{"id":"https://openalex.org/W3042043427","doi":"https://doi.org/10.1145/3320269.3384762","title":"Skeptic: Automatic, Justified and Privacy-Preserving Password Composition Policy Selection","display_name":"Skeptic: Automatic, Justified and Privacy-Preserving Password Composition Policy Selection","publication_year":2020,"publication_date":"2020-10-05","ids":{"openalex":"https://openalex.org/W3042043427","doi":"https://doi.org/10.1145/3320269.3384762","mag":"3042043427"},"language":"en","primary_location":{"id":"doi:10.1145/3320269.3384762","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3320269.3384762","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 15th ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2007.03809","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5079654210","display_name":"Saul Johnson","orcid":"https://orcid.org/0000-0001-9876-3775"},"institutions":[{"id":"https://openalex.org/I874055015","display_name":"Teesside University","ror":"https://ror.org/03z28gk75","country_code":"GB","type":"education","lineage":["https://openalex.org/I874055015"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Saul Johnson","raw_affiliation_strings":["Teesside University, Middlesbrough, United Kingdom"],"affiliations":[{"raw_affiliation_string":"Teesside University, Middlesbrough, United Kingdom","institution_ids":["https://openalex.org/I874055015"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5012075571","display_name":"Jo\u00e3o F. Ferreira","orcid":"https://orcid.org/0000-0002-6612-9013"},"institutions":[{"id":"https://openalex.org/I141596103","display_name":"University of Lisbon","ror":"https://ror.org/01c27hj86","country_code":"PT","type":"education","lineage":["https://openalex.org/I141596103"]},{"id":"https://openalex.org/I121345201","display_name":"Instituto de Engenharia de Sistemas e Computadores Investiga\u00e7\u00e3o e Desenvolvimento","ror":"https://ror.org/04mqy3p58","country_code":"PT","type":"nonprofit","lineage":["https://openalex.org/I121345201","https://openalex.org/I4210125590"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Jo\u00e3o F. Ferreira","raw_affiliation_strings":["INESC-ID and Instituto Superior T\u00e9cnico, University of Lisbon, Lisbon, Portugal"],"affiliations":[{"raw_affiliation_string":"INESC-ID and Instituto Superior T\u00e9cnico, University of Lisbon, Lisbon, Portugal","institution_ids":["https://openalex.org/I121345201","https://openalex.org/I141596103"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101599601","display_name":"Alexandra Mendes","orcid":"https://orcid.org/0000-0001-8060-5920"},"institutions":[{"id":"https://openalex.org/I4210166615","display_name":"INESC TEC","ror":"https://ror.org/05fa8ka61","country_code":"PT","type":"nonprofit","lineage":["https://openalex.org/I4210125590","https://openalex.org/I4210166615"]},{"id":"https://openalex.org/I161321875","display_name":"University of Beira Interior","ror":"https://ror.org/03nf36p02","country_code":"PT","type":"education","lineage":["https://openalex.org/I161321875"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Alexandra Mendes","raw_affiliation_strings":["HASLab, INESC TEC, Porto &amp; Universidade da Beira Interior, Covilh\u00e3, Portugal"],"affiliations":[{"raw_affiliation_string":"HASLab, INESC TEC, Porto &amp; Universidade da Beira Interior, Covilh\u00e3, Portugal","institution_ids":["https://openalex.org/I161321875","https://openalex.org/I4210166615"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5084555294","display_name":"Julien Cordry","orcid":"https://orcid.org/0000-0002-6489-3026"},"institutions":[{"id":"https://openalex.org/I874055015","display_name":"Teesside University","ror":"https://ror.org/03z28gk75","country_code":"GB","type":"education","lineage":["https://openalex.org/I874055015"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Julien Cordry","raw_affiliation_strings":["Teesside University, Middlesbrough, United Kingdom"],"affiliations":[{"raw_affiliation_string":"Teesside University, Middlesbrough, United