{"id":"https://openalex.org/W4388858722","doi":"https://doi.org/10.1145/3576915.3623072","title":"\"Make Them Change it Every Week!\": A Qualitative Exploration of Online Developer Advice on Usable and Secure Authentication","display_name":"\"Make Them Change it Every Week!\": A Qualitative Exploration of Online Developer Advice on Usable and Secure Authentication","publication_year":2023,"publication_date":"2023-11-15","ids":{"openalex":"https://openalex.org/W4388858722","doi":"https://doi.org/10.1145/3576915.3623072"},"language":"en","primary_location":{"id":"doi:10.1145/3576915.3623072","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3576915.3623072","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3576915.3623072","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3576915.3623072","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5037107748","display_name":"Jan H. Klemmer","orcid":"https://orcid.org/0000-0002-6994-7206"},"institutions":[{"id":"https://openalex.org/I114112103","display_name":"Leibniz University Hannover","ror":"https://ror.org/0304hq317","country_code":"DE","type":"education","lineage":["https://openalex.org/I114112103"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Jan H. Klemmer","raw_affiliation_strings":["Leibniz University Hannover, Hannover, Germany"],"raw_orcid":"https://orcid.org/0000-0002-6994-7206","affiliations":[{"raw_affiliation_string":"Leibniz University Hannover, Hannover, Germany","institution_ids":["https://openalex.org/I114112103"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5070432440","display_name":"Marco Gutfleisch","orcid":"https://orcid.org/0000-0003-1400-5825"},"institutions":[{"id":"https://openalex.org/I904495901","display_name":"Ruhr University Bochum","ror":"https://ror.org/04tsk2644","country_code":"DE","type":"education","lineage":["https://openalex.org/I904495901"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Marco Gutfleisch","raw_affiliation_strings":["Ruhr University Bochum, Bochum, Germany"],"raw_orcid":"https://orcid.org/0000-0003-1400-5825","affiliations":[{"raw_affiliation_string":"Ruhr University Bochum, Bochum, Germany","institution_ids":["https://openalex.org/I904495901"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045617887","display_name":"Christian Stransky","orcid":"https://orcid.org/0000-0002-7942-5372"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Christian Stransky","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security, Hannover, Germany"],"raw_orcid":"https://orcid.org/0000-0002-7942-5372","affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security, Hannover, Germany","institution_ids":["https://openalex.org/I4210128801"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5074668699","display_name":"Yasemin Acar","orcid":"https://orcid.org/0000-0001-7167-7383"},"institutions":[{"id":"https://openalex.org/I206945453","display_name":"Paderborn University","ror":"https://ror.org/058kzsd48","country_code":"DE","type":"education","lineage":["https://openalex.org/I206945453"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Yasemin Acar","raw_affiliation_strings":["Paderborn University, Paderborn, Germany"],"raw_orcid":"https://orcid.org/0000-0001-7167-7383","affiliations":[{"raw_affiliation_string":"Paderborn University, Paderborn, Germany","institution_ids":["https://openalex.org/I206945453"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5108226584","display_name":"M. Angela Sasse","orcid":"https://orcid.org/0000-0003-1823-5505"},"institutions":[{"id":"https://openalex.org/I904495901","display_name":"Ruhr University Bochum","ror":"https://ror.org/04tsk2644","country_code":"DE","type":"education","lineage":["https://openalex.org/I904495901"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"M. Angela Sasse","raw_affiliation_strings":["Ruhr University Bochum, Bochum, Germany"],"raw_orcid":"https://orcid.org/0000-0003-1823-5505","affiliations":[{"raw_affiliation_string":"Ruhr University Bochum, Bochum, Germany","institution_ids":["https://openalex.org/I904495901"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5087356408","display_name":"Sascha Fahl","orcid":"https://orcid.org/0000-0002-5644-3316"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Sascha Fahl","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security, Hannover, Germany"],"raw_orcid":"https://orcid.org/0000-0002-5644-3316","affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security, Hannover, Germany","institution_ids":["https://openalex.org/I4210128801"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":3.8822,"has_fulltext":true,"cited_by_count":9,"citation_normalized_percentile":{"value":0.9438474,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"2740","last_page":"2754"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.992900013923645,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9919000267982483,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/usable","display_name":"USable","score":0.7977868914604187},{"id":"https://openalex.org/keywords/usability","display_name":"Usability","score":0.732491135597229},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.7307087182998657},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6934850811958313},{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.6895667910575867},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5988765954971313},{"id":"https://openalex.org/keywords/multi-factor-authentication","display_name":"Multi-factor authentication","score":0.5082442164421082},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.49665218591690063},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.46698328852653503},{"id":"https://openalex.org/keywords/advice","display_name":"Advice (programming)","score":0.4388241767883301},{"id":"https://openalex.org/keywords/chip-authentication-program","display_name":"Chip Authentication Program","score":0.43070754408836365},{"id":"https://openalex.org/keywords/authentication-protocol","display_name":"Authentication protocol","score":0.2637940049171448},{"id":"https://openalex.org/keywords/human\u2013computer-interaction","display_name":"Human\u2013computer