max.bib

% This file is in alphabetical order of lastname-year-keyword, e.g., ur-17-data-driven-psm
% This way it is easy to avoid and detect duplicate entries.
%
% To add a new entry, copy an existing one to the correct position in the file, and edit/update ALL fields.
%
% Common issues
% USENIX Association -> USENIX
% ACM SIGSAC Conference -> ACM Conference
% The Who Are You -> Who Are You?!
% missing month
% SOUPS '18 -> SOUPS~'18
% van Oorschot, Paul C. -> Van Oorschot, Paul C.
% Cranor, Lorrie -> Cranor, Lorrie Faith

% Approved all correct
@inproceedings{abbott-20-mandatory-2fa,
    author = {Abbott, Jacob and Patil, Sameer},
    title = {{How Mandatory Second Factor Affects the Authentication User Experience}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2020},
    series = {CHI~'20},
    pages = {1--13},
    address = {Honolulu, Hawaii, USA},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{abdou-15-ssh,
    author = {Abdou, AbdelRahman and Barrera, David and Van Oorschot, Paul C.},
    title = {{What Lies Beneath? Analyzing Automated SSH Bruteforce Attacks}},
    booktitle = {International Conference on Passwords},
    year = {2015},
    series = {PASSWORDS~'15},
    pages = {72--91},
    address = {Cambridge, United Kingdom},
    month = dec,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{abu-salma-17-communication,
    author = {Abu-Salma, Ruba and Sasse, M. Angela and Bonneau, Joseph and Danilova, Anastasia and Naiakshina, Alena and Smith, Matthew},
    title = {{Obstacles to the Adoption of Secure Communication Tools}},
    booktitle = {IEEE Symposium on Security and Privacy},
    year = {2017},
    series = {SP~'17},
    pages = {137--153},
    address = {San Jose, California, USA},
    month = may,
    publisher = {IEEE}
}

% Approved all correct
@techreport{ackerman-17-2fa-adoption,
    author = {Ackerman, Preston},
    title = {{Impediments to Adoption of Two-factor Authentication by Home End-Users}},
    institution = {SANS Institute},
    year = {2017},
    type = {Technical Report},
    number = {37607},
    month = feb
}

% Approved all correct
@article{acquisti-17-nudges,
    author = {Acquisti, Alessandro and Adjerid, Idris and Balebako, Rebecca and Brandimarte, Laura and Cranor, Lorrie Faith and Komanduri, Saranga and Leon, Pedro Giovanni and Sadeh, Norman and Schaub, Florian and Sleeper, Manya and Wang, Yang and Wilson, Shomir},
    title = {{Nudges for Privacy and Security: Understanding and Assisting Users' Choices Online}},
    journal = {ACM Computing Surveys},
    year = {2017},
    volume = {50},
    number = {3},
    pages = {44:1--44:41},
    month = aug,
    publisher = {ACM}
}

% Approved all correct
@article{adams-99-users-not-enemy,
    author = {Adams, Anne and Sasse, Martina Angela},
    title = {{Users Are Not the Enemy}},
    journal = {Communications of the ACM},
    year = {1999},
    volume = {42},
    number = {12},
    pages = {40--46},
    month = dec,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{agarwal-13-embarrass,
    author = {Agarwal, Lalit and Shrivastava, Nisheeth and Jaiswal, Sharad and Panjwani, Saurabh},
    title = {{Do Not Embarrass: Re-Examining User Concerns for Online Tracking and Advertising}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2013},
    series = {SOUPS~'13},
    pages = {8:1--8:13},
    address = {Newcastle, United Kingdom},
    month = jul,
    publisher = {ACM}
}

% Approved all correct
@misc{akamai-20-credential-stuffing,
    author = {{Akamai Technologies, Inc.}},
    title = {{The State of the Internet: Loyalty for Sale -- Credential Abuse}},
    note = {\url{https://www.akamai.com/our-thinking/the-state-of-the-internet}, as of \today},
    month = oct,
    year = {2020}
}

% Approved all correct
@inproceedings{akhawe-13-alice,
    author = {Akhawe, Devdatta and Felt, Adrienne Porter},
    title = {{Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness}},
    booktitle = {USENIX Security Symposium},
    year = {2013},
    series = {SSYM~'13},
    pages = {257--272},
    address = {Washington, District of Columbia, USA},
    month = jul,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{al-abdulwahid-15-spu-perception,
    author = {Al Abdulwahid, Abdulwahid and Clarke, Nathan and Stengel, Ingo and Furnell, Steven and Reich, Christoph},
    title = {{Security, Privacy and Usability -- A Survey of Users' Perceptions and Attitudes}},
    booktitle = {Trust, Privacy and Security in Digital Business},
    year = {2015},
    series = {TrustBus~'15},
    pages = {153--168},
    address = {Valencia, Spain},
    month = sep,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{alaca-16-fingerprint-auth,
    author = {Alaca, Furkan and Van Oorschot, Paul C.},
    title = {{Device Fingerprinting for Augmenting Web Authentication: Classification and Analysis of Methods}},
    booktitle = {Annual Conference on Computer Security Applications},
    year = {2016},
    series = {ACSAC~'16},
    pages = {289--301},
    address = {Los Angeles, California, USA},
    month = dec,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{alam-19-webauthn-developer,
    author = {Alam, Aftab and Krombholz, Katharina and Bugiel, Sven},
    title = {{Poster: Let History Not Repeat Itself (This Time) -- Tackling WebAuthn Developer Issues Early On}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2019},
    series = {CCS~'19},
    pages = {2669--2671},
    address = {London, United Kingdom},
    month = nov,
    publisher = {ACM}
}

% Approved all correct
@article{albayram-17-2fa-videos,
    author = {Albayram, Yusuf and Khan, Mohammad Maifi Hasan and Fagan, Michael},
    title = {{A Study on Designing Video Tutorials for Promoting Security Features: A Case Study in the Context of Two-Factor Authentication (2FA)}},
    journal = {International Journal of Human–Computer Interaction},
    year = {2017},
    volume = {33},
    number = {11},
    pages = {927--942},
    month = mar,
    publisher = {Taylor \& Francis}
}

% Approved all correct
@inproceedings{ali-20-guardian,
    author = {Ali, Suzan and Elgharabawy, Mounir and Duchaussoy, Quentin and Mannan, Mohammad and Youssef, Amr},
    title = {{Betrayed by the Guardian: Security and Privacy Risks of Parental Control Solutions}},
    booktitle = {Annual Conference on Computer Security Applications},
    year = {2020},
    series = {ACSAC~'20},
    pages = {69--83},
    address = {Austin, Texas, USA},
    month = dec,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{aljaffan-17-psv,
    author = {Aljaffan, Nouf and Yuan, Haiyue and Li, Shujun},
    title = {{PSV (Password Security Visualizer): From Password Checking to User Education}},
    booktitle = {Conference on Human Aspects of Information Security, Privacy and Trust},
    year = {2017},
    series = {HAS~'17},
    pages = {191--211},
    address = {Vancouver, British Columbia, Canada},
    month = jul,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{alkaldi-16-adoption-phone-managers,
    author = {Alkaldi, Nora and Renaud, Karen},
    title = {{Why Do People Adopt, or Reject, Smartphone Password Managers?}},
    booktitle = {European Workshop on Usable Security},
    year = {2016},
    series = {EuroUSEC~'16},
    pages = {},
    address = {Darmstadt, Germany},
    month = jul,
    publisher = {ISOC}
} % EuroUSEC/NDSS does not have page numbers

% Approved all correct
@inproceedings{almuhimedi-14-malware-warning,
    author = {Almuhimedi, Hazim  and Felt, Adrienne Porter and Reeder, Robert W. and Consolvo, Sunny},
    title = {{Your Reputation Precedes You: History, Reputation, and the Chrome Malware Warning}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2014},
    series = {SOUPS~'14},
    pages = {113--128},
    address = {Menlo Park, California, USA},
    month = jul,
    publisher = {USENIX}
}

% Approved all correct
@article{alsaleh-12-online-guessing,
    author = {Alsaleh, Mansour and Mannan, Mohammad and Van Oorschot, Paul C.},
    title = {{Revisiting Defenses against Large-Scale Online Password Guessing Attacks}},
    journal = {IEEE Transactions on Dependable and Secure Computing},
    year = {2012},
    volume = {9},
    number = {1},
    pages = {128--141},
    month = jan,
    publisher = {IEEE}
}

% Approved all correct
@misc{amitay-11-iphone-pins,
    author = {Amitay, Daniel},
    title = {{Most Common iPhone Passcodes}},
    note = {\url{http://danielamitay.com/blog/2011/6/13/most-common-iphone-passcodes}, as of \today},
    month = jun,
    year = {2011}
}

% Approved all correct 
@inproceedings{ammari-15-children-identity,
    author = {Ammari, Tawfiq and Kumar, Priya and Lampe, Cliff and Schoenebeck, Sarita},
    title = {{Managing Children's Online Identities: How Parents Decide What to Disclose about Their Children Online}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2015},
    series = {CHI~'15},
    pages = {1895--1904},
    address = {Seoul, Republic of Korea},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@techreport{anderson-17-older-tech-climb,
    author = {Anderson, Monica and Perrin, Andrew},
    title = {{Tech Adoption Climbs Among Older Adults}},
    institution = {Pew Research Center},
    year = {2017},
    type = {Technical Report},
    number = {PRC-2017-05-17},
    month = may
}

% Approved all correct
@inproceedings{andow-19-policylint,
    author = {Andow, Benjamin and Mahmud, Samin Yaseer and Wang, Wenyu and Whitaker, Justin and Enck, William and Reaves, Bradley and Singh, Kapil and Xie, Tao},
    title = {{PolicyLint: Investigating Internal Privacy Policy Contradictions on Google Play}},
    booktitle = {USENIX Security Symposium},
    year = {2019},
    series = {SSYM~'19},
    pages = {585--602},
    address = {Santa Clara, California, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{andow-20-policheck,
    author = {Andow, Benjamin and Mahmud, Samin Yaseer and Whitaker, Justin and Enck, William and Reaves, Bradley and Singh, Kapil and Egelman, Serge},
    title = {{Actions Speak Louder than Words: Entity-Sensitive Privacy Policy and Data Flow Analysis with PoliCheck}},
    booktitle = {USENIX Security Symposium},
    year = {2020},
    series = {SSYM~'20},
    pages = {985--1002},
    address = {Virtual Conference},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{andriotis-13-pilot-study,
    author = {Andriotis, Panagiotis and Tryfonas, Theo and Oikonomou, George and Yildiz, Can},
    title = {{A Pilot Study on the Security of Pattern Screen-Lock Methods and Soft Side Channel Attacks}},
    booktitle = {ACM Conference on Security and Privacy in Wireless and Mobile Networks},
    year = {2013},
    series = {WiSec~'13},
    pages = {1--6},
    address = {Budapest, Hungary},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{andriotis-14-pattern-psm,
    author = {Andriotis, Panagiotis and Tryfonas, Theo and Oikonomou, George},
    title = {{Complexity Metrics and User Strength Perceptions of the Pattern-Lock Graphical Authentication Method}},
    booktitle = {Conference on Human Aspects of Information Security, Privacy and Trust},
    year = {2014},
    series = {HAS~'14},
    pages = {115--126},
    address = {Heraklion, Crete, Greece},
    month = jun,
    publisher = {Springer}
}

% Approved all correct
@misc{android-18-gatekeeper,
    author = {{Android Open Source Project}},
    title = {{Android 9 -- ``Pie'': GateKeeper -- ComputeRetryTimeout Function}},
    note = {\url{https://android.googlesource.com/platform/system/gatekeeper/+/pie-release/gatekeeper.cpp\#253}, as of \today},
    month = feb,
    year = {2018}
}

% Approved all correct
@misc{android-18-masterkey,
    author = {{Android Open Source Project}},
    title = {{Full-Disk Encryption -- Storing the Encrypted Key}},
    note = {\url{https://source.android.com/security/encryption/full-disk\#storing_the_encrypted_key}, as of \today},
    month = aug,
    year = {2018}
}

% Approved all correct
@inproceedings{anell-20-threats,
    author = {Anell, Simon and Gr\"{o}ber, Lea and Krombholz, Katharina},
    title = {{End User and Expert Perceptions of Threats and Potential Countermeasures}},
    booktitle = {IEEE European Symposium on Security and Privacy Workshops},
    year = {2020},
    series = {EuroS\&PW~'20},
    pages = {230--239},
    address = {Genoa, Italy},
    month = sep,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{angulo-15-data-track,
    author = {Angulo, Julio and Fischer-H\"{u}bner, Simone and Pulls, Tobias and W\"{a}stlund, Erik},
    title = {{Usable Transparency with the Data Track: A Tool for Visualizing Data Disclosures}},
    booktitle = {ACM Conference Extended Abstracts on Human Factors in Computing Systems},
    year = {2015},
    series = {CHI~EA~'15},
    pages = {1803--1808},
    address = {Seoul, Republic of Korea},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{aonzo-18-phishing-pw-android,
    author = {Aonzo, Simone and Merlo, Alessio and Tavella, Giulio and Fratantonio, Yanick},
    title = {{Phishing Attacks on Modern Android}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2018},
    series = {CCS~'18},
    pages = {1788--1801},
    address = {Toronto, Ontario, Canada},
    month = oct,
    publisher = {ACM}
}

% Approved all correct
@misc{apple-18-ios-security,
    author = {{Apple, Inc.}},
    title = {{iOS Security: iOS 12.1}},
    note = {\url{https://www.apple.com/business/site/docs/iOS_Security_Guide.pdf}, as of \today},
    month = nov,
    year = {2018}
}

% Approved all correct
@misc{apple-20-manager-quirks,
    author = {{Apple, Inc.}},
    title = {{Password Manager Resources}},
    note = {\url{https://opensource.apple.com/projects/password-manager-resources/}, as of \today},
    month = may,
    year = {2020}
}

% Approved all correct
@misc{apple-21-hide-my-email,
    author = {{Apple, Inc.}},
    title = {{What is Hide My Email?}},
    note = {\url{https://support.apple.com/en-us/HT210425}, as of \today},
    month = sep,
    year = {2021}
}

% Approved all correct
@article{arora-22-fido-recovery,
    author = {Arora, Sunpreet S. and Badrinarayanan, Saikrishna and Raghuraman, Srinivasan and Shirvanian, Maliheh and Wagner, Kim and Watson, Gaven},
    title = {{Avoiding Lock Outs: Proactive FIDO Account Recovery using Managerless Group Signatures}},
    journal = {Cryptology ePrint Archive},
    year = {2022},
    volume = {2022/1555},
    number = {},
    pages = {1--46},
    month = nov
} % UPDATE REQUIERED

% Approved all correct
@inproceedings{aviv-10-smudge,
    author = {Aviv, Adam J. and Gibson, Katherine and Mossop, Evan and Blaze, Matt and Smith, Jonathan M.},
    title = {{Smudge Attacks on Smartphone Touch Screens}},
    booktitle = {USENIX Workshop on Offensive Technologies},
    year = {2010},
    series = {WOOT~'10},
    pages = {1--7},
    address = {Washington, District of Columbia, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{aviv-14-pattern-perception,
    author = {Aviv, Adam J. and Fichter, Dane},
    title = {{Understanding Visual Perceptions of Usability and Security of Android's Graphical Password Pattern}},
    booktitle = {Annual Computer Security Applications Conference},
    year = {2014},
    series = {ACSAC~'14},
    pages = {286--295},
    address = {New Orleans, Louisiana, USA},
    month = dec,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{aviv-15-pattern-bigger,
    author = {Aviv, Adam J. and Budzitowski, Devon and Kuber, Ravi},
    title = {{Is Bigger Better? Comparing User-Generated Passwords on 3x3 vs. 4x4 Grid Sizes for Android's Pattern Unlock}},
    booktitle = {Annual Computer Security Applications Conference},
    year = {2015},
    series = {ACSAC~'15},
    pages = {301--310},
    address = {Los Angeles, California, USA},
    month = dec,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{aviv-16-culture,
    author = {Aviv, Adam J. and D\"urmuth, Markus and Gupta, Payas},
    title = {{Position Paper: Measuring the Impact of Alphabet and Culture on Graphical Passwords}},
    booktitle = {Who Are You?! Adventures in Authentication Workshop},
    year = {2016},
    series = {WAY~'16},
    pages = {},
    address = {Denver, Colorado, USA},
    month = jun,
    publisher = {USENIX}
} % No page numbers for this workshop

% Approved all correct
@inproceedings{aviv-17-shoulder-surfing-baseline,
    author = {Aviv, Adam J. and Davin, John T. and Wolf, Flynn and Kuber, Ravi},
    title = {{Towards Baselines for Shoulder Surfing on Mobile Authentication}},
    booktitle = {Annual Conference on Computer Security Applications},
    year = {2017},
    series = {ACSAC~'17},
    pages = {486--498},
    address = {Orlando, Florida, USA},
    month = dec,
    publisher = {ACM}
}

% Approved all correct
@article{aviv-18-pattern-sok,
    author = {Aviv, Adam J. and D\"urmuth, Markus},
    title = {{A Survey of Collection Methods and Cross-Data Set Comparison of Android Unlock Patterns}},
    journal = {CoRR},
    year = {2018},
    volume = {abs/1811.10548},
    number = {},
    pages = {1--20},
    month = nov
}

% Approved all correct
@inproceedings{bailey-14-glass,
    author = {Bailey, Daniel and D\"{u}rmuth, Markus and Paar, Christof},
    title = {{``Typing'' Passwords With Voice Recognition: How to Authenticate to Google Glass}},
    booktitle = {Who Are You?! Adventures in Authentication Workshop},
    year = {2014},
    series = {WAY~'14},
    pages = {1--2},
    address = {Menlo Park, California, USA},
    month = jul,
    publisher = {}
} % No publisher

% Approved all correct
@inproceedings{bailey-14-financial,
    author = {Bailey, Daniel V. and D{\"u}rmuth, Markus and Paar, Christof},
    title = {{Statistics on Password Re-use and Adaptive Strength for Financial Accounts}},
    booktitle = {Security and Cryptography for Networks},
    year = {2014},
    series = {SCN~'14},
    pages = {218--235},
    address = {Amalfi, Italy},
    month = sep,
    publisher = {Springer}
}

% Approved all correct
@misc{baines-21-princeton-radboud-study,
    author = {Baines, Jon},
    title = {{Data Ethics Concerns Halt Academic Study into Subject Access Requests}},
    note = {\url{https://www.mishcon.com/news/data-ethics-concerns-halt-academic-study-into-subject-access-requests}, as of \today},
    month = dec,
    year = {2021}
}

% Approved all correct
@misc{baraniuk-15-ashley-suicides,
    author = {Baraniuk, Chris},
    title = {{Ashley Madison: 'Suicides' over Website Hack}},
    note = {\url{https://www.bbc.com/news/technology-34044506}, as of \today},
    month = aug,
    year = {2015}
}

% Approved all correct
@techreport{bauer-13-warning-guidelines,
    author = {Bauer, Lujo and Bravo-Lillo, Cristian and Cranor, Lorrie and Fragkaki, Elli},
    title = {{Warning Design Guidelines}},
    institution = {Carnegie Mellon University},
    year = {2013},
    type = {Technical Report},
    number = {CMU-CyLab-13-002},
    month = feb
}

% Approved all correct
@inproceedings{bauer-13-single-sign-on,
    author = {Bauer, Lujo and Bravo-Lillo, Cristian and Fragkaki, Elli and Melicher, William},
    title = {{A Comparison of Users' Perceptions of and Willingness to Use Google, Facebook, and Google+ Single-sign-on Functionality}},
    booktitle = {Workshop on Digital Identity Management},
    year = {2013},
    series = {DIM~'13},
    pages = {25--36},
    address = {Berlin, Germany},
    month = nov,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{beautement-08-budget,
    author = {Beautement, Adam and Sasse, M. Angela and Wonham, Mike},
    title = {{The Compliance Budget: Managing Security Behaviour in Organisations}},
    booktitle = {New Security Paradigms Workshop},
    year = {2008},
    series = {NSPW~'08},
    pages = {47--58},
    address = {Lake Tahoe, California, USA},
    month = sep,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{becerra-18-honeypakes,
    author = {Becerra, Jos\'e and R{\o}nne, Peter B. and Ryan, Peter Y. A. and Sala, Petra},
    title = {{HoneyPAKEs}},
    booktitle = {International Workshop on Security Protocols},
    year = {2018},
    series = {Security~Protocols~'18},
    pages = {63--77},
    address = {Cambridge, United Kingdom},
    month = mar,
    publisher = {Springer}
}

% Approved all correct
@misc{belfiore-15-microsoft-windows-hello,
    author = {Belfiore, Joe},
    title = {{Making Windows 10 More Personal and More Secure with Windows Hello}},
    note = {\url{https://blogs.windows.com/windowsexperience/2015/03/17/making-windows-10-more-personal-and-more-secure-with-windows-hello/}, as of \today},
    month = mar,
    year = {2015}
}

