S.M. Taiabul Haque, Matthew Wright, Shannon Scielzo, Hierarchy of users׳ web passwords: Perceptions, practices and susceptibilities, In International Journal of Human-Computer Studies, Volume 72, Issue 12, 2014, Pages 860-874, ISSN 1071-5819, https://doi.org/10.1016/j.ijhcs.2014.07.007.

S.M. Taiabul Haque, Matthew Wright, and Shannon Scielzo (2014) propose a hierarchical model for categorizing users’ web passwords. By utilizing the known lower-level passwords, Haque et al. were able to successfully crack nearly one-third of the higher-level passwords via dictionary attacks.

P. G. Kelley et al., “Guess Again (and Again and Again): Measuring Password Strength by Simulating Password-Cracking Algorithms,” 2012 IEEE Symposium on Security and Privacy, San Francisco, CA, 2012, pp. 523-537, https://doi.org/10.1109/SP.2012.38.

P.G. Kelley et al. (2014) introduce the process they developed for calculating the efficacy of certain password-guessing algorithms. Connections between guessability and entropy estimates are also investigated.

v1.0