101,166,206,221,236],"pervasive":[8],"problem.":[9],"Users":[10],"choosing":[11],"weak":[12],"do":[14],"not":[15,145],"only":[16],"compromise":[17,100],"themselves,":[18],"but":[19],"the":[20,48,60,105,138,155,175,179,185,198,214,217,257,266,272],"whole":[21],"ecosystem.":[22],"E.g,":[23],"common":[24],"default":[26],"in":[28,248,256],"IoT":[29,240],"devices":[30,170],"exploited":[32],"by":[33,271],"hackers":[34],"to":[35,57,72,99,136,154,173,177,251],"create":[36],"botnets":[37],"mount":[39],"severe":[40],"attacks":[41],"on":[42,229,238],"large":[43,64,102],"Internet":[44,61],"services,":[45],"such":[46,63],"as":[47,115,200],"Mirai":[49],"botnet":[50],"DDoS":[51],"attack.":[52],"We":[53,127],"present":[54],"method":[56,68],"help":[58],"protect":[59,137],"from":[62],"scale":[65],"attacks.":[66],"Our":[67,142,157,242],"enables":[69],"server":[71],"identify":[73],"popular":[74,268],"(heavy":[76],"hitters),":[77],"publish":[79],"list":[81,108],"over-popular":[83],"that":[85,92,184,216],"must":[86],"be":[87,97,113,246],"avoided.":[88],"This":[89],"filter":[90],"ensures":[91,191],"no":[93],"single":[94],"password":[95,140,183],"can":[96,112,244],"used":[98,247],"percentage":[103],"users.":[106],"The":[107],"is":[109,152,162,187],"dynamic":[110],"changed":[114],"new":[116],"users":[117,123],"added":[119],"or":[120,149],"when":[121],"current":[122],"change":[124],"their":[125],"passwords.":[126],"apply":[128],"maliciously":[129],"secure":[130,163],"two-party":[131],"computation":[132],"differential":[134,192],"privacy":[135,193],"users'":[139],"privacy.":[141],"solution":[143],"does":[144],"require":[146],"extra":[147],"hardware":[148],"cost,":[150],"transparent":[153],"user.":[156],"private":[158],"heavy":[159,254],"hitters":[160,255],"construction":[161,243],"even":[164],"against":[165],"malicious":[167,262],"coalition":[168],"which":[171],"tries":[172],"manipulate":[174],"protocol":[176],"hide":[178],"popularity":[180],"some":[182],"attacker":[186],"exploiting.":[188],"It":[189],"also":[190,245],"under":[194],"continual":[195],"observation":[196],"blacklist":[199],"it":[201],"changes":[202],"over":[203],"time.":[204],"As":[205],"reality":[207],"check":[208],"we":[209],"conducted":[210],"three":[211],"tests:":[212],"computed":[213],"guarantees":[215],"system":[218],"provides":[219],"wrt":[220],"few":[222],"publicly":[223],"available":[224],"databases,":[225,231],"ran":[226],"full":[227],"simulations":[228],"those":[230],"implemented":[233],"analyzed":[235],"proof-of-concept":[237],"an":[239,260],"device.":[241],"other":[249],"settings":[250],"privately":[252],"learn":[253],"presence":[258],"active":[261],"adversary.":[263],"E.g.,":[264],"learning":[265],"most":[267],"sites":[269],"accessed":[270],"Tor":[273],"network.":[274]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":5},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":3},{"year":2020,"cited_by_count":3},{"year":2019,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}