% Approved all correct
@inproceedings{bellare-93-entity-auth,
    author = {Bellare, Mihir and Rogaway, Phillip},
    title = {{Entity Authentication and Key Distribution}},
    booktitle = {Advances in Cryptology -- {CRYPTO}~1993},
    year = {1993},
    series = {CRYPTO~'93},
    pages = {232--249},
    address = {Santa Barbara, California, USA},
    month = aug,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{bellovin-92-eke,
    author = {Bellovin, Steven M. and Merritt, Michael},
    title = {{Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks}},
    booktitle = {IEEE Symposium on Security and Privacy},
    year = {1992},
    series = {SP~'92},
    pages = {72--84},
    address = {Oakland, California, USA},
    month = may,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{bhagavatula-15-biometric-iphone,
    author = {Bhagavatula, Chandrasekhar and Ur, Blase and Iacovino, Kevin and Kywey, Su Mon and Cranor, Lorrie Faith and Savvides, Marios},
    title = {{Biometric Authentication on iPhone and Android: Usability, Perceptions, and Influences on Adoption}},
    booktitle = {Workshop on Usable Security},
    year = {2015},
    series = {USEC~'15},
    pages = {},
    address = {San Diego, California, USA},
    month = feb,
    publisher = {ISOC}
} % USEC does not have page numbers

% Approved all correct
@inproceedings{bhagavatula-20-change-after-breach,
    author = {Bhagavatula, Sruti and Bauer, Lujo and Kapadia, Apu},
    title = {{(How) Do People Change Their Passwords After a Breach?}},
    booktitle = {Workshop on Technology and Consumer Protection},
    year = {2020},
    series = {ConPro~'20},
    pages = {},
    address = {Virtual Conference},
    month = may,
    publisher = {IEEE}
} % ConPro does not have page numbers

% Approved all correct
@inproceedings{bhagavatula-21-what-breach,
    author = {Bhagavatula, Sruti and Bauer, Lujo and Kapadia, Apu},
    title = {{What Breach? Measuring Online Awareness of Security Incidents by Studying Real-World Browsing Behavior}},
    booktitle = {European Workshop on Usable Security},
    year = {2021},
    series = {EuroUSEC~'21},
    pages = {180--199},
    address = {Virtual Conference},
    month = oct,
    publisher = {ACM}
}

% Approved all correct
@article{biddle-12-graphical-survey,
    author = {Biddle, Robert and Chiasson, Sonia and Van Oorschot, Paul C.},
    title = {{Graphical Passwords: Learning from the First Twelve Years}},
    journal = {ACM Computing Surveys},
    year = {2012},
    volume = {44},
    number = {4},
    pages = {19:1--19:41},
    month = aug,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{bielova-17-web-tracking,
    author = {Bielova, Nataliia},
    title = {{Web Tracking Technologies and Protection Mechanisms}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2017},
    series = {CCS~'17},
    pages = {2607--2609},
    address = {Dallas, Texas, USA},
    month = oct,
    publisher = {ACM}
}

% Approved all correct
@misc{biggs-17-river-city-media,
    author = {Biggs, John},
    title = {{Spammers Expose Over a Billion Email Addresses After Failed Backup}},
    note = {\url{https://techcrunch.com/2017/03/06/spammers-expose-billions-of-emails-after-failed-backup/}, as of \today},
    month = mar,
    year = {2017}
}

% Approved all correct
@misc{biryukov-15-argon2,
    author = {Biryukov, Alex and Dinu, Daniel and Khovratovich, Dmitry},
    title = {{Argon2: The Memory-Hard Function for Password Hashing and Other Applications}},
    note = {\url{https://github.com/P-H-C/phc-winner-argon2}, as of \today},
    month = jul,
    year = {2015}
}

% Approved all correct
@article{bishop-95-proactive-checking,
    author = {Bishop, Matt and Klein, Daniel V.},
    title = {{Improving System Security via Proactive Password Checking}},
    journal = {Computers \& Security},
    year = {1995},
    volume = {14},
    number = {3},
    pages = {233--249},
    month = {},
    publisher = {Elsevier}
} % Elsevier does not report the month when the issue was published

% Approved all correct
@article{bland-97-cronbach,
    author = {Bland, J. Martin and Altman, Douglas G.},
    title = {{Statistics Notes: Cronbach's Alpha}},
    journal = {The BMJ},
    year = {1997},
    volume = {314},
    number = {7080},
    pages = {572--572},
    month = feb,
    publisher = {BMA}
}

% Approved all correct
@inproceedings{blocki-13-rehearsing-pw,
    author = {Blocki, Jeremiah and Blum, Manuel and Datta, Anupam},
    title = {{Naturally Rehearsing Passwords}},
    booktitle = {Advances in Cryptology -- {ASIACRYPT}~2013, Part II},
    year = {2013},
    series = {ASIACRYPT~'13},
    pages = {361--380},
    address = {Bangalore, India},
    month = dec,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{blocki-15-pao,
    author = {Blocki, Jeremiah and Komanduri, Saranga and Cranor, Lorrie Faith and Datta, Anupam},
    title = {{Spaced Repetition and Mnemonics Enable Recall of Multiple Strong Passwords}},
    booktitle = {Symposium on Network and Distributed System Security},
    year = {2015},
    series = {NDSS~'15},
    pages = {},
    address = {San Diego, California, USA},
    month = feb,
    publisher = {ISOC}
} % NDSS does not have page numbers

% Approved all correct
@inproceedings{blocki-16-differential-private,
    author = {Blocki, Jeremiah and Datta, Anupam and Bonneau, Joseph},
    title = {{Differentially Private Password Frequency Lists}},
    booktitle = {Symposium on Network and Distributed System Security},
    year = {2016},
    series = {NDSS~'16},
    pages = {},
    address = {San Diego, California, USA},
    month = feb,
    publisher = {ISOC}
} % NDSS does not have page numbers

% Approved all correct
@inproceedings{blocki-18-economics-cracking,
    author = {Blocki, Jeremiah and Harsha, Ben and Zhou, Samson},
    title = {{On the Economics of Offline Password Cracking}},
    booktitle = {IEEE Symposium on Security and Privacy},
    year = {2018},
    series = {SP~'18},
    pages = {35--53},
    address = {San Francisco, California, USA},
    month = may,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{blocki-19-dalock,
    author = {Blocki, Jeremiah and Zhang, Wuwei},
    title = {{DALock: Password Distribution Aware Throttling}},
    booktitle = {Who Are You?! Adventures in Authentication Workshop},
    year = {2019},
    series = {WAY~'19},
    pages = {1--6},
    address = {Santa Clara, California, USA},
    month = aug,
    publisher = {}
} % No publisher

% Approved all correct
@inproceedings{bock-17-uncaptcha,
    author = {Bock, Kevin and Patel, Daven and Hughey, George and Levin, Dave},
    title = {{unCaptcha: A Low-Resource Defeat of reCaptcha's Audio Challenge}},
    booktitle = {USENIX Workshop on Offensive Technologies},
    year = {2017},
    series = {WOOT~'17},
    pages = {},
    address = {Vancouver, British Columbia, Canada},
    month = aug,
    publisher = {USENIX}
} % WOOT does not have page numbers

% Approved all correct
@misc{bohn-20-google-voice-opt-out,
    author = {Bohn, Dieter},
    title = {{Google Is Sending a Complicated Privacy Email to Everyone}},
    note = {\url{https://www.theverge.com/2020/8/5/21354805/}, as of \today},
    month = aug,
    year = {2020}
}

% Approved all correct
@inproceedings{bojinov-10-kamouflage,
    author = {Bojinov, Hristo and Bursztein, Elie and Boyen, Xavier and Boneh, Dan},
    title = {{Kamouflage: Loss-Resistant Password Management}},
    booktitle = {European Symposium on Research in Computer Security},
    year = {2010},
    series = {ESORICS~'10},
    pages = {286--302},
    address = {Athens, Greece},
    month = sep,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{bojinov-12-rubber-hose,
    author = {Bojinov, Hristo and Sanchez, Daniel and Reber, Paul and Boneh, Dan and Lincoln, Patrick},
    title = {{Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks}},
    booktitle = {USENIX Security Symposium},
    year = {2012},
    series = {SSYM~'12},
    pages = {129--141},
    address = {Bellevue, Washington, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{boneh-16-balloon-hashing,
    author = {Boneh, Dan and Corrigan{-}Gibbs, Henry and Schechter, Stuart E.},
    title = {{Balloon Hashing: A Memory-Hard Function Providing Provable Protection Against Sequential Attacks}},
    booktitle = {Advances in Cryptology -- {ASIACRYPT}~2016, Part I},
    year = {2016},
    series = {ASIACRYPT~'16},
    pages = {220--248},
    address = {Hanoi, Vietnam},
    month = dec,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{bonneau-10-in-a-name,
    author = {Bonneau, Joseph and Just, Mike and Matthews, Greg},
    title = {{What's in a Name? Evaluating Statistical Attacks on Personal Knowledge Questions}},
    booktitle = {Financial Cryptography and Data Security},
    year = {2010},
    series = {FC~'10},
    pages = {98--113},
    address = {Tenerife, Canary Islands, Spain},
    month = jan,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{bonneau-10-thicket,
    author = {Bonneau, Joseph and Preibusch, S\"oren},
    title = {{The Password Thicket: Technical and Market Failures in Human Authentication on the Web}},
    booktitle = {Workshop on the Economics of Information Security},
    year = {2010},
    series = {WEIS~'10},
    pages = {},
    address = {Cambridge, Massachusetts, USA},
    month = jun,
    publisher = {ACM}
} % Co-located with ACM Electronic Commerce, no page numbers

% Approved all correct
@inproceedings{bonneau-12-linguistic-passphrases,
    author = {Bonneau, Joseph and Shutova, Ekaterina},
    title = {{Linguistic Properties of Multi-word Passphrases}},
    booktitle = {Workshop on Usable Security},
    year = {2012},
    series = {USEC~'12},
    pages = {1--12},
    address = {Kralendijk, Bonaire},
    month = mar,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{bonneau-12-pin,
    author = {Bonneau, Joseph and Preibusch, S{\"o}ren and Anderson, Ross},
    title = {{A Birthday Present Every Eleven Wallets? The Security of Customer-Chosen Banking PINs}},
    booktitle = {Financial Cryptography and Data Security},
    year = {2012},
    series = {FC~'12},
    pages = {25--40},
    address = {Kralendijk, Bonaire},
    month = feb,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{bonneau-12-entropy,
    author = {Bonneau, Joseph},
    title = {{The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords}},
    booktitle = {IEEE Symposium on Security and Privacy},
    year = {2012},
    series = {SP~'12},
    pages = {538--552},
    address = {San Jose, California, USA},
    month = may,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{bonneau-12-the-quest,
    author = {Bonneau, Joseph and Herley, Cormac and Van Oorschot, Paul C. and Stajano, Frank},
    title = {{The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes}},
    booktitle = {IEEE Symposium on Security and Privacy},
    year = {2012},
    series = {SP~'12},
    pages = {553--567},
    address = {San Jose, California, USA},
    month = may,
    publisher = {IEEE}
}

% Approved all correct
@phdthesis{bonneau-12-phd-thesis,
    author = {Bonneau, Joseph},
    title = {{Guessing Human-Chosen Secrets}},
    year = {2012},
    school = {University of Cambridge}
}

% Approved all correct
@inproceedings{bonneau-14-rba-privacy,
    author = {Bonneau, Joseph and Felten, Edward W. and Mittal, Prateek and Narayanan, Arvind},
    title = {{Privacy Concerns of Implicit Secondary Factors for Web Authentication}},
    booktitle = {Who Are You?! Adventures in Authentication Workshop},
    year = {2014},
    series = {WAY~'14},
    pages = {1--2},
    address = {Menlo Park, California, USA},
    month = jul,
    publisher = {}
} % No publisher

% Approved all correct
@inproceedings{bonneau-14-56bit,
    author = {Bonneau, Joseph and Schechter, Stuart},
    title = {{Towards Reliable Storage of 56-bit Secrets in Human Memory}},
    booktitle = {USENIX Security Symposium},
    year = {2014},
    series = {SSYM~'14},
    pages = {607--623},
    address = {San Diego, California, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{bonneau-15-lies-and-account-recovery,
    author = {Bonneau, Joseph and Bursztein, Elie and Caron, Ilan and Jackson, Rob and Williamson, Mike},
    title = {{Secrets, Lies, and Account Recovery: Lessons from the Use of Personal Knowledge Questions at Google}},
    booktitle = {The World Wide Web Conference},
    year = {2015},
    series = {WWW~'15},
    pages = {141--150},
    address = {Florence, Italy},
    month = may,
    publisher = {ACM}
}

% Approved all correct
@article{bonneau-15-imperfect,
    author = {Bonneau, Joseph and Herley, Cormac and Van Oorschot, Paul C. and Stajano, Frank},
    title = {{Passwords and the Evolution of Imperfect Authentication}},
    journal = {Communications of the ACM},
    year = {2015},
    volume = {58},
    number = {7},
    pages = {78--87},
    month = jun,
    publisher = {ACM}
}

% Approved all correct
@article{bradshaw-11-contracts,
    author = {Bradshaw, Simon and Millard, Christopher and Walden, Ian},
    title = {{Contracts for Clouds: Comparison and Analysis of the Terms and Conditions of Cloud Computing Services}},
    journal = {Journal of Law and Information Technology},
    year = {2011},
    volume = {19},
    number = {3},
    pages = {187--223},
    month = jul,
    publisher = {Oxford University Press}
}

% Approved all correct
@inproceedings{brainard-06-social,
    author = {Brainard, John and Juels, Ari and Rivest, Ronald L. and Szydlo, Michael and Yung, Moti},
    title = {{Fourth-Factor Authentication: Somebody You Know}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2006},
    series = {CCS~'06},
    pages = {168--178},
    address = {Alexandria, Virginia, USA},
    month = oct,
    publisher = {ACM}
}

% Approved all correct
@article{brajnik-10-advertising,
    author = {Brajnik, Giorgio and Gabrielli, Silvia},
    title = {{A Review of Online Advertising Effects on the User Experience}},
    journal = {International Journal of Human–Computer Interaction},
    year = {2010},
    volume = {26},
    number = {10},
    pages = {971--997},
    month = sep,
    publisher = {Taylor \& Francis}
}

% Approved all correct
@article{bravo-lillo-11-warning-mental,
    author = {Bravo-Lillo, Christian and Cranor, Lorrie Faith and Downs, Julie S. and Komanduri, Saranga},
    title = {{Bridging the Gap in Computer Security Warnings: A Mental Model Approach}},
    journal = {IEEE Security \& Privacy},
    year = {2011},
    volume = {9},
    number = {2},
    pages = {18--26},
    month = mar,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{bravo-lillo-14-pop-up-fatigue,
    author = {Bravo-Lillo, Cristian and Cranor, Lorrie Faith and Komanduri, Saranga and Schechter, Stuart and Sleeper, Manya},
    title = {{Harder to Ignore? Revisiting Pop-Up Fatigue and Approaches to Prevent It}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2014},
    series = {SOUPS~'14},
    pages = {105--111},
    address = {Menlo Park, California, USA},
    month = jul,
    publisher = {USENIX}
}

% Approved all correct
@misc{brewster-16-dropbox-bcrypt,
    author = {Brewster, Thomas},
    title = {{Why You Shouldn't Panic About Dropbox Leaking 68 Million Passwords}},
    note = {\url{https://www.forbes.com/sites/thomasbrewster/2016/08/31/dropbox-hacked-but-its-not-that-bad/}, as of \today},
    month = aug,
    year = {2016}
}

% Approved all correct
@misc{brewster-18-cellebrite,
    author = {Brewster, Thomas},
    title = {{The Feds Can Now (Probably) Unlock Every iPhone Model In Existence}},
    note = {\url{https://www.forbes.com/sites/thomasbrewster/2018/02/26/government-can-access-any-apple-iphone-cellebrite/}, as of \today},
    month = feb,
    year = {2018}
}

% Approved all correct
@misc{brewster-18-graykey,
    author = {Brewster, Thomas},
    title = {{Mysterious \$15,000 ``GrayKey'' Promises To Unlock iPhone X For The Feds}},
    note = {\url{https://www.forbes.com/sites/thomasbrewster/2018/03/05/apple-iphone-x-graykey-hack/}, as of \today},
    month = mar,
    year = {2018}
}

% Approved all correct
@inproceedings{brostoff-03-ten-strikes,
    author = {Brostoff, Sacha and Sasse, M. Angela},
    title = {{``Ten Strikes and You're Out'': Increasing the Number of Login Attempts can Improve Password Usability}},
    booktitle = {Workshop on Human-Computer Interaction and Security Systems},
    year = {2003},
    series = {HCISEC~'03},
    pages = {},
    address = {Fort Lauderdale, Florida, USA},
    month = apr,
    publisher = {ACM}
} % No page numbers, no publisher?

% Approved all correct
@misc{brozek-18-autocomplete-attribute,
    author = {Brozek, Vaclav},
    title = {{Password Form Styles that Chromium Understands}},
    note = {\url{https://dev.chromium.org/developers/design-documents/form-styles-that-chromium-understands}, as of \today},
    month = oct,
    year = {2018}
}

% Approved all correct
@inproceedings{bugiel-10-truwalletm,
    author = {Bugiel, Sven and Dmitrienko, Alexandra and Kostiainen, Kari and Sadeghi, Ahmad-Reza and Winandy, Marcel},
    title = {{TruWalletM: Secure Web Authentication on Mobile Platforms}},
    booktitle = {International Conference on Trusted Systems},
    year = {2010},
    series = {INTRUST~'10},
    pages = {219--236},
    address = {Beijing, China},
    month = dec,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{bursztein-14-usable-captcha,
    author = {Bursztein, Elie and Moscicki, Angelique and Fabry, Celine and Bethard, Steven and Mitchell, John C. and Jurafsky, Dan},
    title = {{Easy Does It: More Usable CAPTCHAs}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2014},
    series = {CHI~'14},
    pages = {2637--2646},
    address = {Toronto, Ontario, Canada},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{bursztein-14-text-captcha,
    author = {Bursztein, Elie and Aigrain, Jonathan and Moscicki, Angelika and Mitchell, John C.},
    title = {{The End is Nigh: Generic Solving of Text-based CAPTCHAs}},
    booktitle = {USENIX Workshop on Offensive Technologies},
    year = {2014},
    series = {WOOT~'14},
    pages = {},
    address = {San Diego, California, USA},
    month = aug,
    publisher = {USENIX}
} % WOOT does not have page numbers

% Approved all correct
@inproceedings{bursztein-14-hijacking,
    author = {Bursztein, Elie and Benko, Borbala and Margolis, Daniel and Pietraszek, Tadek and Archer, Andy and Aquino, Allan and Pitsillidis, Andreas and Savage, Stefan},
    title = {{Handcrafted Fraud and Extortion: Manual Account Hijacking in the Wild}},
    booktitle = {Internet Measurement Conference},
    year = {2014},
    series = {IMC~'14},
    pages = {347--358},
    address = {Vancouver, British Columbia, Canada},
    month = nov,
    publisher = {ACM}
}

% Approved all correct
@misc{canahuati-19-2fa-risk-reuse,
    author = {Canahuati, Pedro},
    title = {{Facebook: Keeping Passwords Secure}},
    note = {\url{https://newsroom.fb.com/news/2019/03/keeping-passwords-secure/}, as of \today},
    month = mar,
    year = {2019}
}

% Approved all correct
@inproceedings{canvel-03-pw-interception-tls,
    author = {Canvel, Brice and Hiltgen, Alain and Vaudenay, Serge and Vuagnoux, Martin},
    title = {{Password Interception in a SSL/TLS Channel}},
    booktitle = {Advances in Cryptology -- {CRYPTO}~2003},
    year = {2003},
    series = {CRYPTO~'03},
    pages = {583--599},
    address = {Santa Barbara, California, USA},
    month = aug,
    publisher = {Springer}
}

% Approved all correct
@article{caputo-14-spear-phishing-training,
    author = {Caputo, Deanna D. and Pfleeger, Shari Lawrence and Freeman, Jesse D. and Johnson, M. Eric},
    title = {{Going Spear Phishing: Exploring Embedded Training and Awareness}},
    journal = {IEEE Security \& Privacy},
    year = {2014},
    volume = {12},
    number = {1},
    pages = {28--38},
    month = jan,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{casati-17-android-managers-leakage,
    author = {Casati, Luca and Visconti, Andrea},
    title = {{Exploiting a Bad User Practice to Retrieve Data Leakage on Android Password Managers}},
    booktitle = {Innovative Mobile and Internet Services in Ubiquitous Computing},
    year = {2017},
    series = {IMIS~'17},
    pages = {952--958},
    address = {Torino, Italy},
    month = jul,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{castelluccia-12-adaptive,
    author = {Castelluccia, Claude and D{\"u}rmuth, Markus and Perito, Daniele},
    title = {{Adaptive Password-Strength Meters from Markov Models}},
    booktitle = {Symposium on Network and Distributed System Security},
    year = {2012},
    series = {NDSS~'12},
    pages = {},
    address = {San Diego, California, USA},
    month = feb,
    publisher = {ISOC}
} % NDSS does not have page numbers

% Approved all correct
@article{castelluccia-13-leveraging-pii,
    author = {Castelluccia, Claude and Chaabane, Abdelberi and D{\"u}rmuth, Markus and Perito, Daniele},
    title = {{When Privacy Meets Security: Leveraging Personal Information for Password Cracking}},
    journal = {CoRR},
    year = {2013},
    volume = {abs/1304.6584},
    number = {},
    pages = {1--16},
    month = apr
}

