References
- [1] Bishop M., Klein D. V., Improving system security via proactive password checking, ‘Computers & Security’, 1995, 14(3), pp. 233–249.
- [2] Bonneau J., Herley C., Oorschot P. C. van, Stajano F., Passwords and the evolution of imperfect authentication, ‘Communications of the ACM’, 2015, 58(7), pp. 78–87.
- [3] Bonneau J., The science of guessing: analyzing an anonymized corpus of 70 million passwords, Security and Privacy (SP), IEEE, Symposium, 2012, pp. 538–552.
- [4] Carné de Carnavalet de X., Mohammad M., From Very Weak to Very Strong: Analyzing Password-Strength Meters 2014, Conference ‘Network and Distributed System Security Symposium’, DOI: 10.14722/ndss.2014.23268 10.14722/ndss.2014.23268.10.14722/ndss.2014.2326810.14722/ndss.2014.23268
- [5] Das A., Bonneau J., Caesar M., Borisov N., Wang X., The tangled web of password reuse, Symposium on Network and Distributed System Security, 2014, Vol. 14, pp. 23–26.
- [6] Dell’Amico M., Michiardi P., Roudier Y., Password strength: An empirical analysis, Proceedings IEEE, INFOCOM, 2010, pp. 1–9.
- [7] Deterding S., Dixon D., Khaled R., Nacke L., From game design elements to gamefulness: defining gamification, Proceedings of the 15th International Academic MindTrek Conference ‘Envisioning future media environments’, 2011, pp. 9–15.
- [8] Deterding S., Sicart M., Nacke L., O’Hara K., Dixon D., Gamification. using game-design elements in non-gaming contexts, CHI’11 — Extended abstracts on human factors in computing systems, 2011, pp. 2425–2428.
- [9] Egelman S., Sotirakopoulos A., Muslukhov I., Beznosov K., Herley C., Does my password go up to eleven? The impact of password meters on password selection, Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, 2013, pp. 2379–2388.
- [10] Furnell S., An assessment of website password practices, ‘Computers & Security’, 2007, Vol. 26(7–8), pp. 445–451.
- [11] Hamari J., Koivisto J., Sarsa H., Does gamification work? A literature review of empirical studies on gamification, IEEE, System Sciences (HICSS), 47th Hawaii International Conference, 2014, pp. 3025–3034.
- [12] Huang X., Xiang Y., Bertino E., Zhou J., Xu L., Robust multifactor authentication for fragile communications, IEEE, ‘Transactions on Dependable and Secure Computing’, 2014, Vol. 11, No. 6, pp. 568–581, DOI: 10.1109/TDSC.2013.2297110.10.1109/TDSC.2013.2297110
- [13] Johnston A. C., Warkentin M., Fear appeals and information security behaviors: an empirical study, ‘MIS Quarterly’, 2010, pp. 549–566.10.2307/25750691
- [14] Kelley P. G., Komanduri S., Mazurek M. L., Shay R., Vidas T., Bauer L., Lopez J., Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms, Security and Privacy (SP), IEEE, Symposium, 2012, pp. 523–537.
- [15] Melicher W., Ur B., Segreti S. M., Komanduri S., Bauer L., Christin N., Cranor L. F., Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks, USENIX Security Symposium, 2016, pp. 175–191.
- [16] Naiakshina A., Danilova A., Tiefenau C., Herzog M., Dechand S., Smith M., Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study, ACM, Proceedings of the SIGSAC Conference on Computer and Communications Security, 2017, pp. 311–328.
- [17] Rodwald P., Biernacik B., Password protection in IT systems, ‘Bulletin of the Military University of Technology’, 2018, Vol. 67, pp. 73–92, DOI: 10.5604/01.3001.0011.8036.10.5604/01.3001.0011.8036
- [18] Seitz T., Hussmann H., PASDJO: quantifying password strength perceptions with an online game, ACM, Proceedings of the 29th Australian Conference on Computer-Human Interaction, 2017, pp. 117–125.
- [19] Shannon C. E., A mathematical theory of communication, ‘Bell System Technical Journal’, 1948, Vol. 27, pp. 379–423, 623–656.10.1002/j.1538-7305.1948.tb01338.x
- [20] Shannon C. E., Prediction and Entropy of Printed English, ‘Bell System Technical Journal’, 1951, Vol. 30, No. 1, pp. 50–64.
- [21] Sotirakopoulos A., Influencing User Password Choice Through Peer Pressure, master thesis, The University of British Columbia, Vancouver 2011.
- [22] Stobert E., Biddle R., The password life cycle: user behavior in managing passwords, Proceedings SOUPS, 2014.
- [23] Ur B., Alfieri F., Aung M., Bauer L., Christin N., Colnago J., Johnson N., Design and evaluation of a data-driven password meter, Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, 2017, pp. 3775–3786.
- [24] Ur B., Kelley P. G., Komanduri S., Lee J., Maass M., Mazurek M. L., Christin N., How does your password measure up? The effect of strength meters on password creation, USENIX Security Symposium, 2012, pp. 65–80.
- [25] Vance A., Eargle D., Ouimet K., Straub D., Enhancing password security through interactive fear appeals: A web-based field experiment, IEEE, System Sciences (HICSS), 46th Hawaii International Conference, 2013, pp. 2988–2997.
