Sort by:

• Highly Influential Citations
• Citations
• Acceleration
• Velocity
• Recency

Learn More

Guess Again (and Again and Again): Measuring Password Strength by Simulating Password-Cracking Algorithms

• Patrick Gage Kelley, Saranga Komanduri, +6 authors Julio Lopez
• 2012 IEEE Symposium on Security and Privacy
• 2012

Text-based passwords remain the dominant authentication method in computer systems, despite significant advancement in attackers' capabilities to perform password cracking. In response to this… (More)

"I regretted the minute I pressed share": a qualitative study of regrets on Facebook

• Yang Wang, Gregory Norcie, Saranga Komanduri, Alessandro Acquisti, Pedro Giovanni Leon, Lorrie Faith Cranor
• SOUPS
• 2011

We investigate regrets associated with users' posts on a popular social networking site. Our findings are based on a series of interviews, user diaries, and online surveys involving 569 American… (More)

Of passwords and people: measuring the effect of password-composition policies

• Saranga Komanduri, Richard Shay, +5 authors Serge Egelman
• CHI
• 2011

Text-based passwords are the most common mechanism for authenticating humans to computer systems. To prevent users from picking passwords that are too easy for an adversary to guess, system… (More)

Encountering stronger password requirements: user attitudes and behaviors

• Richard Shay, Saranga Komanduri, +5 authors Lorrie Faith Cranor
• SOUPS
• 2010

Text-based passwords are still the most commonly used authentication mechanism in information systems. We took advantage of a unique opportunity presented by a significant change in the Carnegie… (More)

Measuring password guessability for an entire university

• Michelle L. Mazurek, Saranga Komanduri, +6 authors Blase Ur
• ACM Conference on Computer and Communications…
• 2013

Despite considerable research on passwords, empirical studies of password strength have been limited by lack of access to plaintext passwords, small data sets, and password sets specifically… (More)

Correct horse battery staple: exploring the usability of system-assigned passphrases

• Richard Shay, Patrick Gage Kelley, +6 authors Lorrie Faith Cranor
• SOUPS
• 2012

Users tend to create passwords that are easy to guess, while system-assigned passwords tend to be hard to remember. Passphrases, space-delimited sets of natural language words, have been suggested as… (More)

Measuring Real-World Accuracies and Biases in Modeling Password Guessability

• Blase Ur, Sean M. Segreti, +7 authors Richard Shay
• USENIX Security Symposium
• 2015

Parameterized password guessability—how many guesses a particular cracking algorithm with particular training data would take to guess a password—has become a common metric of password security.… (More)

How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation

• Blase Ur, Patrick Gage Kelley, +9 authors Lorrie Faith Cranor
• USENIX Security Symposium
• 2012

To help users create stronger text-based passwords, many web sites have deployed password meters that provide visual feedback on password strength. Although these meters are in wide use, their… (More)

Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks

• William Melicher, Blase Ur, +4 authors Lorrie Faith Cranor
• USENIX Security Symposium
• 2016

Human-chosen text passwords, today’s dominant form of authentication, are vulnerable to guessing attacks. Unfortunately, existing approaches for evaluating password strength by modeling adversarial… (More)

Can long passwords be secure and usable?

• Richard Shay, Saranga Komanduri, +7 authors Lorrie Faith Cranor
• CHI
• 2014

To encourage strong passwords, system administrators employ password-composition policies, such as a traditional policy requiring that passwords have at least 8 characters from 4 character classes… (More)

• ‹
• 1
• 2
• 3
• 4
• ›