% Approved all correct
@inproceedings{castelluccia-17-mooneyauth,
    author = {Castelluccia, Claude and D\"{u}rmuth, Markus and Golla, Maximilian and Deniz, Fatma},
    title = {{Towards Implicit Visual Memory-Based Authentication}},
    booktitle = {Symposium on Network and Distributed System Security},
    year = {2017},
    series = {NDSS~'17},
    pages = {},
    address = {San Diego, California, USA},
    month = feb,
    publisher = {ISOC}
} % NDSS does not have page numbers

% Approved all correct
@inproceedings{cha-17-pattern-smudges,
    author = {Cha, Seunghun and Kwag, Sungsu and Kim, Hyoungshick and Huh, Jun Ho},
    title = {{Boosting the Guessing Attack Performance on Android Lock Patterns with Smudge Attacks}},
    booktitle = {ACM Asia Conference on Computer and Communications Security},
    year = {2017},
    series = {ASIA~CCS~'17},
    pages = {313--326},
    address = {Abu Dhabi, United Arab Emirates},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{chakraborty-19-sim-fido,
    author = {Chakraborty, Dhiman and Bugiel, Sven},
    title = {{SimFIDO: FIDO2 User Authentication with SimTPM}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2019},
    series = {CCS~'19},
    pages = {2569--2571},
    address = {London, United Kingdom},
    month = nov,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{chanchary-15-percep-tracking,
    author = {Chanchary, Farah and Chiasson, Sonia},
    title = {{User Perceptions of Sharing, Advertising, and Tracking}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2015},
    series = {SOUPS~'15},
    pages = {53--67},
    address = {Ottawa, Canada},
    month = jul,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{chatterjee-15-nle,
    author = {Chatterjee, Rahul and Bonneau, Joseph and Juels, Ari and Ristenpart, Thomas},
    title = {{Cracking-Resistant Password Vaults using Natural Language Encoders}},
    booktitle = {IEEE Symposium on Security and Privacy},
    year = {2015},
    series = {SP~'15},
    pages = {481--498},
    address = {San Jose, California, USA},
    month = may,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{chatterjee-16-typos,
    author = {Chatterjee, Rahul and Athalye, Anish and Akhawe, Devdatta and Juels, Ari and Ristenpart, Thomas},
    title = {{pASSWORD tYPOS and How to Correct Them Securely}},
    booktitle = {IEEE Symposium on Security and Privacy},
    year = {2016},
    series = {SP~'16},
    pages = {799--818},
    address = {San Jose, California, USA},
    month = may,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{chatterjee-17-typtop,
    author = {Chatterjee, Rahul and Woodage, Joanne and Pnueli, Yuval and Chowdhury, Anusha and Ristenpart, Thomas},
    title = {{The TypTop System: Personalized Typo-Tolerant Password Checking}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2017},
    series = {CCS~'17},
    pages = {329--346},
    address = {Dallas, Texas, USA},
    month = oct,
    publisher = {ACM}
}

% Approved all correct
@article{chaudhary-15-online-sec,
    author = {Chaudhary, Sunil and Zhao, Yan and Berki, Eleni and Valtanen, Juri and Li, Linfeng and Helenius, Marko and Mystakidis, Stylianos},
    title = {{A Cross-Cultural and Gender-Based Perspective for Online Security: Exploring Knowledge, Skills and Attitudes of Higher Education Students}},
    journal = {International Journal on WWW/Internet},
    year = {2015},
    volume = {13},
    number = {1},
    pages = {57--71},
    month = dec,
    publisher = {IADIS}
}

% Approved all correct
@article{cheng-18-pattern-sonarsnoop,
    author = {Cheng, Peng and Bagci, Ibrahim Ethem and Roedig, Utz and Yan, Jeff},
    title = {{SonarSnoop: Active Acoustic Side-Channel Attacks}},
    journal = {CoRR},
    year = {2018},
    volume = {abs/1808.10250},
    number = {},
    pages = {1--13},
    month = aug
}

% Approved all correct
@inproceedings{cheng-19-vault-encoding,
    author = {Cheng, Haibo and Zheng, Zhixiong and Li, Wenting and Wang, Ping and Chu, Chao-Hsien},
    title = {{Probability Model Transforming Encoders Against Encoding Attacks}},
    booktitle = {USENIX Security Symposium},
    year = {2019},
    series = {SSYM~'19},
    pages = {1573--1590},
    address = {Santa Clara, California, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{cheng-21-honey-vaults,
    author = {Cheng, Haibo and Li, Wenting and Wang, Ping and Chu, Chao-Hsien and Liang, Kaitai},
    title = {{Incrementally Updateable Honey Password Vaults}},
    booktitle = {USENIX Security Symposium},
    year = {2021},
    series = {SSYM~'21},
    pages = {857--874},
    address = {Virtual Conference},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{cherapau-15-touchid,
    author = {Cherapau, Ivan and Muslukhov, Ildar and Asanka, Nalin and Beznosov, Konstantin},
    title = {{On the Impact of Touch ID on iPhone Passcodes}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2015},
    series = {SOUPS~'15},
    pages = {257--276},
    address = {Ottawa, Canada},
    month = jul,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{chiasson-06-pwmanager,
    author = {Chiasson, Sonia and Van Oorschot, Paul C. and Biddle, Robert},
    title = {{A Usability Study and Critique of Two Password Managers}},
    booktitle = {USENIX Security Symposium},
    year = {2006},
    series = {SSYM~'06},
    pages = {1--16},
    address = {Vancouver, British Columbia, Canada},
    month = jul,
    publisher = {USENIX}
}

% Approved all correct
@article{chiasson-15-pw-expiration,
    author = {Chiasson, Sonia and Van Oorschot, Paul C.},
    title = {{Quantifying the Security Advantage of Password Expiration Policies}},
    journal = {Designs, Codes and Cryptography},
    year = {2015},
    volume = {77},
    number = {2--3},
    pages = {401--408},
    month = dec,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{chin-12-user-confidence,
    author = {Chin, Erika and Felt, Adrienne Porter and Sekar, Vyas and Wagner, David},
    title = {{Measuring User Confidence in Smartphone Security and Privacy}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2012},
    series = {SOUPS~'12},
    pages = {1:1--1:16},
    address = {Washington, District of Columbia, USA},
    month = jul,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{cho-17-syspal,
    author = {Cho, Geumhwan and Huh, Jun Ho and Cho, Junsung and Oh, Seongyeol and Song, Youngbae and Kim, Hyoungshick},
    title = {{SysPal: System-Guided Pattern Locks for Android}},
    booktitle = {IEEE Symposium on Security and Privacy},
    year = {2017},
    series = {SP~'17},
    pages = {338--356},
    address = {San Jose, California, USA},
    month = may,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{chouhan-19-pd-for-community,
    author = {Chouhan, Chhaya and LaPerriere, Christy M. and Aljallad, Zaina and Kropczynski, Jess and Lipford, Heather and Wisniewski, Pamela J.},
    title = {{Co-Designing for Community Oversight: Helping People Make Privacy and Security Decisions Together}},
    booktitle = {ACM Conference on Computer-Supported Cooperative Work and Social Computing},
    year = {2019},
    series = {CSCW~'19},
    pages = {146:1--146:31},
    address = {Austin, Texas, USA},
    month = nov,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{chromik-19-dark-patterns,
    author = {Chromik, Michael and Eiband, Malin and V\"olkel, Sarah Theres and Buschek, Daniel},
    title = {{Dark Patterns of Explainability, Transparency, and User Control for Intelligent Systems}},
    booktitle = {IUI Explainable Smart Systems Workshops},
    year = {2019},
    series = {ExSS~'19},
    pages = {1--6},
    address = {Los Angeles, California, USA},
    month = mar,
    publisher = {ACM}
}

% Approved all correct
@article{chu-18-children-toys,
    author = {Chu, Gordon and Apthorpe, Noah and Feamster, Nick},
    title = {{Security and Privacy Analyses of Internet of Things Children's Toys}},
    journal = {IEEE Internet of Things Journal},
    year = {2018},
    volume = {6},
    number = {1},
    pages = {978--985},
    month = aug,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{chua-21-teen-with-phone,
    author = {Chua, Phoebe K. and Mazmanian, Melissa},
    title = {{What Are You Doing With Your Phone? How Social Class Frames Parent-Teen Tensions around Teens' Smartphone Use}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2021},
    series = {CHI~'21},
    pages = {353:1--353:12},
    address = {Yokohama, Japan},
    month = may,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{chuang-13-brainwaves,
    author = {Chuang, John C.{-}I. and Nguyen, Hamilton and Wang, Charles and Johnson, Benjamin},
    title = {{I Think, Therefore I Am: Usability and Security of Authentication Using Brainwaves}},
    booktitle = {Workshop on Usable Security},
    year = {2013},
    series = {USEC~'13},
    pages = {1--16},
    address = {Okinawa, Japan},
    month = apr,
    publisher = {Springer}
}

% Approved all correct
@article{ciampa-13-browser-pw-managers,
    author = {Ciampa, Mark},
    title = {{A Comparison of User Preferences for Browser Password Managers}},
    journal = {Journal of Applied Security Research},
    year = {2013},
    volume = {8},
    number = {4},
    pages = {455--466},
    month = sep,
    publisher = {Taylor \& Francis}
}

% Approved all correct
@inproceedings{ciolino-19-u2f-usability,
    author = {Ciolino, St{\'e}phane and Parkin, Simon and Dunphy, Paul},
    title = {{Of Two Minds about Two-Factor: Understanding Everyday FIDO U2F Usability through Device Comparison and Experience Sampling}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2019},
    series = {SOUPS~'19},
    pages = {339--356},
    address = {Santa Clara, California, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@article{clark-95-validity,
    author = {Clark, Lee Anna and Watson, David},
    title = {{Constructing Validity: Basic Issues in Objective Scale Development}},
    journal = {Psychological Assessment},
    year = {1995},
    volume = {7},
    number = {3},
    pages = {309--319},
    month = sep,
    publisher = {APA}
}

% Approved all correct
@misc{clark-21-facebook-2fa-no-selling,
    author = {Clark, Mitchell},
    title = {{Facebook Users' Phone Numbers Are for Sale Through a Telegram Bot}},
    note = {\url{https://www.theverge.com/2021/1/25/22249571/}, as of \today},
    month = jan,
    year = {2021}
}

% Approved all correct
@misc{collins-17-mcf,
    author = {Collins, Eli},
    title = {{Modular Crypt Format. An Explanation About a Standard that Isn't}},
    note = {\url{https://passlib.readthedocs.io/en/stable/modular_crypt_format.html}, as of \today},
    month = jun,
    year = {2017}
}

% Approved all correct
@inproceedings{colnago-18-2fa,
    author = {Colnago, Jessica and Devlin, Summer and Oates, Maggie and Swoopes, Chelse and Bauer, Lujo and Cranor, Lorrie Faith and Christin, Nicolas},
    title = {{``It's Not Actually That Horrible'': Exploring Adoption of Two-Factor Authentication at a University}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2018},
    series = {CHI~'18},
    pages = {456:1--456:11},
    address = {Montreal, Quebec, Canada},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{conners-19-lets-authenticate,
    author = {Conners, James S. and Zappala, Daniel},
    title = {{Let's Authenticate: Automated Cryptographic Authentication for the Web with Simple Account Recovery}},
    booktitle = {Who Are You?! Adventures in Authentication Workshop},
    year = {2019},
    series = {WAY~'19},
    pages = {1--6},
    address = {Santa Clara, California, USA},
    month = aug,
    publisher = {}
} % No publisher

% Approved all correct
@inproceedings{coopamootoo-20-usage-pets,
    author = {Coopamootoo, Kovila P.L.},
    title = {{Usage Patterns of Privacy-Enhancing Technologies}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2020},
    series = {CCS~'20},
    pages = {1371--1390},
    address = {Virtual Conference},
    month = oct,
    publisher = {ACM}
}

% Approved all correct
@misc{coray-17-hashtopolis,
    author = {Coray (``s3in!c''), Sein and Community},
    title = {{Hashtopolis}},
    note = {\url{https://github.com/hashtopolis/server}, as of \today},
    month = mar,
    year = {2017}
} % https://github.com/hashtopolis/server/releases?page=3

% Approved all correct
@inproceedings{cormac-08-honey,
    author = {Herley, Cormac and Flor{\^e}ncio, Dinei},
    title = {{Protecting Financial Institutions from Brute-Force Attacks}},
    booktitle = {International Information Security Conference},
    year = {2008},
    series = {IFIP~SEC~'08},
    pages = {681--685},
    address = {Milano, Italy},
    month = sep,
    publisher = {Springer}
}

% Approved all correct
@book{cranor-05-security-usability,
    author = {Cranor, Lorrie Faith and Garfinkel, Simson},
    title = {{Security and Usability: Designing Secure Systems that People Can Use}},
    year = {2005},
    publisher = {O'Reilly},
    address = {Sebastopol, California, USA},
    edition = {1}
}

% Approved all correct
@article{cranor-12-not-sufficient,
    author = {Cranor, Lorrie Faith},
    title = {{Necessary But Not Sufficient: Standardized Mechanisms for Privacy Notice and Choice}},
    journal = {Journal on Telecommunications and High Technology Law},
    year = {2012},
    volume = {10},
    number = {2},
    pages = {273--308},
    month = jun,
    publisher = {University of Colorado}
}

% Approved all correct
@inproceedings{cranor-14-teens-privacy,
    author = {Cranor, Lorrie Faith and Durity, Adam L. and Marsh, Abigail and Ur, Blase},
    title = {{Parents' and Teens' Perspectives on Privacy in a Technology-Filled World}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2014},
    series = {SOUPS~'14},
    pages = {19--35},
    address = {Menlo Park, California, USA},
    month = jul,
    publisher = {USENIX}
}

% Approved all correct
@article{crawford-14-transparent-auth,
    author = {Crawford, Heather and Renaud, Karen},
    title = {{Understanding User Perceptions of Transparent Authentication on a Mobile Device}},
    journal = {Journal of Trust Management},
    year = {2014},
    volume = {1},
    number = {1},
    pages = {1--28},
    month = dec,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{cristofaro-14-2fa,
    author = {De Cristofaro, Emiliano and Du, Honglu and Freudiger, Julien and Norcie, Greg},
    title = {{A Comparative Usability Study of Two-Factor Authentication}},
    booktitle = {Workshop on Usable Security},
    year = {2014},
    series = {USEC~'14},
    pages = {},
    address = {San Diego, California, USA},
    month = feb,
    publisher = {ISOC}
} % USEC does not have page numbers

% Approved all correct
@misc{croley-18-bcrypt,
    author = {Croley (``Chick3nman''), Sam},
    title = {{Abusing Password Reuse at Scale: Bcrypt and Beyond}},
    note = {\url{https://www.youtube.com/watch?v=5su3_Py8iMQ}, as of \today},
    month = aug,
    year = {2018}
}

% Approved all correct
@misc{croley-20-hashcat-speed,
    author = {Croley (``Chick3nman''), Sam},
    title = {{NVIDIA GeForce RTX 3090 Hashcat Benchmarks}},
    note = {\url{https://gist.github.com/Chick3nman/e4fcee00cb6d82874dace72106d73fef}, as of \today},
    month = nov,
    year = {2020}
}

% Approved all correct
@misc{csp-17-320m,
    author = {{CynoSure Prime and Community}},
    title = {{320 Million Hashes Exposed}},
    note = {\url{https://blog.cynosureprime.com/2017/08/320-million-hashes-exposed.html}, as of \today},
    month = aug,
    year = {2017}
}

% Approved all correct
@misc{cubrilovic-09-rockyou,
    author = {Cubrilovic, Nik},
    title = {{RockYou Hack: From Bad To Worse}},
    note = {\url{https://techcrunch.com/2009/12/14/rockyou-hack-security-myspace-facebook-passwords/}, as of \today},
    month = dec,
    year = {2009}
}

% Approved all correct
@inproceedings{das-14-tangled-web,
    author = {Das, Anupam and Bonneau, Joseph and Caesar, Matthew and Borisov, Nikita and Wang, XiaoFeng},
    title = {{The Tangled Web of Password Reuse}},
    booktitle = {Symposium on Network and Distributed System Security},
    year = {2014},
    series = {NDSS~'14},
    pages = {},
    address = {San Diego, California, USA},
    month = feb,
    publisher = {ISOC}
} % NDSS does not have page numbers

% Approved all correct
@inproceedings{das-14-social-influence,
    author = {Das, Sauvik and Kim, Tiffany Hyun{-}Jin and Dabbish, Laura A. and Hong, Jason I.},
    title = {{The Effect of Social Influence on Security Sensitivity}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2014},
    series = {SOUPS~'14},
    pages = {143--157},
    address = {Menlo Park, California, USA},
    month = jul,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{das-14-social-proof,
    author = {Das, Sauvik and Kramer, Adam D.I. and Dabbish, Laura A. and Hong, Jason I.},
    title = {{Increasing Security Sensitivity With Social Proof: A Large-Scale Experimental Confirmation}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2014},
    series = {CCS~'14},
    pages = {739--749},
    address = {Scottsdale, Arizona, USA},
    month = nov,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{das-18-security-key,
    author = {Das, Sanchari and Dingman, Andrew and Camp, L. Jean},
    title = {{Why Johnny Doesn't Use Two Factor: A Two-Phase Usability Study of the FIDO U2F Security Key}},
    booktitle = {Financial Cryptography and Data Security},
    year = {2018},
    series = {FC~'18},
    pages = {160--179},
    address = {Nieuwpoort, Curacao},
    month = feb,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{das-18-breaking-news,
    author = {Das, Sauvik and Lo, Joanne and Dabbish, Laura and Hong, Jason I.},
    title = {{Breaking! A Typology of Security and Privacy News and How It's Shared}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2018},
    series = {CHI~'18},
    pages = {1:1--1:12},
    address = {Montreal, Quebec, Canada},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{das-19-2fa-older-adults,
    author = {Das, Sanchari and Kim, Andrew and Jelen, Ben and Streiff, Joshua and Camp, L. Jean and Huber, Lesa},
    title = {{Towards Implementing Inclusive Authentication Technologies for Older Adults}},
    booktitle = {Who Are You?! Adventures in Authentication Workshop},
    year = {2019},
    series = {WAY~'19},
    pages = {1--5},
    address = {Santa Clara, California, USA},
    month = aug,
    publisher = {}
} % No publisher

% Approved all correct
@inproceedings{das-20-2fa-older-adults,
    author = {Das, Sanchari and Kim, Andrew and Jelen, Ben and Streiff, Joshua and Camp, L. Jean and Huber, Lesa},
    title = {{Why Don't Older Adults Adopt Two-Factor Authentication?}},
    booktitle = {SIGCHI Workshop on Designing Interactions for the Ageing Populations},
    year = {2020},
    series = {CHI~EA~'20},
    pages = {1--5},
    address = {Honolulu, Hawaii, USA},
    month = apr,
    publisher = {}
} % No publisher

% Approved all correct
@inproceedings{das-21-2fa-older-adults,
    author = {Das, Sanchari and Kim, Andrew and Jelen, Ben and Huber, Lesa and Camp, L. Jean},
    title = {{Non-Inclusive Online Security: Older Adults' Experience with Two-Factor Authentication}},
    booktitle = {Hawaii International Conference on System Sciences},
    year = {2021},
    series = {HICSS~'21},
    pages = {6472--6481},
    address = {Kauai, Hawaii, USA},
    month = jan,
    publisher = {AIS}
}

% Approved all correct
@article{daugman-04-iris,
    author = {Daugman, John},
    title = {{How Iris Recognition Works}},
    journal = {IEEE Transactions on Circuits and Systems for Video Technology},
    year = {2004},
    volume = {14},
    number = {1},
    pages = {21--30},
    month = jan,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{davis-04-user-choice,
    author = {Davis, Darren and Monrose, Fabian and Reiter, Michael K.},
    title = {{On User Choice in Graphical Password Schemes}},
    booktitle = {USENIX Security Symposium},
    year = {2004},
    series = {SSYM~'04},
    pages = {151--164},
    address = {San Diego, California, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{de-carne-14-psm,
    author = {de Carn{\'e} de Carnavalet, Xavier and Mannan, Mohammad},
    title = {{From Very Weak to Very Strong: Analyzing Password-Strength Meters}},
    booktitle = {Symposium on Network and Distributed System Security},
    year = {2014},
    series = {NDSS~'14},
    pages = {},
    address = {San Diego, California, USA},
    month = feb,
    publisher = {ISOC}
} % NDSS does not have page numbers

% Approved all correct
@inproceedings{de-luca-14-shoulder-surfing,
    author = {De Luca, Alexander and Harbach, Marian and {von Zezschwitz}, Emanuel and Maurer, Max-Emanuel and Slawik, Bernhard Ewald and Hussmann, Heinrich and Smith, Matthew},
    title = {{Now You See Me, Now You Don't: Protecting Smartphone Authentication from Shoulder Surfers}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2014},
    series = {CHI~'14},
    pages = {2937--2946},
    address = {Toronto, Ontario, Canada},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{de-luca-15-biometric-smartphone,
    author = {De Luca, Alexander and Hang, Alina and {von Zezschwitz}, Emanuel and Hussmann, Heinrich},
    title = {{I Feel Like I'm Taking Selfies All Day!: Towards Understanding Biometric Authentication on Smartphones}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2015},
    series = {CHI~'15},
    pages = {1411--1414},
    address = {Seoul, Republic of Korea},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{degeling-19-take-cookies,
    author = {Degeling, Martin and Utz, Christine and Lentzsch, Christopher and Hosseini, Henry and Schaub, Florian and Holz, Thorsten},
    title = {{We Value Your Privacy \dots Now Take Some Cookies: Measuring the GDPR's Impact on Web Privacy}},
    booktitle = {Symposium on Network and Distributed System Security},
    year = {2019},
    series = {NDSS~'19},
    pages = {},
    address = {San Diego, California, USA},
    month = feb,
    publisher = {ISOC}
} % NDSS does not have page numbers

