Despite countless attempts and near-universal desire to replace them, passwords are more
widely used and firmly entrenched than ever. The authors' exploration leads them to argue …

We evaluate two decades of proposals to replace text passwords for general-purpose user
authentication on the web using a broad set of twenty-five usability, deployability and …

Two-factor authentication (2FA) defends against account compromise. An account secured
with 2FA typically requires an individual to authenticate using something they know …

Today's Internet services rely heavily on text-based passwords for user authentication. The
pervasiveness of these services coupled with the difficulty of remembering large numbers of …

We report on the largest corpus of user-chosen passwords ever studied, consisting of
anonymized password histograms representing almost 70 million Yahoo! users, mitigating …

Passwords and the evolution of imperfect authentication Page 1 78 COMMUNICATIONS OF
THE ACM | JULY 2015 | VOL. 58 | NO. 7 contributed articles DOI:10.1145/2699390 Theory on …

We propose a simple method for improving the security of hashed passwords: the
maintenance of additional``honeywords''(false passwords) associated with each user's …

Text-based passwords are the most common mechanism for authenticating humans to
computer systems. To prevent users from picking passwords that are too easy for an …

zxcvbn: Low-Budget Password Strength Estimation Page 1 This paper is included in the
Proceedings of the 25th USENIX Security Symposium August 10–12, 2016 • Austin, TX …

In this paper we attempt to determine the effectiveness of using entropy, as defined in NIST
SP800-63, as a measurement of the security provided by various password creation …