interaction","score":0.10477900505065918}],"concepts":[{"id":"https://openalex.org/C2780615836","wikidata":"https://www.wikidata.org/wiki/Q2471869","display_name":"USable","level":2,"score":0.7977868914604187},{"id":"https://openalex.org/C170130773","wikidata":"https://www.wikidata.org/wiki/Q216378","display_name":"Usability","level":2,"score":0.732491135597229},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.7307087182998657},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6934850811958313},{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.6895667910575867},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5988765954971313},{"id":"https://openalex.org/C194699767","wikidata":"https://www.wikidata.org/wiki/Q7878662","display_name":"Multi-factor authentication","level":4,"score":0.5082442164421082},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.49665218591690063},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.46698328852653503},{"id":"https://openalex.org/C2779955035","wikidata":"https://www.wikidata.org/wiki/Q4686785","display_name":"Advice (programming)","level":2,"score":0.4388241767883301},{"id":"https://openalex.org/C142124187","wikidata":"https://www.wikidata.org/wiki/Q5101471","display_name":"Chip Authentication Program","level":5,"score":0.43070754408836365},{"id":"https://openalex.org/C21564112","wikidata":"https://www.wikidata.org/wiki/Q4825885","display_name":"Authentication protocol","level":3,"score":0.2637940049171448},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.10477900505065918},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3576915.3623072","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3576915.3623072","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3576915.3623072","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3576915.3623072","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3576915.3623072","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3576915.3623072","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.47999998927116394}],"awards":[{"id":"https://openalex.org/G18682879","display_name":null,"funder_award_id":"390781972","funder_id":"https://openalex.org/F4320320879","funder_display_name":"Deutsche Forschungsgemeinschaft"}],"funders":[{"id":"https://openalex.org/F4320320879","display_name":"Deutsche Forschungsgemeinschaft","ror":"https://ror.org/018mejw64"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4388858722.pdf","grobid_xml":"https://content.openalex.org/works/W4388858722.grobid-xml"},"referenced_works_count":58,"referenced_works":["https://openalex.org/W159321140","https://openalex.org/W1975675278","https://openalex.org/W1987283229","https://openalex.org/W2006809639","https://openalex.org/W2030112111","https://openalex.org/W2037202491","https://openalex.org/W2045591401","https://openalex.org/W2048437343","https://openalex.org/W2050296478","https://openalex.org/W2082271575","https://openalex.org/W2113266120","https://openalex.org/W2127171880","https://openalex.org/W2146270836","https://openalex.org/W2218132318","https://openalex.org/W2248749189","https://openalex.org/W2253893204","https://openalex.org/W2292723020","https://openalex.org/W2346878720","https://openalex.org/W2511044583","https://openalex.org/W2511548333","https://openalex.org/W2541261609","https://openalex.org/W2605067380","https://openalex.org/W2624735790","https://openalex.org/W2765667105","https://openalex.org/W2766217896","https://openalex.org/W2792247140","https://openalex.org/W2794591479","https://openalex.org/W2795673503","https://openalex.org/W2810942929","https://openalex.org/W2891114826","https://openalex.org/W2891820333","https://openalex.org/W2907964905","https://openalex.org/W2942275776","https://openalex.org/W2964144088","https://openalex.org/W2966008409","https://openalex.org/W2969748787","https://openalex.org/W2970454902","https://openalex.org/W3015349823","https://openalex.org/W3017863658","https://openalex.org/W3032010444","https://openalex.org/W3040234847","https://openalex.org/W3154021468","https://openalex.org/W3162570939","https://openalex.org/W3181051455","https://openalex.org/W3208153782","https://openalex.org/W3213232997","https://openalex.org/W4225001029","https://openalex.org/W4226334994","https://openalex.org/W4281774261","https://openalex.org/W4288057710","https://openalex.org/W4288057734","https://openalex.org/W4296132168","https://openalex.org/W4297659119","https://openalex.org/W4299818415","https://openalex.org/W4308361269","https://openalex.org/W4308410894","https://openalex.org/W4324007111","https://openalex.org/W4384948614"],"related_works":["https://openalex.org/W2146270836","https://openalex.org/W2943527182","https://openalex.org/W1483112216","https://openalex.org/W4200155052","https://openalex.org/W2907262898","https://openalex.org/W4385414233","https://openalex.org/W2610546334","https://openalex.org/W2808664776","https://openalex.org/W4324137348","https://openalex.org/W2393298610"],"abstract_inverted_index":{"Usable":[0],"and":[1,7,27,41,52],"secure":[2],"authentication":[3,13,36,79],"on":[4,90],"the":[5,47],"web":[6],"beyond":[8],"is":[9,14,54,83],"mission-critical.":[10],"While":[11],"password-based":[12],"still":[15],"widespread,":[16],"users":[17],"have":[18,37],"trouble":[19],"dealing":[20],"with":[21],"potentially":[22],"hundreds":[23],"of":[24,78],"online":[25,64],"accounts":[26],"their":[28,38],"passwords.":[29],"Alternatives":[30],"or":[31,95,101],"extensions":[32],"such":[33],"as":[34],"multi-factor":[35],"own":[39],"challenges":[40],"find":[42],"only":[43],"limited":[44],"adoption.":[45],"Finding":[46],"right":[48],"balance":[49],"between":[50],"security":[51,68],"usability":[53],"challenging":[55],"for":[56,81],"developers.":[57],"Previous":[58],"work":[59],"found":[60],"that":[61],"developers":[62,82],"use":[63],"resources":[65],"to":[66,74],"inform":[67],"decisions":[69],"when":[70],"writing":[71],"code.":[72],"Similar":[73],"other":[75],"areas,":[76],"lots":[77],"advice":[80],"available":[84],"online,":[85],"including":[86],"blog":[87],"posts,":[88],"discussions":[89],"Stack":[91],"Overflow,":[92],"research":[93],"papers,":[94],"guidelines":[96],"by":[97],"institutions":[98],"like":[99],"OWASP":[100],"NIST.":[102]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":5},{"year":2023,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}