Kingdom","institution_ids":["https://openalex.org/I874055015"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5079654210"],"corresponding_institution_ids":["https://openalex.org/I874055015"],"apc_list":null,"apc_paid":null,"fwci":1.666,"has_fulltext":false,"cited_by_count":7,"citation_normalized_percentile":{"value":0.88220659,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"101","last_page":"115"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9717000126838684,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11519","display_name":"Digital Mental Health Interventions","score":0.9365000128746033,"subfield":{"id":"https://openalex.org/subfields/3202","display_name":"Applied Psychology"},"field":{"id":"https://openalex.org/fields/32","display_name":"Psychology"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.9475032687187195},{"id":"https://openalex.org/keywords/cognitive-password","display_name":"Cognitive password","score":0.8476308584213257},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8001962900161743},{"id":"https://openalex.org/keywords/password-strength","display_name":"Password strength","score":0.7790274620056152},{"id":"https://openalex.org/keywords/password-policy","display_name":"Password policy","score":0.6787837147712708},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6740186214447021},{"id":"https://openalex.org/keywords/one-time-password","display_name":"One-time password","score":0.5707166790962219},{"id":"https://openalex.org/keywords/password-cracking","display_name":"Password cracking","score":0.5645983815193176},{"id":"https://openalex.org/keywords/s/key","display_name":"S/KEY","score":0.5381103157997131},{"id":"https://openalex.org/keywords/zero-knowledge-password-proof","display_name":"Zero-knowledge password proof","score":0.4136323630809784}],"concepts":[{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.9475032687187195},{"id":"https://openalex.org/C23875713","wikidata":"https://www.wikidata.org/wiki/Q5141232","display_name":"Cognitive password","level":5,"score":0.8476308584213257},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8001962900161743},{"id":"https://openalex.org/C70530487","wikidata":"https://www.wikidata.org/wiki/Q1990841","display_name":"Password strength","level":4,"score":0.7790274620056152},{"id":"https://openalex.org/C98705547","wikidata":"https://www.wikidata.org/wiki/Q3394687","display_name":"Password policy","level":4,"score":0.6787837147712708},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6740186214447021},{"id":"https://openalex.org/C89479133","wikidata":"https://www.wikidata.org/wiki/Q1137840","display_name":"One-time password","level":3,"score":0.5707166790962219},{"id":"https://openalex.org/C3847113","wikidata":"https://www.wikidata.org/wiki/Q2746524","display_name":"Password cracking","level":5,"score":0.5645983815193176},{"id":"https://openalex.org/C4957475","wikidata":"https://www.wikidata.org/wiki/Q242186","display_name":"S/KEY","level":3,"score":0.5381103157997131},{"id":"https://openalex.org/C188615804","wikidata":"https://www.wikidata.org/wiki/Q8069448","display_name":"Zero-knowledge password proof","level":5,"score":0.4136323630809784}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/3320269.3384762","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3320269.3384762","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 15th ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2007.03809","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2007.03809","pdf_url":"https://arxiv.org/pdf/2007.03809","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"pmh:oai:repositorio.inesctec.pt:123456789/12014","is_oa":true,"landing_page_url":"http://repositorio.inesctec.pt/handle/123456789/12014","pdf_url":null,"source":{"id":"https://openalex.org/S4306402433","display_name":"Portuguese National Funding Agency for Science, Research and Technology (RCAAP Project by