Despite three decades of intensive research efforts, it remains an open question as to what
is the underlying distribution of user-generated passwords. In this paper, we make a …

Security issues in text-based password authentication are rarely caused by technical issues,
but rather by the limitations of human memory, and human perceptions together with their …

To help users create stronger text-based passwords, many web sites have deployed
password meters that provide visual feedback on password strength. Although these meters …

Text passwords---a frequent vector for account compromise, yet still ubiquitous---have been
studied for decades by researchers attempting to determine how to coerce users to create …

Nudges are simple and effective interventions that alter the architecture in which people
make choices in order to help them make decisions that could benefit themselves or society …

There has been roughly 15 years of research into approaches for aligning research in
Human Computer Interaction with computer Security, more colloquially known as``usable …

Password-composition policies are the result of service providers becoming increasingly
concerned about the security of online accounts. These policies restrict the space of user …

Millions of users are exposed to password-strength meters/checkers at highly popular web
services that use user-chosen passwords for authentication. Recent studies have found …

To encourage strong passwords, system administrators employ password-composition
policies, such as a traditional policy requiring that passwords have at least 8 characters from …

The ecological validity of password studies is a complex topic and difficult to quantify. Most
researchers who conduct password user studies try to address the issue in their study …