% Approved all correct
@inproceedings{dellamico-10-pwd-strength,
    author = {Dell'Amico, Matteo and Michiardi, Pietro and Roudier, Yves},
    title = {{Password Strength: An Empirical Analysis}},
    booktitle = {Conference on Information Communications},
    year = {2010},
    series = {INFOCOM~'10},
    pages = {983--991},
    address = {San Diego, California, USA},
    month = mar,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{dellamico-15-monte-carlo,
    author = {Dell'Amico, Matteo and Filippone, Maurizio},
    title = {{Monte Carlo Strength Evaluation: Fast and Reliable Password Checking}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2015},
    series = {CCS~'15},
    pages = {158--169},
    address = {Denver, Colorado, USA},
    month = oct,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{denning-11-implicit-memory,
    author = {Denning, Tamara and Bowers, Kevin and van Dijk, Marten and Juels, Ari},
    title = {{Exploring Implicit Memory for Painless Password Recovery}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2011},
    series = {CHI~'11},
    pages = {2615--2618},
    address = {Vancouver, British Columbia, Canada},
    month = may,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{dhamijau-06-why-phishing-works,
    author = {Dhamijau, Rachna and Tygar, J. Doug and Hearst, Marti},
    title = {{Why Phishing Works}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2006},
    series = {CHI~'06},
    pages = {581--590},
    address = {Montreal, Quebec, Canada},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@misc{dhs-12-menlo-report,
    author = {{U.S. Department of Homeland Security}},
    title = {{The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research}},
    note = {\url{https://www.caida.org/publications/papers/2012/menlo_report_actual_formatted/}, as of \today},
    month = aug,
    year = {2012}
}

% Approved all correct
@inproceedings{dietrich-18-security-misconfigurations,
    author = {Dietrich, Constanze and Krombholz, Katharina and Borgolte, Kevin and Fiebig, Tobias},
    title = {{Investigating System Operators' Perspective on Security Misconfigurations}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2018},
    series = {CCS~'18},
    pages = {1272--1289},
    address = {Toronto, Ontario, Canada},
    month = oct,
    publisher = {ACM}
}

% Approved all correct
@misc{diwanji-10-google-suspicious,
    author = {Diwanji, Pavni},
    title = {{Google: Detecting Suspicious Account Activity}},
    note = {\url{https://security.googleblog.com/2010/03/detecting-suspicious-account-activity.html}, as of \today},
    month = mar,
    year = {2010}
}

% Approved all correct
@inproceedings{doerfler-19-login-challenges,
    author = {Doerfler, Periwinkle and Thomas, Kurt and Marincenko, Maija and Ranieri, Juri and Jiang, Yu and Moscicki, Angelika and McCoy, Damon},
    title = {{Evaluating Login Challenges as a Defense Against Account Takeover}},
    booktitle = {The World Wide Web Conference},
    year = {2019},
    series = {WWW~'19},
    pages = {372--382},
    address = {San Francisco, California, USA},
    month = may,
    publisher = {ACM}
}

% Approved all correct
@misc{doffman-20-ashley-sextortion,
    author = {Doffman, Zak},
    title = {{Ashley Madison Hack Returns to 'Haunt' Its Victims: 32 Million Users Now Watch and Wait}},
    note = {\url{https://www.forbes.com/sites/zakdoffman/2020/02/01/ashley-madison-hack-returns-to-haunt-its-victims-32-million-users-now-have-to-watch-and-wait/}, as of \today},
    month = feb,
    year = {2020}
}

% Approved all correct
@inproceedings{dolin-18-dd-inferences,
    author = {Dolin, Claire and Weinshel, Ben and Shan, Shawn and Hahn, Chang Min and Choi, Euirim and Mazurek, Michelle L. and Ur, Blase},
    title = {{Unpacking Perceptions of Data-Driven Inferences Underlying Online Targeting and Personalization}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2018},
    series = {CHI~'18},
    pages = {493:1--493:12},
    address = {Montreal, Quebec, Canada},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{dong-08-phishing,
    author = {Dong, Xun and Clark, John A. and Jacob, Jeremy},
    title = {{Modelling User-Phishing Interaction}},
    booktitle = {Conference on Human System Interactions},
    year = {2008},
    series = {HSI~'08},
    pages = {627--632},
    address = {Krakow, Poland},
    month = may,
    publisher = {IEEE}
}

% Approved all correct
@article{donovan-20-sharenting,
    author = {Donovan, Sheila},
    title = {{'Sharenting': The Forgotten Children of the GDPR}},
    journal = {Peace Human Rights Governance},
    year = {2020},
    volume = {4},
    number = {1},
    pages = {35--59},
    month = mar,
    publisher = {University of Padova}
}

% Approved all correct
@misc{ds-20-credentials-blackmarket,
    author = {{Digital Shadows, Ltd.}},
    title = {{From Exposure to Takeover: The 15 Billion Stolen Credentials Allowing Account Takeover}},
    note = {\url{https://resources.digitalshadows.com/whitepapers-and-reports/from-exposure-to-takeover}, as of \today},
    month = jul,
    year = {2020}
}

% Approved all correct
@inproceedings{dubois-20-characterizing-misactivations,
    author = {Dubois, Daniel J. and Kolcun, Roman and Mandalari, Anna Maria and Paracha, Muhammad Talha and Choffnes, David and Haddadi, Hamed},
    title = {{When Speakers Are All Ears: Characterizing Misactivations of IoT Smart Speakers}},
    booktitle = {Privacy Enhancing Technologies Symposium},
    year = {2020},
    series = {PETS~'20},
    pages = {255--276},
    address = {Virtual Conference},
    month = jul,
    publisher = {Sciendo}
}

% Approved all correct
@inproceedings{duermuth-15-omen,
    author = {D\"{u}rmuth, Markus and Angelstorf, Fabian and Castelluccia, Claude and Perito, Daniele and Chaabane, Abdelberi},
    title = {{OMEN: Faster Password Guessing Using an Ordered Markov Enumerator}},
    booktitle = {International Symposium on Engineering Secure Software and Systems},
    year = {2015},
    series = {ESSoS~'15},
    pages = {119--132},
    address = {Milan, Italy},
    month = mar,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{duermuth-16-side-channel-fingerprint,
    author = {D\"{u}rmuth, Markus and Oswald, David and Pastewka, Niklas},
    title = {{Side-Channel Attacks on Fingerprint Matching Algorithms}},
    booktitle = {Workshop on Trustworthy Embedded Devices},
    year = {2016},
    series = {TrustED~'16},
    pages = {3--13},
    address = {Vienna, Austria},
    month = oct,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{duermuth-21-quantum-pw-cracking,
    author = {D\"{u}rmuth, Markus and Golla, Maximilian and Markert, Philipp and May, Alexander and Schlieper, Lars},
    title = {{Towards Quantum Large-Scale Password Guessing on Real-World Distributions}},
    booktitle = {International Conference on Cryptology and Network Security},
    year = {2021},
    series = {CANS~'21},
    pages = {412--431},
    address = {Vienna, Austria},
    month = dec,
    publisher = {Springer}
}

% Approved all correct
@misc{duo-22-2fa,
    author = {{Duo Security}},
    title = {{Duo Security: Two-Factor Authentication \& Endpoint Security}},
    note = {\url{https://duo.com}, as of \today},
    month = aug,
    year = {2022}
}

% Approved all correct
@inproceedings{dutson-19-dont-punish-all,
    author = {Dutson, Jonathan and Allen, Danny and Eggett, Dennis and Seamons, Kent},
    title = {{Don't Punish all of us: Measuring User Attitudes about Two-Factor Authentication}},
    booktitle = {European Workshop on Usable Security},
    year = {2019},
    series = {EuroUSEC~'19},
    pages = {119--128},
    address = {Stockholm, Sweden},
    month = jun,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{earp-16-my-activity,
    author = {Earp, Julia and Staddon, Jessica},
    title = {{``I Had No Idea This Was a Thing'': On the Importance of Understanding the User Experience of Personalized Transparency Tools}},
    booktitle = {Workshop on Socio-Technical Aspects in Security and Trust},
    year = {2016},
    series = {STAST~'16},
    pages = {79--86},
    address = {Los Angeles, California, USA},
    month = dec,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{ebbers-16-auth-game,
    author = {Ebbers, Frank and Brune, Philipp},
    title = {{The Authentication Game -- Secure User Authentication by Gamification?}},
    booktitle = {Conference on Advanced Information Systems Engineering},
    year = {2016},
    series = {CAiSE~'16},
    pages = {101--115},
    address = {Ljubljana, Slovenia},
    month = jun,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{egelman-08-phishing-warnings,
    author = {Egelman, Serge and Cranor, Lorrie Faith and Hong, Jason},
    title = {{You'Ve Been Warned: An Empirical Study of the Effectiveness of Web Browser Phishing Warnings}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2008},
    series = {CHI~'08},
    pages = {1065--1074},
    address = {Florence, Italy},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{egelman-12-pw-ethics-panel,
    author = {Egelman, Serge and Bonneau, Joseph and Chiasson, Sonia and Dittrich, David and Schechter, Stuart},
    title = {{It's Not Stealing If You Need It: A Panel on the Ethics of Performing Research Using Public Data of Illicit Origin}},
    booktitle = {Workshop on Ethics in Computer Security Research},
    year = {2012},
    series = {WECSR~'12},
    pages = {124--132},
    address = {Kralendijk, Bonaire},
    month = feb,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{egelman-13-earnest,
    author = {Egelman, Serge and Schechter, Stuart},
    title = {{The Importance of Being Earnest [in Security Warnings]}},
    booktitle = {Financial Cryptography and Data Security},
    year = {2013},
    series = {FC~'13},
    pages = {52--59},
    address = {Okinawa, Japan},
    month = apr,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{egelman-13-eleven,
    author = {Egelman, Serge and Sotirakopoulos, Andreas and Muslukhov, Ildar and Beznosov, Konstantin and Herley, Cormac},
    title = {{Does My Password Go Up to Eleven?: The Impact of Password Meters on Password Selection}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2013},
    series = {CHI~'13},
    pages = {2379--2388},
    address = {Paris, France},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{egelman-14-ready-to-lock,
    author = {Egelman, Serge and Jain, Sakshi and Portnoff, Rebecca S. and Liao, Kerwell and Consolvo, Sunny and Wagner, David},
    title = {{Are You Ready to Lock? Understanding User Motivations for Smartphone Locking Behaviors}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2014},
    series = {CCS~'14},
    pages = {750--761},
    address = {Scottsdale, Arizona, USA},
    month = nov,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{egelman-15-sebis,
    author = {Egelman, Serge and Peer, Eyal},
    title = {{Scaling the Security Wall: Developing a Security Behavior Intentions Scale (SeBIS)}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2015},
    series = {CHI~'15},
    pages = {2873--2882},
    address = {Seoul, Republic of Korea},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{engler-09-pake-too-late,
    author = {Engler, John and Karlof, Chris and Shi, Elaine and Song, Dawn},
    title = {{Is it too late for PAKE?}},
    booktitle = {Web 2.0 Security and Privacy Workshop},
    year = {2009},
    series = {W2SP~'09},
    pages = {},
    address = {Oakland, California, USA},
    month = may,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{eslami-18-why-this-ad,
    author = {Eslami, Motahhare and Krishna Kumaran, Sneha R. and Sandvig, Christian and Karahalios, Karrie},
    title = {{Communicating Algorithmic Process in Online Behavioral Advertising}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2018},
    series = {CHI~'18},
    pages = {432:1--432:13},
    address = {Montreal, Quebec, Canada},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@misc{esposito-20-safari-compromised-pw,
    author = {Esp\'{o}sito, Filipe},
    title = {{iCloud Keychain Now Alerts Users about Leaked Passwords}},
    note = {\url{https://9to5mac.com/2020/07/04/ios-14-icloud-keychain-now-alerts-users-about-leaked-passwords-more/}, as of \today},
    month = jul,
    year = {2020}
}

% Approved all correct
@misc{eu-16-gdpr,
    author = {{European Parliament and the Council of the European Union}, The},
    title = {{Regulation (EU) 2016/679 of the European Parliament and of the Council of 27. April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation)}},
    note = {\url{http://data.europa.eu/eli/reg/2016/679/oj}, as of \today},
    month = may,
    year = {2016}
}

% Approved all correct
@misc{eu-22-dpo-required,
    author = {{European Parliament and the Council of the European Union}, The},
    title = {{Does My Company/Organisation Need to Have a Data Protection Officer (DPO)?}},
    note = {\url{https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/obligations/data-protection-officers/does-my-company-organisation-need-have-data-protection-officer-dpo_en}, as of \today},
    month = mar,
    year = {2022}
}

% Approved all correctt
@article{ey-11-understanding-risks,
    author = {Ey, Lesley-Anne and Cupit, C. Glenn},
    title = {{Exploring Young Children's Understanding of Risks Associated with Internet Usage and Their Concepts of Management Strategies}},
    journal = {Journal of Early Childhood Research},
    year = {2011},
    volume = {9},
    number = {1},
    pages = {53--65},
    month = feb,
    publisher = {SAGE Publications}
}

% Approved all correct
@misc{facebook-11-new-2fa,
    author = {{Facebook, Inc.}},
    title = {{A New Suite of Safety Tools}},
    note = {\url{https://www.facebook.com/notes/10160198855746729}, as of \today},
    month = apr,
    year = {2011}
}

% Approved all correct
@misc{facebook-11-trusted-friends,
    author = {{Facebook Security}},
    title = {{Facebook: Introducing Trusted Friends}},
    note = {\url{https://www.facebook.com/notes/facebook-security/national-cybersecurity-awareness-month-updates/10150335022240766/}, as of \today},
    month = oct,
    year = {2011}
}

% Approved all correct
@misc{facebook-13-trusted-contacts,
    author = {{Facebook Security}},
    title = {{Facebook: Introducing Trusted Contacts}},
    note = {\url{https://www.facebook.com/notes/facebook-security/introducing-trusted-contacts/10151362774980766/}, as of \today},
    month = may,
    year = {2013}
}

% Approved all correct
@article{fagan-17-investigation-pw-manager,
    author = {Fagan, Michael and Albayram, Yusuf and Khan, Mohammad Maifi Hasan and Buck, Ross},
    title = {{An Investigation Into Users' Considerations Towards Using Password Managers}},
    journal = {Human-Centric Computing and Information Sciences},
    year = {2017},
    volume = {7},
    number = {1},
    pages = {},
    month = mar,
    publisher = {Springer}
} % Unknown page numbers

% Approved all correct
@inproceedings{fahl-13-clipboard-pw-manager,
    author = {Fahl, Sascha and Harbach, Marian and Oltrogge, Marten and Muders, Thomas and Smith, Matthew},
    title = {{Hey, You, Get Off of My Clipboard: On How Usability Trumps Security in Android Password Managers}},
    booktitle = {Financial Cryptography and Data Security},
    year = {2013},
    series = {FC~'13},
    pages = {144--161},
    address = {Okinawa, Japan},
    month = apr,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{fahl-13-pw-ecological-validity,
    author = {Fahl, Sascha and Harbach, Marian and Acar, Yasemin and Smith, Matthew},
    title = {{On the Ecological Validity of a Password Study}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2013},
    series = {SOUPS~'13},
    pages = {13:1--13:13},
    address = {Newcastle, United Kingdom},
    month = jul,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{farke-20-fido2,
    author = {Farke, Florian M. and Lorenz, Lennart and Schnitzler, Theodor and Markert, Philipp and D\"urmuth, Markus},
    title = {{``You still use the password after all'' -- Exploring FIDO2 Security Keys in a Small Company}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2020},
    series = {SOUPS~'20},
    pages = {19--35},
    address = {Virtual Conference},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{farke-21-my-activity,
    author = {Farke, Florian M. and Balash, David G. and Golla, Maximilian and D\"{u}rmuth, Markus and Aviv, Adam J.},
    title = {{Are Privacy Dashboards Good for End Users? Evaluating User Perceptions and Reactions to Google's My Activity}},
    booktitle = {USENIX Security Symposium},
    year = {2021},
    series = {SSYM~'21},
    pages = {483--500},
    address = {Virtual Conference},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{feal-20-angel-or-devil,
    author = {Feal, \'{A}lvaro and Calciati, Paolo and Vallina-Rodriguez, Narseo and Troncoso, Carmela and Gorla, Alessandra},
    title = {{Angel or Devil? A Privacy Study of Mobile Parental Control Apps}},
    booktitle = {Privacy Enhancing Technologies Symposium},
    year = {2020},
    series = {PETS~'20},
    pages = {314--335},
    address = {Virtual Conference},
    month = jul,
    publisher = {Sciendo}
}

% Approved all correct
@inproceedings{felt-12-android-permissions,
    author = {Felt, Adrienne Porter and Ha, Elizabeth and Egelman, Serge and Haney, Ariel and Chin, Erika and Wagner, David},
    title = {{Android Permissions: User Attention, Comprehension, and Behavior}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2012},
    series = {SOUPS~'12},
    pages = {3:1--3:14},
    address = {Washington, District of Columbia, USA},
    month = jul,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{felt-14-experimenting-ssl,
    author = {Felt, Adrienne Porter and Reeder, Robert W. and Almuhimedi, Hazim and Consolvo, Sunny},
    title = {{Experimenting at Scale with Google Chrome's SSL Warning}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2014},
    series = {CHI~'14},
    pages = {2667--2670},
    address = {Toronto, Ontario, Canada},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{felt-15-ssl-warnings,
    author = {Felt, Adrienne Porter and Ainslie, Alex and Reeder, Robert W. and Consolvo, Sunny and Thyagaraja, Somas and Bettes, Alan and Harris, Helen and Grimes, Jeff},
    title = {{Improving SSL Warnings: Comprehension and Adherence}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2015},
    series = {CHI~'15},
    pages = {2893--2902},
    address = {Seoul, Republic of Korea},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@misc{fey-18-1password-watchtower,
    author = {Fey, Michael},
    title = {{Watchtower Notifications: Timely Security Alerts for the Websites You Use}},
    note = {\url{https://blog.1password.com/announcing-watchtower-notifications/}, as of \today},
    month = jul,
    year = {2020}
}

% Approved all correct
@inproceedings{fischer-huebner-16-priv-dashboard,
    author = {Fischer-H\"ubner, Simone and Angulo, Julio and Karegar, Farzaneh and Pulls, Tobias},
    title = {{Transparency, Privacy and Trust -- Technology for Tracking and Controlling My Data Disclosures: Does This Work?}},
    booktitle = {IFIP International Conference on Trust Management},
    year = {2016},
    series = {IFIP~TM~'16},
    pages = {3--14},
    address = {Darmstadt, Germany},
    month = jul,
    publisher = {IFIP}
}

% Approved all correct
@inproceedings{florencio-07-web-passwords,
    author = {Flor\^{e}ncio, Dinei and Herley, Cormac},
    title = {{A Large-scale Study of Web Password Habits}},
    booktitle = {The World Wide Web Conference},
    year = {2007},
    series = {WWW~'07},
    pages = {657--666},
    address = {Banff, Alberta, Canada},
    month = may,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{florencio-10-policies,
    author = {Flor\^{e}ncio, Dinei and Herley, Cormac},
    title = {{Where Do Security Policies Come From?}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2010},
    series = {SOUPS~'10},
    pages = {10:1--10:14},
    address = {Redmond, Washington, USA},
    month = jul,
    publisher = {ACM}
}

% Approved all correct
@article{florencio-12-pw-stealing,
    author = {Flor\^{e}ncio, Dinei and Herley, Cormac},
    title = {{Is Everything We Know about Password Stealing Wrong?}},
    journal = {IEEE Security \& Privacy},
    year = {2012},
    volume = {10},
    number = {6},
    pages = {63--69},
    month = nov,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{florencio-14-finite-effort,
    author = {Flor\^{e}ncio, Dinei and Herley, Cormac and Van Oorschot, Paul C.},
    title = {{Password Portfolios and the Finite-Effort User: Sustainably Managing Large Numbers of Accounts}},
    booktitle = {USENIX Security Symposium},
    year = {2014},
    series = {SSYM~'14},
    pages = {575--590},
    address = {San Diego, California, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{florencio-14-blacklist,
    author = {Flor\^{e}ncio, Dinei and Herley, Cormac and Van Oorschot, Paul C.},
    title = {{An Administrator's Guide to Internet Password Research}},
    booktitle = {Large Installation System Administration Conference},
    year = {2014},
    series = {LISA~'14},
    pages = {44--61},
    address = {Seattle, Washington, USA},
    month = nov,
    publisher = {USENIX}
}

% Approved all correct
@article{florencio-16-chasm,
    author = {Flor\^{e}ncio, Dinei and Herley, Cormac and Van Oorschot, Paul C.},
    title = {{Pushing on String: The ``Don't Care'' Region of Password Strength}},
    journal = {Communications of the ACM},
    year = {2016},
    volume = {59},
    number = {11},
    pages = {66--74},
    month = oct,
    publisher = {ACM}
}