FCT)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"other"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2007.03809","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2007.03809","pdf_url":"https://arxiv.org/pdf/2007.03809","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.7900000214576721}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":32,"referenced_works":["https://openalex.org/W161871139","https://openalex.org/W1463944966","https://openalex.org/W1521415124","https://openalex.org/W1534968492","https://openalex.org/W1971881814","https://openalex.org/W1992851378","https://openalex.org/W2005813008","https://openalex.org/W2033398965","https://openalex.org/W2048755632","https://openalex.org/W2054626033","https://openalex.org/W2067400512","https://openalex.org/W2097267243","https://openalex.org/W2113266120","https://openalex.org/W2119545418","https://openalex.org/W2135359429","https://openalex.org/W2346878720","https://openalex.org/W2488850733","https://openalex.org/W2559948297","https://openalex.org/W2733765803","https://openalex.org/W2734150319","https://openalex.org/W2739510617","https://openalex.org/W2739969402","https://openalex.org/W2743597791","https://openalex.org/W2748868501","https://openalex.org/W2794597466","https://openalex.org/W2891820333","https://openalex.org/W3011871850","https://openalex.org/W3035133096","https://openalex.org/W3099219292","https://openalex.org/W4214929451","https://openalex.org/W4285719527","https://openalex.org/W4298423176"],"related_works":["https://openalex.org/W2969720675","https://openalex.org/W1982158666","https://openalex.org/W3131491961","https://openalex.org/W2017283799","https://openalex.org/W2953105088","https://openalex.org/W1995890708","https://openalex.org/W1970072309","https://openalex.org/W4302810031","https://openalex.org/W2596766976","https://openalex.org/W2054626033"],"abstract_inverted_index":{"The":[0],"choice":[1,36,160],"of":[2,26,76,116,161],"password":[3,51,69,78,87,99,108,138,151,162,171,194,200,241],"composition":[4,52,88,109,163,201,242],"policy":[5,110,164,243],"to":[6,21,29,49,85,95,104,128,133,137,149,169,186,196,205,221],"enforce":[7],"on":[8,55,68,212],"a":[9,13,44,63,123,130,184,236],"password-protected":[10],"system":[11,47,188],"represents":[12],"critical":[14],"security":[15,195],"decision,":[16],"and":[17,198,207],"has":[18],"been":[19,82],"shown":[20],"significantly":[22],"affect":[23],"the":[24,107,114,120,150,227],"vulnerability":[25],"user-chosen":[27,117],"passwords":[28,118,214],"guessing":[30,139],"attacks.":[31,140],"In":[32,58],"practice,":[33],"however,":[34],"this":[35,59,181],"is":[37],"not":[38],"usually":[39],"rigorous":[40],"or":[41],"justifiable,":[42],"with":[43,119,190,233],"tendency":[45],"for":[46],"administrators":[48,189],"choose":[50],"policies":[53,202],"based":[54],"intuition":[56],"alone.":[57],"work,":[60],"we":[61,126,142,154,156,174,218,229],"propose":[62],"novel":[64],"methodology":[65],"that":[66,111,144,179,226],"draws":[67],"probability":[70,152],"distributions":[71,153],"constructed":[72],"from":[73,235],"large":[74],"sets":[75],"real-world":[77],"data":[79],"which":[80,125],"have":[81],"filtered":[83],"according":[84],"various":[86],"policies.":[89],"Password":[90],"probabilities":[91],"are":[92],"then":[93],"redistributed":[94],"simulate":[96],"different":[97],"user":[98,170,209],"reselection":[100],"behaviours":[101],"in":[102,193],"order":[103],"automatically":[105],"determine":[106],"will":[112],"induce":[113],"distribution":[115],"greatest":[121],"uniformity,":[122],"metric":[124],"show":[127,143],"be":[129],"useful":[131],"proxy":[132],"measure":[134],"overall":[135],"resistance":[136],"Further,":[141],"by":[145,224],"fitting":[146],"power-law":[147],"equations":[148],"generate,":[155],"can":[157],"justify":[158],"our":[159,222],"without":[165,203],"any":[166],"direct":[167],"access":[168],"data.":[172],"Finally,":[173],"present":[175],"Skeptic---a":[176],"software":[177],"toolkit":[178],"implements":[180],"methodology,":[182],"including":[183],"DSL":[185],"enable":[187],"no":[191],"background":[192],"compare":[197],"rank":[199],"resorting":[204],"expensive":[206],"time-consuming":[208],"studies.":[210],"Drawing":[211],"205,176,321":[213],"across":[215],"3":[216],"datasets,":[217],"lend":[219],"validity":[220],"approach":[223],"demonstrating":[225],"results":[228],"obtain":[230],"align":[231],"closely":[232],"findings":[234],"previous":[237],"empirical":[238],"study":[239],"into":[240],"effectiveness.":[244]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":1}],"updated_date":"2026-03-10T16:38:18.471706","created_date":"2020-07-16T00:00:00"}