- [26] Weir M., Aggarwal S., Collins M., Stern H., Testing metrics for password creation policies by attacking large sets of revealed passwords, Proceedings of the 17th ACM conference on Computer and communications security, 2010, pp. 162–175.
- [27] Zezschwitz E. von, Luca A. de, Hussmann H., Survival of the shortest: A retrospective analysis of influencing factors on password composition, ‘Proceedings of the IFIP Conference on Human-Computer Interaction’, 2013, Publ. Springer, Berlin, Heidelberg, 2013, pp. 460–467.
- [28] Zhang-Kennedy L., Chiasson S., Biddle R., Password advice shouldn’t be boring: Visualizing password guessing attacks, IEEE, ‘eCrime Researchers Summit’, 2013, pp. 1–11.
- [29] Zhao Z., Ahn G.-J., Hu H., Picture gesture authentication: Empirical analysis, automated attacks, and scheme evaluation, ACM, ‘Transactions on Information and System Security (TISSEC)’, 2015, Vol. 17, No. 4, pp. 1–37.
- [30] Zhu B., Yan J., Bao G., Mao M., Xu N., Captcha as graphical passwords–a new security primitive based on hard AI problems, IEEE, ‘Transactions on Information Forensics and Security’, 2014, Vol. 9, No. 6, pp. 891–904, DOI: 10.1109/TIFS.2014.2312547.10.1109/TIFS.2014.2312547
- [31] Castelluccia C., Dürmuth M., Perito D., Adaptive Password-Strength Meters from Markov Models, Symposium on Network and Distributed System Security, 2012, [online], https://www.ei.ruhr-uni-bochum.de/media/ei/veroeffentlichungen/2016/01/15/2012-ndss-pwd-strength.pdf [access 02.11.2018].
- [32] Habib H., Colnago J., Melicher W., Ur B., Segreti S., Bauer L., Cranor L., Password creation in the presence of blacklists, Proceedings USEC, 2017, [online], https://www.archive.ece.cmu.edu/~lbauer/papers/2017/usec2017-blacklists.pdf [access 02.11.2018].
- [33] Reilly M., Google Has a Plan to Kill Off Passwords, [online], https://www.technologyreview.com/s/601575/google-has-a-plan-to-kill-off-passwords [access 02.11.2018].
- [34] Thomas K., Li F., Zand A., Barrett J., Ranieri J., Invernizzi L., Markov Y., Comanescu O., Eranti, V., Moscicki A., Margolis D., Paxson V., Bursztein E., Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials, 2017, [online], https://research.google.com/pubs/pub46437.html [access 02.11.2018].
- [35] 2016 Data Security Incident, Uber Newsroom, [online], www.uber.com/newsroom/2016-data-incident/ [access 02.11.2018].
- [36] Adobe breach impacted at least 38 million users, Krebs on Security, [online], https://krebsonsecurity.com/2013/10/adobe-breach-impacted-at-least-38-million-users/ [access 02.11.2018].
- [37] Advanced password recovery, Hashcat, [online] www.hashcat.net/hashcat/ [access 02.11.2018].
- [38] AntMiner S9, BITMAIN, [online], https://shop.bitmain.com/antminer_s9_asic_bitcoin_miner.htm [access 02.11.2018].
- [39] Digital Identity Guidelines Authentication and Lifecycle Management, NIST Special Publication 800-63B [online], https://pages.nist.gov/800-63-3/sp800-63b.html, DOI: 10.6028/NIST.SP.800-63-3 [access 02.11.2018].10.6028/NIST.SP.800-63-3[access02.11.2018]
- [40] Dropbox hack leads to leaking of 68m user passwords on the internet, The Guardian, [online], https://www.theguardian.com/technology/2016/aug/31/dropbox-hack-passwords-68m-data-breach [access 02.11.2018].
- [41] Hacker tries to sell 427 million stolen myspace passwords for $2,800, Vice, [online], https://motherboard.vice.com/en_us/article/427-million-myspace-passwords-emails-data-breach [access 02.11.2018].
- [42] Have I been pwned, API, [online], https://haveibeenpwned.com/API/v2 [access 02.11.2018].
- [43] LinkedIn lost 167 million account credentials in data breach, Fortune, [online], http://fortune.com/2016/05/18/linkedin-data-breach-email-password/ [access 02.11.2018].
- [44] Mobile Push Authentication, RSA, [online], https://www.rsa.com/en-us/products/rsa-securid-suite/rsa-securid-access/mobile-push-authentication [access 02.11.2018].
- [45] Password cracker, John the Ripper, [online], www.openwall.com/john/ [access 02.11.2018].
- [46] Special Publication 800-63-2 Electronic Authentication Guideline, NIST, [online], https://csrc.nist.gov/publications/detail/sp/800-63/2/archive/2013-08-29, DOI: 10.6028/NIST.SP.800-63-2 [access 02.11.2018].10.6028/NIST.SP.800-63-2[access02.11.2018]
- [47] Visualizing Data Breaches, Center Mast, [online], https://centermast.com/2017/03/17/visualizing-data-breaches/ [access 02.11.2018].
- [48] Web Authentication: An API for accessing Public Key Credentials, WC3, [online], https://www.w3.org/TR/2018/CR-webauthn-20180320 [access 02.11.2018].
- [49] Yahoo hacked, 450,000 passwords posted online, CNN, [online], www.cnn.com/2012/07/12/tech/web/yahoo-users-hacked [access 02.11.2018].