% Approved all correct
@article{foo-00-help-desk,
    author = {Foo, Schubert and Hui, Siu Cheung and Leong, Peng Chor and Liu, Shigong},
    title = {{An Integrated Help Desk Support for Customer Services Over the World Wide Web -- A Case Study}},
    journal = {Computers in Industry},
    year = {2000},
    volume = {41},
    number = {2},
    pages = {129--145},
    month = mar,
    publisher = {Elsevier}
}

% Approved all correct
@inproceedings{forget-08-persuasion,
    author = {Forget, Alain and Chiasson, Sonia and Van Oorschot, Paul C. and Biddle, Robert},
    title = {{Improving Text Passwords Through Persuasion}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2008},
    series = {SOUPS~'08},
    pages = {13--23},
    address = {Pittsburgh, Pennsylvania, USA},
    month = jul,
    publisher = {ACM}
}

% Approved all correct
@misc{franceschi-16-linkedin-surface-web,
    author = {Franceschi-Bicchierai, Lorenzo},
    title = {{Another Day, Another Hack: 117 Million LinkedIn Emails and Passwords}},
    note = {\url{https://www.vice.com/en/article/78kk4z/another-day-another-hack-117-million-linkedin-emails-and-password}, as of \today},
    month = may,
    year = {2016}
}

% Approved all correct
@misc{franceschi-16-myspace-leak-torrent,
    author = {Franceschi-Bicchierai, Lorenzo},
    title = {{You Can Now Look Up Your Terrible 2006 Myspace Password}},
    note = {\url{https://www.vice.com/en/article/qkj3n7/myspace-data-breach-427-million-passwords-available-online}, as of \today},
    month = jun,
    year = {2016}
}

% Approved all correct
@inproceedings{freeman-16-risk-based-auth,
    author = {Freeman, David Mandell and Jain, Sakshi and D\"{u}rmuth, Markus and Biggio, Battista and Giacinto, Giorgio},
    title = {{Who Are You? A Statistical Approach to Measuring User Authenticity}},
    booktitle = {Symposium on Network and Distributed System Security},
    year = {2016},
    series = {NDSS~'16},
    pages = {},
    address = {San Diego, California, USA},
    month = feb,
    publisher = {ISOC}
} % NDSS does not have page numbers

% Approved all correct
@inproceedings{frik-19-promise,
    author = {Frik, Alisa and Malkin, Nathan and Harbach, Marian and Peer, Eyal and Egelman, Serge},
    title = {{A Promise Is A Promise: The Effect of Commitment Devices on Computer Security Intentions}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2019},
    series = {CHI~'19},
    pages = {604:1--604:12},
    address = {Glasgow, Scotland, United Kingdom},
    month = may,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{frik-19-old-adults,
    author = {Frik, Alisa and Nurgalieva, Leysan and Bernd, Julia and Lee, Joyce S. and Schaub, Florian and Egelman, Serge},
    title = {{Privacy and Security Threat Models and Mitigation Strategies of Older Adults}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2019},
    series = {SOUPS~'19},
    pages = {21--40},
    address = {Santa Clara, California, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@misc{ftc-98-coppa,
    author = {{Federal Trade Commission}},
    title = {{Children's Online Privacy Protection Rule (``COPPA'')}},
    note = {\url{https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule}, as of \today},
    month = oct,
    year = {1998}
}

% Approved all correct
@misc{ftc-17-coppa-in-six-steps,
    author = {{Federal Trade Commission}},
    title = {{Children's Online Privacy Protection Rule: A Six-Step Compliance Plan for Your Business}},
    note = {\url{https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule}, as of \today},
    month = jun,
    year = {2017}
}

% Approved all correct
@article{garfinkel-03-email,
    author = {Garfinkel, Simson L.},
    title = {{Email-Based Identification and Authentication: An Alternative to PKI?}},
    journal = {IEEE Security \& Privacy},
    year = {2003},
    volume = {1},
    number = {6},
    pages = {20--26},
    month = nov,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{garg-12-online-risk,
    author = {Garg, Vaibhav and Camp, Jean},
    title = {{End User Perception of Online Risk under Uncertainty}},
    booktitle = {Hawaii International Conference on System Sciences},
    year = {2012},
    series = {HICSS~'12},
    pages = {3278--3287},
    address = {Maui, Hawaii, USA},
    month = jan,
    publisher = {IEEE}
}

% Approved all correct
@misc{gartenberg-18-ios-blacklist-kanye-west,
    author = {Gartenberg, Chaim},
    title = {{Kanye West's iPhone Passcode is 000000}},
    note = {\url{https://www.theverge.com/tldr/2018/10/11/17964848/kanye-west-iphone-passcode-trump-iplane-apple-meeting}, as of \today},
    month = oct,
    year = {2018}
}

% Approved all correct
@inproceedings{gasti-12-vault-encryption,
    author = {Gasti, Paolo and Rasmussen, Kasper B.},
    title = {{On the Security of Password Manager Database Formats}},
    booktitle = {European Symposium on Research in Computer Security},
    year = {2012},
    series = {ESORICS~'12},
    pages = {770--787},
    address = {Pisa, Italy},
    month = sep,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{gaw-06-pw-management,
    author = {Gaw, Shirley and Felten, Edward W.},
    title = {{Password Management Strategies for Online Accounts}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2006},
    series = {SOUPS~'06},
    pages = {44--55},
    address = {Pittsburgh, Pennsylvania, USA},
    month = jul,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{gelernter-17-reset-mitm,
    author = {Gelernter, Nethanel and Kalma, Senia and Magnezi, Bar and Porcilan, Hen},
    title = {{The Password Reset MitM Attack}},
    booktitle = {IEEE Symposium on Security and Privacy},
    year = {2017},
    series = {SP~'17},
    pages = {251--267},
    address = {San Jose, California, USA},
    month = may,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{george-17-seamless-secure,
    author = {George, Ceenu and Khamis, Mohamed and von~Zezschwitz, Emanuel and Schmidt, Henri and Burger, Marinus and Alt, Florian and Hu{\ss}mann, Heinrich},
    title = {{Seamless and Secure VR: Adapting and Evaluating Established Authentication Systems for Virtual Reality}},
    booktitle = {Workshop on Usable Security},
    year = {2017},
    series = {USEC~'17},
    pages = {},
    address = {San Diego, California, USA},
    month = feb,
    publisher = {ISOC}
} % USEC does not have page numbers

% Approved all correct
@misc{germany-07-hackerparagraph,
    author = {{German Federal Ministry of Justice}},
    title = {{StGB 202c: Acts Preparatory to Data Espionage and Phishing}},
    note = {\url{https://www.gesetze-im-internet.de/englisch_stgb/englisch_stgb.html\#p1880}, as of \today},
    month = may,
    year = {2007}
}

% Approved all correct
@inproceedings{gluck-16-short-notices,
    author = {Gluck, Joshua and Schaub, Florian and Friedman, Amy and Habib, Hana and Sadeh, Norman and Cranor, Lorrie Faith and Agarwal, Yuvraj},
    title = {{How Short Is Too Short? Implications of Length and Framing on the Effectiveness of Privacy Notices}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2016},
    series = {SOUPS~'16},
    pages = {321--340},
    address = {Denver, Colorado, USA},
    month = jul,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{golla-15-ashley-pkq,
    author = {Golla, Maximilian and D\"{u}rmuth, Markus},
    title = {{Analyzing 4 Million Real-World Personal Knowledge Questions (Short Paper)}},
    booktitle = {International Conference on Passwords},
    year = {2015},
    series = {PASSWORDS~'15},
    pages = {39--44},
    address = {Cambridge, United Kingdom},
    month = dec,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{golla-16-adaptive-nle,
    author = {Golla, Maximilian and Beuscher, Benedict and D\"{u}rmuth, Markus},
    title = {{On the Security of Cracking-Resistant Password Vaults}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2016},
    series = {CCS~'16},
    pages = {1230--1241},
    address = {Vienna, Austria},
    month = oct,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{golla-17-emojiauth,
    author = {Golla, Maximilian and Detering, Dennis and D\"{u}rmuth, Markus},
    title = {{EmojiAuth: Quantifying the Security of Emoji-based Authentication}},
    booktitle = {Workshop on Usable Security},
    year = {2017},
    series = {USEC~'17},
    pages = {},
    address = {San Diego, California, USA},
    month = feb,
    publisher = {ISOC}
} % NDSS does not have page numbers

% Approved all correct
@inproceedings{golla-17-financially,
    author = {Golla, Maximilian and Bailey, Daniel V. and D\"{u}rmuth, Markus},
    title = {{``I want my money back!'' Limiting Online Password-Guessing Financially}},
    booktitle = {Who Are You?! Adventures in Authentication Workshop},
    year = {2017},
    series = {WAY~'17},
    pages = {},
    address = {Santa Clara, California, USA},
    month = jul,
    publisher = {USENIX}
} % Posters don't have page numbers

% Approved all correct
@inproceedings{golla-18-gamification,
    author = {Golla, Maximilian and Hahn, Bj\"{o}rn and Meyer zu Selhausen, Karsten and Hosseini, Henry and D\"{u}rmuth, Markus},
    title = {{Bars, Badges, and High Scores: On the Impact of Password Strength Visualizations}},
    booktitle = {Who Are You?! Adventures in Authentication Workshop},
    year = {2018},
    series = {WAY~'18},
    pages = {},
    address = {Baltimore, Maryland, USA},
    month = aug,
    publisher = {USENIX}
} % There are no page numbers for this WAY

% Approved all correct
@inproceedings{golla-18-rate-limiting,
    author = {Golla, Maximilian and Schnitzler, Theodor and D\"{u}rmuth, Markus},
    title = {{``Will Any Password Do?'' Exploring Rate-Limiting on the Web}},
    booktitle = {Who Are You?! Adventures in Authentication Workshop},
    year = {2018},
    series = {WAY~'18},
    pages = {},
    address = {Baltimore, Maryland, USA},
    month = aug,
    publisher = {USENIX}
} % There are no page numbers for this WAY

% Approved all correct
@inproceedings{golla-18-reuse-notification,
    author = {Golla, Maximilian and Wei, Miranda and Hainline, Juliette and Filipe, Lydia and D\"{u}rmuth, Markus and Redmiles, Elissa and Ur, Blase},
    title = {{``What was that site doing with my Facebook password?'' Designing Password-Reuse Notifications}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2018},
    series = {CCS~'18},
    pages = {1549--1566},
    address = {Toronto, Ontario, Canada},
    month = oct,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{golla-18-psm,
    author = {Golla, Maximilian and D\"{u}rmuth, Markus},
    title = {{On the Accuracy of Password Strength Meters}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2018},
    series = {CCS~'18},
    pages = {1567--1582},
    address = {Toronto, Ontario, Canada},
    month = oct,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{golla-19-pattern-meter-wip,
    author = {Golla, Maximilian and Rimkus, Jan and Aviv, Adam J. and D\"{u}rmuth, Markus},
    title = {{Work in Progress: On the In-Accuracy and Influence of Android Pattern Strength Meters}},
    booktitle = {Workshop on Usable Security and Privacy},
    year = {2019},
    series = {USEC~'19},
    pages = {},
    address = {San Diego, California, USA},
    month = feb,
    publisher = {ISOC}
} % NDSS does not have page numbers

% Approved all correct
@phdthesis{golla-19-thesis,
    author = {Golla, Maximilian},
    title = {{On the Usability and Security of Password-Based User Authentication}},
    school = {Ruhr University Bochum},
    year = {2019}
}

% Approved all correct
@inproceedings{golla-21-2fa-adoption,
    author = {Golla, Maximilian and Ho, Grant and Lohmus, Marika and Pulluri, Monica and Redmiles, Elissa M.},
    title = {{Driving 2FA Adoption at Scale: Optimizing Two-Factor Authentication Notification Design Patterns}},
    booktitle = {USENIX Security Symposium},
    year = {2021},
    series = {SSYM~'21},
    pages = {109--126},
    address = {Virtual Conference},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@article{gonzalez-13-autofill,
    author = {Gonzalez, Raul and Chen, Eric Yawei and Jackson, Collin},
    title = {{Automated Password Extraction Attack on Modern Password Managers}},
    journal = {CoRR},
    year = {2013},
    volume = {abs/1309.1416},
    number = {},
    pages = {1--7},
    month = sep
} % This paper later became silver-14-pw-manager

% Approved all correct
@misc{goodin-15-ashley-madison,
    author = {Goodin, Dan},
    title = {{Once Seen as Bulletproof, 11 Million+ Ashley Madison Passwords Already Cracked}},
    note = {\url{https://arstechnica.com/information-technology/2015/09/once-seen-as-bulletproof-11-million-ashley-madison-passwords-already-cracked/}, as of \today},
    month = sep,
    year = {2015}
}

% Approved all correct
@misc{goodin-16-linkedin-bigger,
    author = {Goodin, Dan},
    title = {{Then There Were 117 Million. LinkedIn Password Breach Much Bigger than Thought}},
    note = {\url{https://arstechnica.com/information-technology/2016/05/then-there-were-117-million-linkedin-password-breach-much-bigger-than-thought/}, as of \today},
    month = may,
    year = {2016}
}

% Approved all correct
@misc{goodin-17-ss7-attacks,
    author = {Goodin, Dan},
    title = {{Thieves Drain 2FA-Protected Bank Accounts by Abusing SS7 Routing Protocol}},
    note = {\url{https://arstechnica.com/information-technology/2017/05/thieves-drain-2fa-protected-bank-accounts-by-abusing-ss7-routing-protocol/}, as of \today},
    month = may,
    year = {2017}
}

% Approved all correct
@misc{google-20-report-phishing,
    author = {{Google, Inc.}},
    title = {{Safe Browsing: Malware and Phishing}},
    note = {\url{https://transparencyreport.google.com/safe-browsing/overview?hl=en}, as of \today},
    month = may,
    year = {2020}
}

% Approved all correct
@inproceedings{gorski-20-pd-for-crypto-apis,
    author = {Gorski, Peter Leo and Acar, Yasemin and Lo Iacono, Luigi and Fahl, Sascha},
    title = {{Listen to Developers! A Participatory Design Study on Security Warnings for Cryptographic APIs}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2020},
    series = {CHI~'20},
    pages = {1--13},
    address = {Honolulu, Hawaii, USA},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@misc{gosney-16-linkedin-sha1,
    author = {Gosney (``epixoip''), Jeremi M.},
    title = {{How LinkedIn's Password Sloppiness Hurts Us All}},
    note = {\url{https://arstechnica.com/information-technology/2016/06/how-linkedins-password-sloppiness-hurts-us-all/}, as of \today},
    month = jun,
    year = {2016}
}

% Approved all correct
@misc{gosney-17-hashcat-speed,
    author = {Gosney (``epixoip''), Jeremi M.},
    title = {{Nvidia GTX 1080 Ti Hashcat Benchmarks}},
    note = {\url{https://gist.github.com/epixoip/ace60d09981be09544fdd35005051505}, as of \today},
    month = apr,
    year = {2017}
}

% Approved all correct
@article{grady-10-irbs-do-not-protect,
    author = {Grady, Christine},
    title = {{Do IRBs Protect Human Research Participants?}},
    journal = {Journal of the American Medical Association},
    year = {2010},
    volume = {304},
    number = {10},
    pages = {1122--1123},
    month = sep,
    publisher = {AMA}
}

% Approved all correct
@inproceedings{gray-18-dark-pattern,
    author = {Gray, Colin M. and Kou, Yubo and Battles, Bryan and Hoggatt, Joseph and Toombs, Austin L.},
    title = {{The Dark (Patterns) Side of UX Design}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2018},
    series = {CHI~'18},
    pages = {534:1--534:14},
    address = {Montreal, Quebec, Canada},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{greene-14-cant-type-that,
    author = {Greene, Kristen K. and Gallagher, Melissa A. and Stanton, Brian C. and Lee, Paul Y.},
    title = {{I Can't Type That! P@\$\$w0rd Entry on Mobile Devices}},
    booktitle = {Human Aspects of Information Security, Privacy, and Trust},
    year = {2014},
    series = {HAS~'14},
    pages = {160--171},
    address = {Heraklion, Greece},
    month = jun,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{griffith-05-messin-texas,
    author = {Griffith, Virgil and Jakobsson, Markus},
    title = {{Messin' with Texas: Deriving Mother's Maiden Names Using Public Records}},
    booktitle = {Applied Cryptography and Network Security},
    year = {2005},
    series = {ACNS~'05},
    pages = {91--103},
    address = {New York, New York, USA},
    month = jun,
    publisher = {Springer}
}

% Approved all correct
@article{grosse-13-auth-scale,
    author = {Grosse, Eric and Upadhyay, Mayank},
    title = {{Authentication at Scale}},
    journal = {IEEE Security \& Privacy},
    year = {2013},
    volume = {11},
    number = {1},
    pages = {15--22},
    month = jan,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{gruber-22-digital-daycare,
    author = {Gruber, Moritz and H\"{o}fig, Christian and Golla, Maximilian and Urban, Tobias and Gro{\ss}e-Kampmann, Matteo},
    title = {{``We may share the number of diaper changes'': A Privacy and Security Analysis of Mobile Child Care Applications}},
    booktitle = {Privacy Enhancing Technologies Symposium},
    year = {2022},
    series = {PETS~'22},
    pages = {394--414},
    address = {Sydney, Australia},
    month = jul,
    publisher = {Sciendo}
}

% Approved all correct
@article{guo-18-lpse,
    author = {Guo, Yimin and Zhang, Zhenfeng},
    title = {{LPSE: Lightweight Password-Strength Estimation for Password Meters}},
    journal = {Computers \& Security},
    year = {2018},
    volume = {73},
    number = {},
    pages = {507--518},
    month = mar,
    publisher = {Elsevier}
}

% Approved all correct
@article{gutmann-15-nudging-account-holders,
    author = {Gutmann, Andreas and Renaud, Karen and Volkamer, Melanie},
    title = {{Nudging Bank Account Holders Towards More Secure PIN Management}},
    journal = {Journal of Internet Technology and Secured Transactions},
    year = {2015},
    volume = {4},
    number = {2},
    pages = {380--386},
    month = jun,
    publisher = {Elsevier}
}

% Approved all correct
@inproceedings{gutmann-16-memorable-and-secure,
    author = {Gutmann, Andreas and  Volkamer, Melanie and Renaud, Karen},
    title = {{Memorable And Secure: How Do You Choose Your PIN?}},
    booktitle = {International Symposium on Human Aspects of Information Security \& Assurance},
    year = {2016},
    series = {HAISA~'16},
    pages = {156--166},
    address = {Frankfurt, Germany},
    month = jul,
    publisher = {University of Plymouth}
}

% Approved all correct
@inproceedings{gutmann-19-autofill,
    author = {Gutmann, Andreas and Murdoch, Steven J.},
    title = {{Taken Out of Context: Security Risks with Security Code AutoFill in iOS \& macOS}},
    booktitle = {Who Are You?! Adventures in Authentication Workshop},
    year = {2019},
    series = {WAY~'19},
    pages = {1--6},
    address = {Santa Clara, California, USA},
    month = aug,
    publisher = {}
} % No publisher

% Approved all correct
@inproceedings{habib-17-blacklist,
    author = {Habib, Hana and Colnago, Jessica and Melicher, William and Ur, Blase and Segreti, Sean M. and Bauer, Lujo and Christin, Nicolas and Cranor, Lorrie Faith},
    title = {{Password Creation in the Presence of Blacklists}},
    booktitle = {Workshop on Usable Security},
    year = {2017},
    series = {USEC~'17},
    pages = {},
    address = {San Diego, California, USA},
    month = feb,
    publisher = {ISOC}
} % USEC does not have page numbers

% Approved all correct
@inproceedings{habib-18-expiration,
    author = {Habib, Hana and Naeini, Pardis Emami and Devlin, Summer and Oates, Maggie and Swoopes, Chelse and Bauer, Lujo and Christin, Nicolas and Cranor, Lorrie Faith},
    title = {{User Behaviors and Attitudes Under Password Expiration Policies}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2018},
    series = {SOUPS~'18},
    pages = {13--30},
    address = {Baltimore, Maryland, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{habib-19-opt-out,
    author = {Habib, Hana and Zou, Yixin and Jannu, Aditi and Sridhar, Neha and Swoopes, Chelse and Acquisti, Alessandro and Cranor, Lorrie Faith and Sadeh, Norman and Schaub, Florian},
    title = {{An Empirical Analysis of Data Deletion and Opt-out Choices on 150 Websites}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2019},
    series = {SOUPS~'19},
    pages = {387--406},
    address = {Santa Clara, California, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{habib-20-scavenger-hunt,
    author = {Habib, Hana and Pearman, Sarah and Wang, Jiamin and Zou, Yixin and Acquisti, Alessandro and Cranor, Lorrie Faith and Sadeh, Norman and Schaub, Florian},
    title = {{``It's a Scavenger Hunt'': Usability of Websites' Opt-Out and Data Deletion Choices}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2020},
    series = {CHI~'20},
    pages = {1--12},
    address = {Honolulu, Hawaii, USA},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@misc{hackett-15-yahoo-kill-password,
    author = {Hackett, Robert},
    title = {{Yahoo: Sayonara, Passwords}},
    note = {\url{http://fortune.com/2015/10/16/yahoo-password-security/}, as of \today},
    month = oct,
    year = {2015}
}

