1. Where do security policies come from?
2. Design and Evaluation of a Data-Driven Password Meter
3. A Second Look at Password Composition Policies in the Wild: Comparing Samples from 2010 and 2016;mayer;Symposium On Usable Privacy and Security (SOUPS),2017
4. Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification;stock;USENIX Security Symposium,2016
5. The Password Thicket: Technical and Market Failures in Human Authentication on the Web;bonneau;Workshop on the Economics of Information Security (WEIS),2010