Advancements in information technology often task users with complex and consequential
privacy and security decisions. A growing body of research has investigated individuals' …

Security metrics have received significant attention. However, they have not been
systematically explored based on the understanding of attack-defense interactions, which …

A large proportion of dryland trees and shrubs (hereafter referred to collectively as trees)
grow in isolation, without canopy closure. These non-forest trees have a crucial role in …

Security and privacy researchers often rely on data collected from Amazon Mechanical Turk
(MTurk) to evaluate security tools, to understand users' privacy preferences and to measure …

Despite three decades of intensive research efforts, it remains an open question as to what
is the underlying distribution of user-generated passwords. In this paper, we make a …

Today's Internet services rely heavily on text-based passwords for user authentication. The
pervasiveness of these services coupled with the difficulty of remembering large numbers of …

Human-chosen text passwords, today's dominant form of authentication, are vulnerable to
guessing attacks. Unfortunately, existing approaches for evaluating password strength by …

The state of advice given to people today on how to stay safe online has plenty of room for
improvement. Too many things are asked of them, which may be unrealistic, time …

Users often make passwords that are easy for attackers to guess. Prior studies have
documented features that lead to easily guessed passwords, but have not probed why users …

Passwords and the evolution of imperfect authentication Page 1 78 COMMUNICATIONS OF
THE ACM | JULY 2015 | VOL. 58 | NO. 7 contributed articles DOI:10.1145/2699390 Theory on …