% Approved all correct
@inproceedings{halevi-13-traits,
    author = {Halevi, Tzipora and Lewis, James and Memon, Nasir},
    title = {{A Pilot Study of Cyber Security and Privacy Related Behavior and Personality Traits}},
    booktitle = {The World Wide Web Conference},
    year = {2013},
    series = {WWW~'13},
    pages = {737--744},
    address = {Rio de Janeiro, Brazil},
    month = may,
    publisher = {ACM}
}

% Approved all correct
@article{han-18-shadow-attacks,
    author = {Han, Weili and Li, Zhigong and Ni, Minyue and Gu, Guofei and Xu,Wenyuan},
    title = {{Shadow Attacks Based on Password Reuses: A Quantitative Empirical Analysis}},
    journal = {IEEE Transactions on Dependable and Secure Computing},
    year = {2018},
    volume = {15},
    number = {2},
    pages = {309--320},
    month = apr,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{hanamsagar-18-bad-pw-habits,
    author = {Hanamsagar, Ameya and Woo, Simon S. and Kanich, Chris and Mirkovic, Jelena},
    title = {{Leveraging Semantic Transformation to Investigate Password Habits and Their Causes}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2018},
    series = {CHI~'18},
    pages = {570:1--570:12},
    address = {Montreal, Quebec, Canada},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{haney-18-its-dull,
    author = {Haney, Julie M. and Lutters, Wayne G.},
    title = {{``It's Scary{\textellipsis}It's Confusing{\textellipsis}It's Dull'': How Cybersecurity Advocates Overcome Negative Perceptions of Security}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2018},
    series = {SOUPS~'18},
    pages = {411--425},
    address = {Baltimore, Maryland, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{hang-15-location-pkq,
    author = {Hang, Alina and De Luca, Alexander and Smith, Matthew and Richter, Michael and Hussmann, Heinrich},
    title = {{Where Have You Been? Using Location-Based Security Questions for Fallback Authentication}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2015},
    series = {SOUPS~'15},
    pages = {169--183},
    address = {Ottawa, Canada},
    month = jul,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{hanson-20-hyper-personalize,
    author = {Hanson, Julia and Wei, Miranda and Veys, Sophie and Kugler, Matthew and Strahilevitz, Lior and Ur, Blase},
    title = {{Taking Data Out of Context to Hyper-Personalize Ads: Crowdworkers' Privacy Perceptions and Decisions to Disclose Private Information}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2020},
    series = {CHI~'20},
    pages = {1--13},
    address = {Honolulu, Hawaii, USA},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@article{hanus-16-desktop-security,
    author = {Hanus, Bartlomiej and Wu, Yu ``Andy''},
    title = {{Impact of Users' Security Awareness on Desktop Security Behavior: A Protection Motivation Theory Perspective}},
    journal = {Information Systems Management},
    year = {2016},
    volume = {33},
    number = {1},
    pages = {2--16},
    month = jan,
    publisher = {Taylor \& Francis}
}

% Approved all correct
@article{hao-11-jpake,
    author = {Hao, Feng and Ryan, Peter},
    title = {{J-PAKE: Authenticated Key Exchange without PKI}},
    journal = {Transactions on Computational Science XI: Special Issue on Security in Computing, Part II},
    year = {2011},
    volume = {6480},
    number = {},
    pages = {192--206},
    month = jan,
    publisher = {Springer}
} % This is actually not an article but an InBook

% Approved all correct
@inproceedings{hao-11-firefox-sync,
    author = {Hao, Feng and Ryan, Peter Y. A.},
    title = {{How to Sync with Alice}},
    booktitle = {International Workshop on Security Protocols},
    year = {2011},
    series = {Security~Protocols~'11},
    pages = {170--178},
    address = {Cambridge, United Kingdom},
    month = mar,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{haque-13-strategy-multiple-acc,
    author = {Haque, S.M. Taiabul and Wright, Matthew and Scielzo, Shannon},
    title = {{A Study of User Password Strategy for Multiple Accounts}},
    booktitle = {ACM Conference on Data and Application Security and Privacy},
    year = {2013},
    series = {CODASPY~'13},
    pages = {173--176},
    address = {San Antonio, Texas, USA},
    month = feb,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{harbach-13-warning-text,
    author = {Harbach, Marian and Fahl, Sascha and Yakovleva, Polina and Smith, Matthew},
    title = {{Sorry, I Don't Get It: An Analysis of Warning Message Texts}},
    booktitle = {Financial Cryptography and Data Security},
    year = {2013},
    series = {FC~'13},
    pages = {94--111},
    address = {Okinawa, Japan},
    month = apr,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{harbach-14-hard-lock-life,
    author = {Harbach, Marian and {von Zezschwitz}, Emanuel and Fichtner, Andreas and De Luca, Alexander and Smith, Matthew},
    title = {{It's a Hard Lock Life: A Field Study of Smartphone (Un)Locking Behavior and Risk Perception}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2014},
    series = {SOUPS~'14},
    pages = {213--230},
    address = {Menlo Park, California, USA},
    month = jul,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{harbach-16-keep-on,
    author = {Harbach, Marian and De Luca, Alexander and Malkin, Nathan and Egelman, Serge},
    title = {{Keep on Lockin' in the Free World: A Multi-National Comparison of Smartphone Locking}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2016},
    series = {CHI~'16},
    pages = {4823--4827},
    address = {San Jose, California, USA},
    month = may,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{harbach-16-the-anatomy,
    author = {Harbach, Marian and De Luca, Alexander and Egelman, Serge},
    title = {{The Anatomy of Smartphone Unlocking: A Field Study of Android Lock Screens}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2016},
    series = {CHI~'16},
    pages = {4806--4817},
    address = {San Jose, California, USA},
    month = may,
    publisher = {ACM}
}

% Approved all correct
@article{hargittai-12-web-use,
    author = {Hargittai, Eszter and Hsieh, Yuli Patrick},
    title = {{Succinct Survey Measures of Web-Use Skills}},
    journal = {Social Science Computer Review},
    year = {2012},
    volume = {30},
    number = {1},
    pages = {95--107},
    month = feb,
    publisher = {SAGE}
}

% Approved all correct
@inproceedings{harkous-18-polisis,
    author = {Harkous, Hamza and Fawaz, Kassem and Lebret, R{\'e}mi and Schaub, Florian and Shin, Kang G. and Aberer, Karl},
    title = {{Polisis: Automated Analysis and Presentation of Privacy Policies Using Deep Learning}},
    booktitle = {USENIX Security Symposium},
    year = {2018},
    series = {SSYM~'18},
    pages = {531--548},
    address = {Baltimore, Maryland, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@article{harshaa-21-bicycle-attacks,
    author = {Harshaa, Benjamin and Mortona, Robert and Blocki, Jeremiah and Springer, John and Dark, Melissa},
    title = {{Bicycle Attacks Considered Harmful: Quantifying the Damage of Widespread Password Length Leakage}},
    journal = {Computers \& Security},
    year = {2021},
    volume = {100},
    number = {1},
    pages = {233--249},
    month = jan,
    publisher = {Elsevier}
}

% Approved all correct
@article{hassanzadeh-21-perception-breaches,
    author = {Hassanzadeh, Zahra and Biddle, Robert and Marsen, Sky},
    title = {{User Perception of Data Breaches}},
    journal = {IEEE Transactions on Professional Communication},
    year = {2021},
    volume = {64},
    number = {4},
    pages = {374--389},
    month = dec,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{hayashi-08-illusion,
    author = {Hayashi, Eiji and Dhamija, Rachna and Christin, Nicolas and Perrig, Adrian},
    title = {{Use Your Illusion: Secure Authentication Usable Anywhere}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2008},
    series = {SOUPS~'08},
    pages = {35--45},
    address = {Pittsburgh, Pennsylvania, USA},
    month = jul,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{hayashi-11-diary-password,
    author = {Hayashi, Eiji and Hong, Jason},
    title = {{A Diary Study of Password Usage in Daily Life}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2011},
    series = {CHI~'11},
    pages = {2627--2630},
    address = {Vancouver, British Columbia, Canada},
    month = may,
    publisher = {ACM}
}

% Approved all correct
@techreport{haynes-12-randomised-trials,
    author = {Haynes, Laura and Service, Owain and Goldacre, Ben and Torgerson, David},
    title = {{Test, Learn, Adapt: Developing Public Policy with Randomised Controlled Trials}},
    institution = {Cabinet Office (UK) -- Behavioural Insights Team},
    year = {2012},
    type = {Technical Report},
    number = {TLA-1906126},
    month = jun
}

% Approved all correct
@inproceedings{he-18-iot-access-control,
    author = {He, Weijia and Golla, Maximilian and Padhi, Roshni and Ofek, Jordan and D\"{u}rmuth, Markus and Fernandes, Earlence and Ur, Blase},
    title = {{Rethinking Access Control and Authentication for the Home Internet of Things (IoT)}},
    booktitle = {USENIX Security Symposium},
    year = {2018},
    series = {SSYM~'18},
    pages = {255--272},
    address = {Baltimore, Maryland, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{heiderich-13-mxss,
    author = {Heiderich, Mario and Schwenk, J{\"o}rg and Frosch, Tilman and Magazinius, Jonas and Yang, Edward Z.},
    title = {{mXSS Attacks: Attacking Well-Secured Web-Applications by Using innerHTML Mutations}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2013},
    series = {CCS~'13},
    pages = {777--788},
    address = {Berlin, Germany},
    month = nov,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{heidt-16-pattern-psm-comparison,
    author = {Heidt, Susanna and Aviv, Adam J.},
    title = {{Poster: Refining Graphical Password Strength Meters for Android Phones}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2015},
    series = {SOUPS~'15},
    pages = {},
    address = {Ottawa, Ontario, Canada},
    month = jul,
    publisher = {USENIX}
} % No page numbers for posters

% Approved all correct
@misc{helft-09-google-personalized-ads,
    author = {Helft, Miguel},
    title = {{Google to Offer Ads Based on Interests}},
    note = {\url{https://www.nytimes.com/2009/03/11/technology/internet/11google.html}, as of \today},
    month = mar,
    year = {2009}
}

% Approved all correct
@inproceedings{herder-20-privacy-dashboard,
    author = {Herder, Eelco and van Maaren, Olaf},
    title = {{Privacy Dashboards: The Impact of the Type of Personal Data and User Control on Trust and Perceived Risk}},
    booktitle = {ACM Conference on User Modeling, Adaptation and Personalization},
    year = {2020},
    series = {UMAP~'20},
    pages = {169--174},
    address = {Virtual Conference},
    month = jul,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{herley-09-rejecting-advice,
    author = {Herley, Cormac},
    title = {{So Long, and No Thanks for the Externalities: The Rational Rejection of Security Advice by Users}},
    booktitle = {New Security Paradigms Workshop},
    year = {2009},
    series = {NSPW~'09},
    pages = {133--144},
    address = {Oxford, United Kingdom},
    month = sep,
    publisher = {ACM}
}

% Approved all correct
@article{herley-12-pw-persistence,
    author = {Herley, Cormac and Van Oorschot, Paul C.},
    title = {{A Research Agenda Acknowledging the Persistence of Passwords}},
    journal = {IEEE Security \& Privacy},
    year = {2012},
    volume = {10},
    number = {1},
    pages = {28--36},
    month = jan,
    publisher = {IEEE}
}

% Approved all correct
@techreport{herley-18-distinguishing-attacks,
    author = {Herley, Cormac and Schechter, Stuart},
    title = {{Distinguishing Attacks from Legitimate Traffic at an Authentication Server}},
    institution = {Microsoft},
    year = {2018},
    type = {Technical Report},
    number = {MSR-TR-2018-19},
    month = jun
}

% Approved all correct
@inproceedings{herley-19-legitimate,
    author = {Herley, Cormac and Schechter, Stuart},
    title = {{Distinguishing Attacks from Legitimate Authentication Traffic at Scale}},
    booktitle = {Symposium on Network and Distributed System Security},
    year = {2019},
    series = {NDSS~'19},
    pages = {},
    address = {San Diego, California, USA},
    month = feb,
    publisher = {ISOC}
} % NDSS does not have page numbers

% Approved all correct
@misc{hern-16-google-kill-password,
    author = {Hern, Alex},
    title = {{Google Aims to Kill Passwords}},
    note = {\url{https://www.theguardian.com/technology/2016/may/24/google-passwords-android}, as of \today},
    month = may,
    year = {2016}
}

% Approved all correct
@misc{hern-19-facebook-selling-2fa,
    author = {Hern, Alex},
    title = {{Facebook Faces Backlash Over Users' Safety Phone Numbers}},
    note = {\url{https://www.theguardian.com/technology/2019/mar/04/facebook-faces-backlash-over-users-safety-phone-numbers}, as of \today},
    month = mar,
    year = {2019}
}

% Approved all correct
@misc{hhs-78-belmont-report,
    author = {{National Commission for the Protection of Human Subjects of Biomedical and Behavioral Research}},
    title = {{The Belmont Report: Ethical Principles and Guidelines for the Protection of Human Subjects of Research}},
    note = {\url{https://www.hhs.gov/ohrp/regulations-and-policy/belmont-report/index.html}, as of \today},
    month = sep,
    year = {1978}
}

% Approved all correct
@misc{holz-21-hypocrite-trouble,
    author = {Holz, Thorsten and Oprea, Alina},
    title = {{IEEE S\&P '21 Program Committee Statement Regarding the ``Hypocrite Commits'' Paper}},
    note = {\url{https://www.ieee-security.org/TC/SP2021/downloads/2021_PC_Statement.pdf}, as of \today},
    month = may,
    year = {2021}
}

% Approved all correct
@misc{honan-12-epic-hacking,
    author = {Honan, Mat},
    title = {{How Apple and Amazon Security Flaws Led to My Epic Hacking}},
    note = {\url{http://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/}, as of \today},
    month = aug,
    year = {2012}
}

% Approved all correct
@inproceedings{horsch-16-pw-markup,
    author = {Horsch, Moritz and Schlipf, Mario and Braun, Johannes and Buchmann, Johannes},
    title = {{Password Requirements Markup Language}},
    booktitle = {Australasian Conference on Information Security and Privacy},
    year = {2016},
    series = {ACISP~'16},
    pages = {426--439},
    address = {Melbourne, Victoria, Australia},
    month = jul,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{houshmand-12-pcfg-meter,
    author = {Houshmand, Shiva and Aggarwal, Sudhir},
    title = {{Building Better Passwords Using Probabilistic Techniques}},
    booktitle = {Annual Computer Security Applications Conference},
    year = {2012},
    series = {ACSAC~'12},
    pages = {109--118},
    address = {Orlando, Florida, USA},
    month = dec,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{hrebec-01-admin-survey,
    author = {Hrebec, Dennis G. and Stiber, Michael},
    title = {{A Survey of System Administrator Mental Models and Situation Awareness}},
    booktitle = {SIGCPR Conference on Computer Personnel Research},
    year = {2001},
    series = {SIGCPR~'01},
    pages = {166--172},
    address = {San Diego, California, USA},
    month = apr,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{huaman-21-technical-issues,
    author = {Huaman, Nicolas and Amft, Sabrina and Oltrogge, Marten and Acar, Yasemin and Fahl, Sascha},
    title = {{They Would Do Better If They Worked Together: The Case of Interaction Problems between Password Managers and Websites}},
    booktitle = {IEEE Symposium on Security and Privacy},
    year = {2021},
    series = {SP~'21},
    pages = {1367--1381},
    address = {Virtual Conference},
    month = may,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{huang-22-chrome-breach-notification,
    author = {Huang, Yue and Obada-Obieh, Borke and Beznosov, Konstantin},
    title = {{Users' Perceptions of Chrome Compromised Credential Notification}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2022},
    series = {SOUPS~'22},
    pages = {155--174},
    address = {Boston, Massachusetts, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@misc{huber-17-android-manager-vulns,
    author = {Huber, Stephan and Rasthofer, Siegfried and Arzt, Steven},
    title = {{Extracting All Your Secrets: Vulnerabilities in Android Password Managers}},
    note = {\url{https://conference.hitb.org/hitbsecconf2017ams/sessions/extracting-all-your-secrets-vulnerabilities-in-android-password-managers/}, as of \today},
    month = apr,
    year = {2017}
}

% Approved all correct
@inproceedings{huh-15-chunking-pins,
    author = {Huh, Jun Ho and Kim, Hyoungschick and Bobba, Rakesh B. and Bashir, Masooda N. and Beznosov, Konstantin},
    title = {{On the Memorability of System-generated PINs: Can Chunking Help?}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2015},
    series = {SOUPS~'15},
    pages = {197--209},
    address = {Ottawa, Canada},
    month = jul,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{huh-17-linkedin,
    author = {Huh, Jun Ho and Kim, Hyoungshick and Rayala, Swathi S.V.P. and Bobba, Rakesh B. and Beznosov, Konstantin},
    title = {{I'm Too Busy to Reset My LinkedIn Password: On the Effectiveness of Password Reset Emails}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2017},
    series = {CHI~'17},
    pages = {387--391},
    address = {Denver, Colorado, USA},
    month = may,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{huhta-16-pitfall-zebra,
    author = {Huhta, Otto and Udar, Swapnil and Juuti, Mika and Shrestha, Prakash and Saxena, Nitesh and Asokan, N.},
    title = {{Pitfalls in Designing Zero-Effort Deauthentication: Opportunistic Human Observation Attacks}},
    booktitle = {Symposium on Network and Distributed System Security},
    year = {2016},
    series = {NDSS~'16},
    pages = {},
    address = {San Diego, California, USA},
    month = feb,
    publisher = {ISOC}
} % NDSS does not have page numbers

% Approved all correct
@misc{hunt-13-haveibeenpwned,
    author = {Hunt, Troy},
    title = {{\textit{Have I Been Pwned?} -- Check If Your Email Has Been Compromised in a Data Breach}},
    note = {\url{https://haveibeenpwned.com}, as of \today},
    month = dec,
    year = {2013}
}

@misc{hunt-22-pwned-websites,
    author = {Hunt, Troy},
    title = {{\textit{Have I Been Pwned?} -- Pwned Websites}},
    note = {\url{https://haveibeenpwned.com/PwnedWebsites}, as of \today},
    month = aug,
    year = {2022}
}

@misc{hunt-18-pwned-passwords,
    author = {Hunt, Troy},
    title = {{\textit{Have I Been Pwned?} -- Pwned Passwords v3 is Now Live!}},
    note = {\url{https://www.troyhunt.com/pwned-passwords-v3-is-now-live/}, as of \today},
    month = jul,
    year = {2018}
}

% Approved all correct
@misc{hunt-17-credential-stuffing,
    author = {Hunt, Troy},
    title = {{Password Reuse, Credential Stuffing and Another Billion Records in \textit{Have I Been Pwned?}}},
    note = {\url{https://www.troyhunt.com/password-reuse-credential-stuffing-and-another-1-billion-records-in-have-i-been-pwned/}, as of \today},
    month = may,
    year = {2017}
}

% Approved all correct
@misc{hunt-17-pwned-pws-v1,
    author = {Hunt, Troy},
    title = {{Introducing 306 Million Freely Downloadable Pwned Passwords}},
    note = {\url{https://www.troyhunt.com/introducing-306-million-freely-downloadable-pwned-passwords/}, as of \today},
    month = aug,
    year = {2017}
}

% Approved all correct
@misc{hunt-18-500m,
    author = {Hunt, Troy},
    title = {{I've Just Launched ``Pwned Passwords'' V2 With Half a Billion Passwords for Download}},
    note = {\url{https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/}, as of \today},
    month = feb,
    year = {2018}
}

% Approved all correct
@inproceedings{hurkala-14-context-aware,
    author = {Hurka\l{}a, Adam and Hurka\l{}a, Jaros\l{}aw},
    title = {{Architecture of Context-Risk-Aware Authentication System for Web Environments}},
    booktitle = {International Conference on Informatics Engineering and Information Science},
    year = {2014},
    series = {ICIEIS~'14},
    pages = {219--228},
    address = {Lodz, Poland},
    month = sep,
    publisher = {ACM}
}

% Approved all correct
@article{ienca-21-ethical-requirements,
    author = {Ienca, Marcello and Vayena, Effy},
    title = {{Ethical Requirements for Responsible Research with Hacked Data}},
    journal = {Nature Machine Intelligence},
    year = {2021},
    volume = {3},
    number = {9},
    pages = {744--748},
    month = sep,
    publisher = {Nature}
}

% Approved all correct
@inproceedings{inglesant-10-cost-policies,
    author = {Inglesant, Philip G. and Sasse, M. Angela},
    title = {{The True Cost of Unusable Password Policies: Password Use in the Wild}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2010},
    series = {CHI~'10},
    pages = {383--392},
    address = {Atlanta, Georgia, USA},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{ion-15-hack-my-mind,
    author = {Ion, Iulia and Reeder, Robert W. and Consolvo, Sunny},
    title = {{``...No one Can Hack My Mind'': Comparing Expert and Non-Expert Security Practices}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2015},
    series = {SOUPS~'15},
    pages = {327--346},
    address = {Ottawa, Ontario, Canada},
    month = jul,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{iqbal-21-fingerprinters,
    author = {Iqbal, Umar and Englehardt, Steven and Shafiq, Zubair},
    title = {{Fingerprinting the Fingerprinters: Learning to Detect Browser Fingerprinting Behaviors}},
    booktitle = {IEEE Symposium on Security and Privacy},
    year = {2021},
    series = {SP~'21},
    pages = {283--301},
    address = {Virtual Conference},
    month = may,
    publisher = {IEEE}
}

% Approved all correct
@article{ives-04-domino,
    author = {Ives, Blake and Walsh, Kenneth R. and Schneider, Helmut},
    title = {{The Domino Effect of Password Reuse}},
    journal = {Communications of the ACM},
    year = {2004},
    volume = {47},
    number = {4},
    pages = {75--78},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{jaeger-16-leaked-credentials,
    author = {Jaeger, David and Pelchen, Chris and Graupner, Hendrik and Cheng, Feng and Meinel, Christoph},
    title = {{Analysis of Publicly Leaked Credentials and the Long Story of Password (Re-)use}},
    booktitle = {International Conference on Passwords},
    year = {2016},
    series = {PASSWORDS~'16},
    pages = {},
    address = {Bochum, Germany},
    month = dec,
    publisher = {Springer}
} % Page numbers are until now unknown

% Approved all correct
@inproceedings{jakobsson-08-preference-questions,
    author = {Jakobsson, Markus and Stolterman, Erik and Wetzel, Susanne and Yang, Liu},
    title = {{Love and Authentication}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2008},
    series = {CHI~'08},
    pages = {197--200},
    address = {Florence, Italy},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{jakobsson-09-implicit-auth,
    author = {Jakobsson, Markus and Shi, Elaine and Golle, Philippe and Chow, Richard},
    title = {{Implicit Authentication for Mobile Devices}},
    booktitle = {Workshop on Hot Topics in Security},
    year = {2009},
    series = {HotSec~'09},
    pages = {},
    address = {Montreal, Quebec, Canada},
    month = aug,
    publisher = {USENIX}
} % No page numbers available

% Approved all correct
@inproceedings{jakobsson-12-understanding-pw,
    author = {Jakobsson, Markus and Dhiman, Mayank},
    title = {{The Benefits of Understanding Passwords}},
    booktitle = {Workshop on Hot Topics in Security},
    year = {2012},
    series = {HotSec~'12},
    pages = {},
    address = {Bellevue, Washington, USA},
    month = aug,
    publisher = {USENIX}
} % No page numbers available

% Approved all correct
@article{janakiraman-18-effect-data-breach,
    author = {Janakiraman, Ramkumar and Lim, Joon Ho and Rishika, Rishika},
    title = {{The Effect of a Data Breach Announcement on Customer Behavior: Evidence from a Multichannel Retailer}},
    journal = {Journal of Marketing},
    year = {2018},
    volume = {82},
    number = {2},
    pages = {1--73},
    month = mar,
    publisher = {American Marketing Association}
}

% Approved all correct
@inproceedings{janic-13-tets-overview,
    author = {Janic, Milena and Wijbenga, Jan Pieter and Veugen, Thijs},
    title = {{Transparency Enhancing Tools (TETs): An Overview}},
    booktitle = {Workshop on Socio-Technical Aspects in Security and Trust},
    year = {2013},
    series = {STAST~'13},
    pages = {18--25},
    address = {New Orleans, Louisiana, USA},
    month = jun,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{jarecki-18-opaque,
    author = {Jarecki, Stanislaw and Krawczyk, Hugo and Xu, Jiayu},
    title = {{OPAQUE: An Asymmetric PAKE Protocol Secure Against Pre-computation Attacks}},
    booktitle = {Advances in Cryptology -- {EUROCRYPT}~2018},
    year = {2018},
    series = {EUROCRYPT~'18},
    pages = {456--486},
    address = {Tel Aviv, Israel},
    month = apr,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{javed-14-trusted-friend,
    author = {Javed, Ashar and Bletgen, David and Kohlar, Florian and D\"urmuth, Markus and Schwenk, J\"org},
    title = {{Secure Fallback Authentication and the Trusted Friend Attack}},
    booktitle = {International Distributed Computing Systems Workshops},
    year = {2014},
    series = {ICDCSW~'14},
    pages = {22--28},
    address = {Madrid, Spain},
    month = jun,
    publisher = {IEEE}
}

% Approved all correct
@article{jenkins-14-data-breach-notification,
    author = {Jenkins, Alexander and Anandarajan, Murugan and D'Ovidio, Rob},
    title = {{'All that Glitters is not Gold': The Role of Impression Management in Data Breach Notification}},
    journal = {Western Journal of Communication},
    year = {2014},
    volume = {78},
    number = {3},
    pages = {337--357},
    month = jan,
    publisher = {Taylor \& Francis}
}

% Approved all correct
@inproceedings{jermyn-99-graph-pw,
    author = {Jermyn, Ian and Mayer, Alain and Monrose, Fabian and Reiter, Michael K. and Rubin, Aviel D.},
    title = {{The Design and Analysis of Graphical Passwords}},
    booktitle = {USENIX Security Symposium},
    year = {1999},
    series = {SSYM~'99},
    pages = {1--1},
    address = {Washington, District of Columbia, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@article{johnson-20-opt-out-adchoices-cost,
    author = {Johnson, Garrett A. and Shriver, Scott K. and Du, Shaoyin},
    title = {{Consumer Privacy Choice in Online Advertising: Who Opts Out and at What Cost to Industry?}},
    journal = {Marketing Science},
    year = {2020},
    volume = {39},
    number = {1},
    pages = {33--51},
    month = jan,
    publisher = {INFORMS}
}

% Approved all correct
@inproceedings{joudaki-18-implicit-passphrases,
    author = {Joudaki, Zeinab and Thorpe, Julie and Martin, Miguel Vargas},
    title = {{Reinforcing System-Assigned Passphrases Through Implicit Learning}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2018},
    series = {CCS~'18},
    pages = {1533--1548},
    address = {Toronto, Ontario, Canada},
    month = oct,
    publisher = {ACM}
}

% Approved all correct
@article{jover-20-security-sms-2fa,
    author = {Jover, Roger Piqueras},
    title = {{Security Analysis of SMS as a Second Factor of Authentication}},
    journal = {ACM Queue},
    year = {2020},
    volume = {18},
    number = {4},
    pages = {37--60},
    month = aug,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{juels-13-honeywords,
    author = {Juels, Ari and Rivest, Ronald L.},
    title = {{Honeywords: Making Password-cracking Detectable}},
    booktitle = {Conference on Computer and Communications Security},
    year = {2013},
    series = {CCS~'13},
    pages = {145--160},
    address = {Berlin, Germany},
    month = nov,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{juels-14-honey-encryption,
    author = {Juels, Ari and Ristenpart, Thomas},
    title = {{Honey Encryption: Security Beyond the Brute-Force Bound}},
    booktitle = {Advances in Cryptology -- {EUROCRYPT}~2014},
    year = {2014},
    series = {EUROCRYPT~'14},
    pages = {293--310},
    address = {Copenhagen, Denmark},
    month = may,
    publisher = {Springer}
}

% Approved all correct
@article{just-05-designing,
    author = {Just, Mike},
    title = {{Designing and Evaluating Challenge-Question Systems}},
    journal = {IEEE Security \& Privacy},
    year = {2004},
    volume = {2},
    number = {5},
    pages = {32--39},
    month = oct,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{just-09-pkq-usability,
    author = {Just, Mike and Aspinall, David},
    title = {{Personal Choice and Challenge Questions: A Security and Usability Assessment}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2009},
    series = {SOUPS~'09},
    pages = {8:1--8:11},
    address = {Mountain View, California, USA},
    month = jul,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{kafas-13-vpc,
    author = {Kafas, Kyriakos and Aljaffan, Nouf and Li, Shujun},
    title = {{Poster: Visual Password Checker}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2013},
    series = {SOUPS~'13},
    pages = {},
    address = {Newcastle, United Kingdom},
    month = jul,
    publisher = {ACM}
} % No page numbers for posters

% Approved all correct
@inproceedings{kaiser-20-warning-disinformation,
    author = {Kaiser, Ben and Wei, Jerry and Lucherini, Elena and Lee, Kevin and Matias, J. Nathan and Mayer, Jonathan},
    title = {{Adapting Security Warnings to Counter Online Disinformation}},
    booktitle = {USENIX Security Symposium},
    year = {2021},
    series = {SSYM~'21},
    pages = {1163--1180},
    address = {Virtual Conference},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@misc{kalicinski-17-android-autofill,
    author = {Kalicinski, Wojtek},
    title = {{Google: Getting Your Android App Ready for Autofill}},
    note = {\url{https://android-developers.googleblog.com/2017/11/getting-your-android-app-ready-for.html}, as of \today},
    month = nov,
    year = {2017}
}

% Approved all correct
@techreport{kaliski-00-pkcs5,
    author = {Kaliski, Burton Stephen},
    title = {{PKCS \#5: Password-Based Cryptography Specification Version 2.0}},
    howpublished = {Internet Requests for Comments},
    type = {{RFC}},
    number = {2898},
    pages = {1--34},
    year = {2000},
    month = sep,
    publisher = {{RFC Editor}},
    institution = {{RFC Editor}},
    url = {https://tools.ietf.org/html/rfc2898}
}

% Approved all correct
@inproceedings{kang-15-data-everywhere,
    author = {Kang, Ruogu and Dabbish, Laura and Fruchter, Nathaniel and Kiesler, Sara B.},
    title = {{``My Data Just Goes Everywhere:'' User Mental Models of the Internet and Implications for Privacy and Security}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2015},
    series = {SOUPS~'15},
    pages = {39--52},
    address = {Ottawa, Canada},
    month = jul,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{karole-10-usability-vault,
    author = {Karole, Ambarish and Saxena, Nitesh and Christin, Nicolas},
    title = {{A Comparative Usability Evaluation of Traditional Password Managers}},
    booktitle = {International Conference on Information Security and Cryptology},
    year = {2010},
    series = {ICISC~'10},
    pages = {233--251},
    address = {Seoul, Korea},
    month = dec,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{karunakaran-18-handling-exposed-data,
    author = {Karunakaran, Sowmya and Thomas, Kurt and Bursztein, Elie and Comanescu, Oxana},
    title = {{Data Breaches: User Comprehension, Expectations, and Concerns with Handling Exposed Data}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2018},
    series = {SOUPS~'18},
    pages = {217--234},
    address = {Baltimore, Maryland, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{keil-22-german-id-fido, 
    author = {Keil, Markus and Markert, Philipp and D\"{u}rmuth, Markus},
    title = {{``It's Just a Lot of Prerequisites'': A User Perception and Usability Analysis of the German ID Card as a FIDO2 Authenticator}},
    booktitle = {European Symposium on Usable Security},
    year = {2022},
    series = {EuroUSEC~'22},
    pages = {172--188},
    address = {Karlsruhe, Germany},
    month = sep,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{kelley-09-nutrition-label,
    author = {Kelley, Patrick Gage and Bresee, Joanna and Cranor, Lorrie Faith and Reeder, Robert W.},
    title = {{A ``Nutrition Label'' for Privacy}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2009},
    series = {SOUPS~'09},
    pages = {4:1--4:12},
    address = {Mountain View, California, USA},
    month = jul,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{kelley-12-again,
    author = {Kelley, Patrick and Kom, Saranga and Mazurek, Michelle L. and Shay, Rich and Vidas, Tim and Bauer, Lujo and Christin, Nicolas and Cranor, Lorrie Faith and L{\'o}pez, Julio},
    title = {{Guess Again (and Again and Again): Measuring Password Strength by Simulating Password-Cracking Algorithms}},
    booktitle = {IEEE Symposium on Security and Privacy},
    year = {2012},
    series = {SP~'12},
    pages = {523--537},
    address = {San Jose, California, USA},
    month = may,
    publisher = {IEEE}
}

% Approved all correct
@misc{kelly-20-firefox-relay,
    author = {Kelly, M.J.},
    title = {{Firefox Relay Protects Your Email Address from Hackers and Spammers}},
    note = {\url{https://blog.mozilla.org/en/products/firefox/firefox-relay/}, as of \today},
    month = jun,
    year = {2020}
}

% Approved all correct
@inproceedings{kiesel-17-mnemonic,
    author = {Kiesel, Johannes and Stein, Benno and Lucks, Stefan},
    title = {{A Large-scale Analysis of the Mnemonic Password Advice}},
    booktitle = {Symposium on Network and Distributed System Security},
    year = {2017},
    series = {NDSS~'17},
    pages = {},
    address = {San Diego, California, USA},
    month = feb,
    publisher = {ISOC}
} % NDSS does not have page numbers

% Approved all correct
@inproceedings{kim-12-social-auth,
    author = {Kim, Hyoungshick and Tang, John and Anderson, Ross},
    title = {{Social Authentication: Harder Than It Looks}},
    booktitle = {Financial Cryptography and Data Security},
    year = {2012},
    series = {FC~'12},
    pages = {1--15},
    address = {Kralendijk, Bonaire},
    month = feb,
    publisher = {Springer}
}

% Approved all correct
@article{kim-12-pin-policies,
    author = {Kim, Hyoungshick and Huh, Jun Ho},
    title = {{PIN Selection Policies: Are They Really Effective?}},
    journal = {Computers \& Security},
    year = {2012},
    volume = {31},
    number = {4},
    pages = {484--496},
    month = jun,
    publisher = {Elsevier}
}

% Approved all correct
@inproceedings{kim-18-harry-met-tinder,
    author = {Kim, Kuyju and Kim, Taeyun and Lee, Seungjin and Kim, Soolin and Kim, Hyoungshick},
    title = {{When Harry Met Tinder: Security Analysis of Dating Apps on Android}},
    booktitle = {Nordic Conference on Secure IT Systems},
    year = {2018},
    series = {NordSec~'18},
    pages = {454--467},
    address = {Oslo, Norway},
    month = nov,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{kim-20-phone-2fa-second-uses,
    author = {Kim, Min Hee and Yeung, Christina and Salsburg, Daniel and Calandrino, Joseph A.},
    title = {{Secondary Education: Measuring Secondary Uses of 2FA Phone Numbers}},
    booktitle = {Who Are You?! Adventures in Authentication Workshop},
    year = {2020},
    series = {WAY~'20},
    pages = {1--5},
    address = {Virtual Conference},
    month = aug,
    publisher = {}
} % No publisher

% Approved all correct
@misc{kim-22-google-mandatory-2fa,
    author = {Kim, Guemmy},
    title = {{Google: Making You Safer With 2SV}},
    note = {\url{https://blog.google/technology/safety-security/reducing-account-hijacking/}, as of \today},
    month = mar,
    year = {2022}
}

% Approved all correct
@article{kirlappos-12-phishing,
    author = {Kirlappos, Iacovos and Sasse, M. Angela},
    title = {{Security Education against Phishing: A Modest Proposal for a Major Rethink}},
    journal = {IEEE Security \& Privacy},
    year = {2012},
    volume = {10},
    number = {2},
    pages = {24--32},
    month = mar,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{klasnja-09-wifi,
    author = {Klasnja, Predrag and Consolvo, Sunny and Jung, Jaeyeon and Greenstein, Benjamin M. and LeGrand, Louis and Powledge, Pauline and Wetherall, David},
    title = {{``When I Am on Wi-Fi, I Am Fearless'': Privacy Concerns \& Practices in Eeryday Wi-Fi Use}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2009},
    series = {CHI~'09},
    pages = {1993--2002},
    address = {Boston, Massachusetts, USA},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{klein-90-foiling,
    author = {Klein, Daniel V.},
    title = {{``Foiling the Cracker'': A Survey of, and Improvements to, Password Security}},
    booktitle = {USENIX Security Workshop},
    year = {1990},
    series = {SSYM~'90},
    pages = {5--14},
    address = {Portland, Oregon, USA},
    month = aug,
    publisher = {USENIX}
} % https://www.usenix.org/legacy/publications/bibliography/byAuthor.html

% Approved all correct
@inproceedings{kocabas-21-unauthorized,
    author = {Kocabas, Huzeyfe and Nandy, Swapnil and Tamanna, Tanjina and Al-Ameen, Mahdi Nasrullah},
    title = {{Understanding User's Behavior and Protection Strategy upon Losing, or Identifying Unauthorized Access to Online Account}},
    booktitle = {International Conference on Human-Computer Interaction},
    year = {2021},
    series = {HCII~'21},
    pages = {310--325},
    address = {Virtual Conference},
    month = jul,
    publisher = {Springer}
} % Also appeared as SOUPS poster in 2020

% Approved all correct
@inproceedings{kogan-21-checklist-scheme,
    author = {Kogan, Dmitry and Corrigan-Gibbs, Henry},
    title = {{Private Blocklist Lookups with Checklist}},
    booktitle = {USENIX Security Symposium},
    year = {2021},
    series = {SSYM~'21},
    pages = {875--892},
    address = {Virtual Conference},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{komanduri-11-policy,
    author = {Komanduri, Saranga and Shay, Richard and Kelley, Patrick Gage and Mazurek, Michelle L. and Bauer, Lujo and Christin, Nicolas and Cranor, Lorrie Faith and Egelman, Serge},
    title = {{Of Passwords and People: Measuring the Effect of Password-Composition Policies}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2011},
    series = {CHI~'11},
    pages = {2595--2604},
    address = {Vancouver, British Columbia, Canada},
    month = may,
    publisher = {ACM}
}

% Approved all correct
@misc{kotadia-04-gates-password-dead,
    author = {Kotadia, Munir},
    title = {{Gates Predicts Death of the Password}},
    note = {\url{https://www.cnet.com/news/gates-predicts-death-of-the-password/}, as of \today},
    month = feb,
    year = {2004}
}

% Approved all correct
@inproceedings{kou-18-titling,
    author = {Kou, Yubo and Gray, Colin M. and Toombs, Austin and Nardi, Bonnie},
    title = {{The Politics of Titling: The Representation of Countries in CHI Papers}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2018},
    series = {CHI~EA~'18},
    pages = {16:1--16:10},
    address = {Montreal, Quebec, Canada},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@book{kowalski-12-cyberbullying,
    author = {Kowalski, Robin M. and Limber, Susan P. and Agatston, Patricia W.},
    title = {{Cyberbullying: Bullying in the Digital Age}},
    year = {2012},
    publisher = {Wiley-Blackwell},
    address = {Hoboken, New Jersey, USA},
    edition = {2}
}

% Approved all correct
@misc{krebs-18-u2f-no-phishing,
    author = {Krebs, Brian},
    title = {{Google: Security Keys Neutralized Employee Phishing}},
    note = {\url{https://krebsonsecurity.com/2018/07/google-security-keys-neutralized-employee-phishing/}, as of \today},
    month = jul,
    year = {2018}
}

% Approved all correct
@inproceedings{krol-12-pdf-warning,
    author = {Krol, Kat and Moroz, Matthew and Sasse, M. Angela},
    title = {{Don't Work. Can't Work? Why It's Time to Rethink Security Warnings}},
    booktitle = {Conference on Risks and Security of Internet and Systems},
    year = {2012},
    series = {CRiSIS~'12},
    pages = {1--8},
    address = {Cork, Ireland},
    month = oct,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{krol-15-2fa,
    author = {Krol, Kat and Philippou, Eleni and De Cristofaro, Emiliano and Sasse, M. Angela},
    title = {{``They brought in the horrible key ring thing!'' Analysing the Usability of Two-Factor Authentication in UK Online Banking}},
    booktitle = {Symposium on Network and Distributed System Security},
    year = {2015},
    series = {NDSS~'15},
    pages = {},
    address = {San Diego, California, USA},
    month = feb,
    publisher = {ISOC}
} % NDSS does not have page numbers

% Approved all correct
@inproceedings{krombholz-17-i-have-no-idea,
    author = {Krombholz, Katharina and Mayer, Wilfried and Schmiedecker, Martin and Weippl, Edgar},
    title = {{``I Have No Idea What I'm Doing'' -- On the Usability of Deploying HTTPS}},
    booktitle = {USENIX Security Symposium},
    year = {2017},
    series = {SSYM~'17},
    pages = {1339--1356},
    address = {Vancouver, British Columbia, Canada},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{krombholz-19-mental-models-https,
    author = {Krombholz, Katharina and Busse, Karoline and Pfeffer, Katharina and Smith, Matthew and von Zezschwitz, Emanuel},
    title = {{``If HTTPS Were Secure, I Wouldn't Need 2FA'' -- End User and Administrator Mental Models of HTTPS}},
    booktitle = {IEEE Symposium on Security and Privacy},
    year = {2019},
    series = {SP~'19},
    pages = {246--263},
    address = {San Francisco, California, USA},
    month = may,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{kumar-17-no-telling-passcodes,
    author = {Kumar, Priya C. and Naik, Shalmali Milind and Devkar, Utkarsha Ramesh and Chetty, Marshini and Clegg, Tamara L. and Vitak, Jessica},
    title = {{``No Telling Passcodes Out Because They're Private'': Understanding Children's Mental Models of Privacy and Security Online}},
    booktitle = {ACM Conference on Computer-Supported Cooperative Work and Social Computing},
    year = {2017},
    series = {CSCW~'17},
    pages = {46:1--46:21},
    address = {Portland, Oregon, USA},
    month = nov,
    publisher = {ACM}
}

% Approved all correct 
@inproceedings{kumar-19-tech-elementary,
    author = {Kumar, Priya C. and Chetty, Marshini and Clegg, Tamara L. and Vitak, Jessica},
    title = {{Privacy and Security Considerations for Digital Technology Use in Elementary Schools}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2019},
    series = {CHI~'19},
    pages = {307:1--307:13},
    address = {Glasgow, Scotland, United Kingdom},
    month = may,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{kunke-21-fido-recovery,
    author = {Kunke, Johannes and Wiefling, Stephan and Ullmann, Markus and Lo Iacono, Luigi},
    title = {{Evaluation of Account Recovery Strategies with FIDO2-based Passwordless Authentication}},
    booktitle = {Open Identity Summit},
    year = {2021},
    series = {ODI~'21},
    pages = {59--70},
    address = {Copenhagen, Denmark},
    month = jun,
    publisher = {GI}
}

% Approved all correct
@inproceedings{kuo-06-mnemonic-phrase,
    author = {Kuo, Cynthia and Romanosky, Sasha and Cranor, Lorrie Faith},
    title = {{Human Selection of Mnemonic Phrase-based Passwords}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2006},
    series = {SOUPS~'06},
    pages = {67--78},
    address = {Pittsburgh, Pennsylvania, USA},
    month = jul,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{lain-22-phishing-campaigns-harmful,
    author = {Lain, Daniele and Kostiainen, Kari and Capkun, Srdjan},
    title = {{Phishing in Organizations: Findings from a Large-Scale and Long-Term Study}},
    booktitle = {IEEE Symposium on Security and Privacy},
    year = {2022},
    series = {SP~'22},
    pages = {},
    address = {San Francisco, California, USA},
    month = may,
    publisher = {IEEE}
} % Page numbers not yet known, update required

% Approved all correct
@inproceedings{lamichhane-17-children,
    author = {Lamichhane, Dev Raj and Read, Janet C.},
    title = {{Investigating Children's Passwords Using a Game-based Survey}},
    booktitle = {Conference on Interaction Design and Children},
    year = {2017},
    series = {IDC~'17},
    pages = {617--622},
    address = {Santa Clara, California, USA},
    month = jun,
    publisher = {ACM}
}

% Approved all correct
@misc{lamont-16-ashley-consequences,
    author = {Lamont, Tom},
    title = {{Life after the Ashley Madison Affair}},
    note = {\url{https://www.theguardian.com/technology/2016/feb/28/what-happened-after-ashley-madison-was-hacked}, as of \today},
    month = feb,
    year = {2016}
}

% Approved all correct
@inproceedings{lassak-21-webauthn-misconceptions,
    author = {Lassak, Leona and Hildebrandt, Annika and Golla, Maximilian and Ur, Blase},
    title = {{``It's Stored, Hopefully, on an Encrypted Server'': Mitigating Users' Misconceptions About FIDO2 Biometric WebAuthn}},
    booktitle = {USENIX Security Symposium},
    year = {2021},
    series = {SSYM~'21},
    pages = {91--108},
    address = {Virtual Conference},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@article{laughery-93-explicitness,
    author = {Laughery, Kenneth R. and Vaubel, Kent P. and Young, Stephen L. and Brelsford Jr., John W. and Rowe, Anna L.},
    title = {{Explicitness of Consequence Information in Warnings}},
    journal = {Safety Science},
    year = {1993},
    volume = {16},
    number = {5--6},
    pages = {597--613},
    month = aug,
    publisher = {Elsevier}
}

% Approved all correct
@book{lazar-17-research-methods-in-hci,
    author = {Lazar, Jonathan and Feng, Jinjuan Heidi and Hochheiser, Harry},
    title = {{Research Methods in Human-Computer Interaction}},
    year = {2017},
    publisher = {Morgan Kaufmann},
    address = {San Francisco, California, USA},
    edition = {2}
}

% Approved all correct
@misc{lecher-19-google-pause-listening,
    author = {Lecher, Colin},
    title = {{Google Will Pause Listening to EU Voice Recordings While Regulators Investigate}},
    note = {\url{https://www.theverge.com/2019/8/1/20750327/}, as of \today},
    month = aug,
    year = {2019}
}

% Approved all correct
@article{lee-97-tough,
    author = {Lee, Fiona},
    title = {{When the Going Gets Tough, Do the Tough Ask for Help? Help Seeking and Power Motivation in Organizations}},
    journal = {Organizational Behavior and Human Decision Processes},
    year = {1997},
    volume = {72},
    number = {3},
    pages = {336--363},
    month = dec,
    publisher = {Elsevier}
}

% Approved all correct
@inproceedings{lee-20-sim-swap,
    author = {Lee, Kevin and Kaiser, Benjamin and Mayer, Jonathan and Narayanan, Arvind},
    title = {{An Empirical Study of Wireless Carrier Authentication for SIM Swaps}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2020},
    series = {SOUPS~'20},
    pages = {61--79},
    address = {Virtual Conference},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{leon-12-johnny-opt-out,
    author = {Leon, Pedro and Ur, Blase and Shay, Richard and Wang, Yang and Balebako, Rebecca and Cranor, Lorrie},
    title = {{Why Johnny Can't Opt out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2012},
    series = {CHI~'12},
    pages = {589--598},
    address = {Austin, Texas, USA},
    month = may,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{leon-13-willingness,
    author = {Leon, Pedro Giovanni and Ur, Blase and Wang, Yang and Sleeper, Manya and Balebako, Rebecca and Shay, Richard and Bauer, Lujo and Christodorescu, Mihai and Cranor, Lorrie Faith},
    title = {{What Matters to Users? Factors That Affect Users' Willingness to Share Information with Online Advertisers}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2013},
    series = {SOUPS~'13},
    pages = {7:1--7:12},
    address = {Newcastle, United Kingdom},
    month = jul,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{li-14-chinese-pw,
    author = {Li, Zhigong and Han, Weili and Xu, Wenyuan},
    title = {{A Large-Scale Empirical Analysis of Chinese Web Passwords}},
    booktitle = {USENIX Security Symposium},
    year = {2014},
    series = {SSYM~'14},
    pages = {559--574},
    address = {San Diego, California, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{li-14-pw-manager,
    author = {Li, Zhiwei and He, Warren and Akhawe, Devdatta and Song, Dawn},
    title = {{The Emperor's New Password Manager: Security Analysis of Web-based Password Managers}},
    booktitle = {USENIX Security Symposium},
    year = {2014},
    series = {SSYM~'14},
    pages = {465--479},
    address = {San Diego, California, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@article{li-17-horcrux,
    author = {Li, Hannah and Evans, David},
    title = {{Horcrux: A Password Manager for Paranoids}},
    journal = {CoRR},
    year = {2017},
    volume = {abs/1706.05085},
    number = {},
    pages = {1--13},
    month = oct
}

% Approved all correct
@inproceedings{li-19-keepers-of-the-machines,
    author = {Li, Frank and Rogers, Lisa and Mathur, Arunesh and Malkin, Nathan and Chetty, Marshini},
    title = {{Keepers of the Machines: Examining How System Administrators Manage Software Updates For Multiple Machines}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2019},
    series = {SOUPS~'19},
    pages = {273--288},
    address = {Santa Clara, California, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{li-19-checking-credentials,
    author = {Li, Lucy and Pal, Bijeeta and Ali, Junade and Sullivan, Nick and Chatterjee, Rahul and Ristenpart, Thomas},
    title = {{Protocols for Checking Compromised Credentials}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2019},
    series = {CCS~'19},
    pages = {1387--1403},
    address = {London, United Kingdom},
    month = nov,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{li-21-privacy-pw-checkup,
    author = {Li, Jie and Liu, Yamin and Wu, Shuang},
    title = {{Pipa: Privacy-Preserving Password Checkup via Homomorphic Encryption}},
    booktitle = {ACM Asia Conference on Computer and Communications Security},
    year = {2021},
    series = {ASIA~CCS~'21},
    pages = {242--251},
    address = {Virtual Conference},
    month = may,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{lin-11-domain-highlighting,
    author = {Lin, Eric and Greenberg, Saul and Trotter, Eileah and Ma, David and Aycock, John},
    title = {{Does Domain Highlighting Help People Identify Phishing Sites?}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2011},
    series = {CHI~'11},
    pages = {2075--2084},
    address = {Vancouver, British Columbia, Canada},
    month = may,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{liu-19-mangling-rules,
    author = {Liu, Enze and Nakanishi, Amanda and Golla, Maximilian and Cash, David and Ur, Blase},
    title = {{Reasoning Analytically About Password-Cracking Software}},
    booktitle = {IEEE Symposium on Security and Privacy},
    year = {2019},
    series = {SP~'19},
    pages = {380--397},
    address = {San Francisco, California, USA},
    month = may,
    publisher = {IEEE}
}

% Approved all correct
@article{livingstone-12-risk,
    author = {Livingstone, Sonia and Helsper, Ellen J.},
    title = {{Children, Internet and Risk in Comparative Perspective}},
    journal = {Journal of Children and Media},
    year = {2012},
    volume = {7},
    number = {1},
    pages = {1--8},
    month = nov,
    publisher = {Taylor \& Francis}
}

% Approved all correct
@misc{livingstone-12-eu-children-risks,
    author = {Livingstone, Sonia and Haddon, Leslie and G\"{o}rzig, Anke and \'{O}lafsson, Kjartan},
    title = {{Risks and Safety on the Internet: The Perspective of European Children}},
    note = {\url{https://eprints.lse.ac.uk/33731/}, as of \today},
    month = aug,
    year = {2012}
}

% Approved all correct
@book{loewen-18-lies-teacher-told,
    author = {Loewen, James W.},
    title = {{Lies My Teacher Told Me: Everything Your American History Textbook Got Wrong}},
    year = {2018},
    publisher = {The New Press},
    address = {New York City, New York, USA},
    edition = {1}
}

% Approved all correct
@article{logan-15-pw-reuse,
    author = {Logan, Deborah},
    title = {{British Airways Among Latest Breaches}},
    journal = {Network Security},
    year = {2015},
    volume = {2015},
    number = {4},
    pages = {2--20},
    month = apr,
    publisher = {Elsevier}
}

% Approved all correct
@inproceedings{loge-16-pattern-user-choice,
    author = {L{\o}ge, Marte and D\"urmuth, Markus and R{\o}stad, Lillian},
    title = {{On User Choice for Android Unlock Patterns}},
    booktitle = {European Workshop on Usable Security},
    year = {2016},
    series = {EuroUSEC~'16},
    pages = {},
    address = {Darmstadt, Germany},
    month = jul,
    publisher = {ISOC}
} % EuroUSEC/NDSS does not have page numbers

% Approved all correct
@misc{long-14-facebook-checks-stolen-credentials,
    author = {Long, Chris},
    title = {{Facebook -- Keeping Passwords Secure}},
    note = {\url{https://www.facebook.com/notes/protect-the-graph/keeping-passwords-secure/1519937431579736/}, as of \today},
    month = oct,
    year = {2014}
}

% Approved all correct
@article{lorenzen-huber-10-aging,
    author = {Lorenzen-Huber, Lesa and Boutain, Mary and Camp, L. Jean and Shankar, Kalpana and Connelly, Kay H.},
    title = {{Privacy, Technology, and Aging: A Proposed Framework}},
    journal = {Ageing International},
    year = {2010},
    volume = {36},
    number = {2},
    pages = {232--252},
    month = dec,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{lu-18-rate-limiting,
    author = {Lu, Bo and Zhang, Xiaokuan and Ling, Ziman and Zhang, Yinqian and Lin, Zhiqiang},
    title = {{A Measurement Study of Authentication Rate-Limiting Mechanisms of Modern Websites}},
    booktitle = {Annual Conference on Computer Security Applications},
    year = {2018},
    series = {ACSAC~'18},
    pages = {89--100},
    address = {San Juan, Puerto Rico, USA},
    month = dec,
    publisher = {ACM}
}

% Approved all correct
@misc{lundberg-19-webauthn,
    author = {Lundberg, Emil and Jones, James and Kumar, Akshay and Balfanz, Dirk and Czeskis, Alexei and Liao, Angelo Huakai and Jones, Michael B. and Hodges, Jeff and Lindemann, Rolf},
    title = {{Web Authentication: An API for Accessing Public Key Credentials -- Level 1}},
    note = {\url{https://www.w3.org/TR/2019/REC-webauthn-1-20190304/}, as of \today},
    month = mar,
    year = {2019}
}

% Approved all correct
@inproceedings{lutaaya-15-memory-games,
    author = {Lutaaya, Michael and Chiasson, Sonia},
    title = {{Poster: Password Rehearsal Memory Games}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2015},
    series = {SOUPS~'15},
    pages = {},
    address = {Ottawa, Ontario, Canada},
    month = jul,
    publisher = {USENIX}
} % No page numbers for posters

% Approved all correct
@inproceedings{lyastani-18-pw-manager,
    author = {Lyastani, Sanam Ghorbani and Schilling, Michael and Fahl, Sascha and Backes, Michael and Bugiel, Sven},
    title = {{``Better managed than memorized?'' Studying the Impact of Managers on Password Strength and Reuse}},
    booktitle = {USENIX Security Symposium},
    year = {2018},
    series = {SSYM~'18},
    pages = {203--220},
    address = {Baltimore, Maryland, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{lyastani-20-kingslayer,
    author = {Lyastani, Sanam Ghorbani and Schilling, Michael and Neumayr, Michaela and Backes, Michael and Bugiel, Sven},
    title = {{Is FIDO2 the Kingslayer of User Authentication? A Comparative Usability Study of FIDO2 Passwordless Authentication}},
    booktitle = {IEEE Symposium on Security and Privacy},
    year = {2020},
    series = {SP~'20},
    pages = {268--285},
    address = {Virtual Conference},
    month = may,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{ma-14-probabilistic,
    author = {Ma, Jerry and Yang, Weining and Luo, Min and Li, Ninghui},
    title = {{A Study of Probabilistic Password Models}},
    booktitle = {IEEE Symposium on Security and Privacy},
    year = {2014},
    series = {SP~'14},
    pages = {689--704},
    address = {San Jose, CA, USA},
    month = may,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{macgregor-19-uds-android-sec-key,
    author = {MacGregor, Robbie},
    title = {{Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security Evaluation with Comparative Analysis}},
    booktitle = {Who Are You?! Adventures in Authentication Workshop},
    year = {2019},
    series = {WAY~'19},
    pages = {1--6},
    address = {Santa Clara, California, USA},
    month = aug,
    publisher = {}
} % No publisher

% Approved all correct
@inproceedings{malandrino-13-awareness,
    author = {Malandrino, Delfina and Scarano, Vittorio and Spinelli, Raffaele},
    title = {{How Increased Awareness Can Impact Attitudes and Behaviors toward Online Privacy Protection}},
    booktitle = {IEEE Conference on Social Computing},
    year = {2013},
    series = {SocialCom~'13},
    pages = {57--62},
    address = {Alexandria, Virginia, USA},
    month = sep,
    publisher = {IEEE}
}

% Approved all correct
@article{malhotra-2004-iuipc,
    author = {Malhotra, Naresh K. and Kim, Sung S. and Agarwal, James},
    title = {{Internet Users' Information Privacy Concerns (IUIPC): The Construct, the Scale, and a Causal Model}},
    journal = {Information Systems Research},
    year = {2004},
    volume = {15},
    number = {4},
    pages = {336--355},
    month = dec,
    publisher = {INFORMS}
}

% Approved all correct
@inproceedings{malone-12-dist-pw-choice,
    author = {Malone, David and Maher, Kevin},
    title = {{Investigating the Distribution of Password Choices}},
    booktitle = {The World Wide Web Conference},
    year = {2012},
    series = {WWW~'12},
    pages = {301--310},
    address = {Lyon, France},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{manfredi-21-patching-tls,
    author = {Manfredi, Salvatore and Ceccato, Mariano and Sciarretta, Giada and Ranise, Silvio},
    title = {{Do Security Reports Meet Usability? Lessons Learned from Using Actionable Mitigations for Patching TLS Misconfigurations}},
    booktitle = {Workshop on Education, Training and Awareness in Cybersecurity},
    year = {2021},
    series = {ETACS~'21},
    pages = {1--13},
    address = {Virtual Conference},
    month = aug,
    publisher = {IEEE}
}

% Approved all correct
@article{manulis-16-pw-channel-binding,
    author = {Manulis, Mark and Stebila, Douglas and Kiefer, Franziskus and Denham, Nick},
    title = {{Secure Modular Password Authentication for the Web Using Channel Bindings}},
    journal = {International Journal of Information Security},
    year = {2016},
    volume = {15},
    number = {6},
    pages = {597--620},
    month = nov,
    publisher = {Springer}
}

% Approved all correct
@misc{marczak-18-pegasus,
    author = {Marczak, Bill and Scott-Railton, John and McKune, Sarah and Abdul Razzak, Bahr and Deibert, Ron},
    title = {{Hide and Seek: Tracking NSO Group's Pegasus Spyware to Operations in 45 Countries}},
    note = {\url{https://citizenlab.ca/2018/09/hide-and-seek-tracking-nso-groups-pegasus-spyware-to-operations-in-45-countries/}, as of \today},
    month = sep,
    year = {2018}
}

% Approved all correct
@inproceedings{mare-14-zebra,
    author = {Mare, Shrirang and Molina-Markham, Andr\'{e}s and Cornelius, Cory and Peterson, Ronald and Kotz, David},
    title = {{ZEBRA: Zero-Effort Bilateral Recurring Authentication}},
    booktitle = {IEEE Symposium on Security and Privacy},
    year = {2014},
    series = {SP~'14},
    pages = {705--720},
    address = {San Jose, California, USA},
    month = may,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{markert-19-fallback-wip,
    author = {Markert, Philipp and Golla, Maximilian and Stobert, Elizabeth and D\"{u}rmuth, Markus},
    title = {{Work in Progress: A Comparative Long-Term Study of Fallback Authentication}},
    booktitle = {Workshop on Usable Security and Privacy},
    year = {2019},
    series = {USEC~'19},
    pages = {},
    address = {San Diego, California, USA},
    month = feb,
    publisher = {ISOC}
} % NDSS does not have page numbers

% Approved all correct
@inproceedings{markert-19-conf-mode-phish,
    author = {Markert, Philipp and Farke, Florian and D\"{u}rmuth, Markus},
    title = {{View The Email to Get Hacked: Attacking SMS-Based Two-Factor Authentication}},
    booktitle = {Who Are You?! Adventures in Authentication Workshop},
    year = {2019},
    series = {WAY~'19},
    pages = {1--6},
    address = {Santa Clara, California, USA},
    month = aug,
    publisher = {}
} % No publisher

% Approved all correct
@inproceedings{markert-20-pin-blocklist,
    author = {Markert, Philipp and Bailey, Daniel V. and Golla, Maximilian and D\"{u}rmuth, Markus and Aviv, Adam J.},
    title = {{This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs}},
    booktitle = {IEEE Symposium on Security and Privacy},
    year = {2020},
    series = {SP~'20},
    pages = {286--303},
    address = {San Francisco, California, USA},
    month = may,
    publisher = {IEEE}
}

% Approved all correct
@article{markert-21-pin-unlock,
    author = {Markert, Philipp and Bailey, Daniel V. and Golla, Maximilian and D\"{u}rmuth, Markus and Aviv, Adam J.},
    title = {{On the Security of Smartphone Unlock PINs}},
    journal = {ACM Transactions on Privacy and Security},
    year = {2021},
    volume = {24},
    number = {4},
    pages = {30:1--30:36},
    month = sep,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{markert-22-rba-admin,
    author = {Markert, Philipp and Schnitzler, Theodor and Golla, Maximilian and D\"{u}rmuth, Markus},
    title = {{``As soon as it's a risk, I want to require MFA'': How Administrators Configure Risk-based Authentication}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2022},
    series = {SOUPS~'22},
    pages = {483--501},
    address = {Boston, Massachusetts, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{marotta-19-revenue-targeting,
    author = {Marotta, Veronica and Abhishek, Vibhanshu and Acquisti, Alessandro},
    title = {{Online Tracking and Publishers' Revenues: An Empirical Analysis}},
    booktitle = {Workshop on the Economics of Information Security},
    year = {2019},
    series = {WEIS~'19},
    pages = {1--35},
    address = {Boston, Massachusetts, USA},
    month = jun,
    publisher = {}
} % No publisher

% Approved all correct
@inproceedings{marques-19-unauthorized-non-strangers,
    author = {Marques, Diogo and Guerreiro, Tiago and Carri\c{c}o, Luis and Beschastnikh, Ivan and Beznosov, Konstantin},
    title = {{Vulnerability \& Blame: Making Sense of Unauthorized Access to Smartphones}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2019},
    series = {CHI~'19},
    pages = {589:1--589:13},
    address = {Glasgow, Scotland, United Kingdom},
    month = may,
    publisher = {ACM}
}

% Approved all correct
@article{marquie-02-old-knowledge,
    author = {Marqui{\'e}, Jean Claude and Jourdan-Boddaert, Linda and Huet, Nathalie},
    title = {{Do Older Adults Underestimate Their Actual Computer Knowledge?}},
    journal = {Behaviour \& Information Technology},
    year = {2002},
    volume = {21},
    number = {4},
    pages = {273--280},
    month = {},
    publisher = {Taylor \& Francis}
} % This journal does not have a month info

% Approved all correct
@inproceedings{martius-20-update-impact-admins,
    author = {Martius, Florin and Tiefenau, Christian},
    title = {{What Does This Update Do to My Systems? -- An Analysis of The Importance of Update-Related Information to System Administrators}},
    booktitle = {Workshop on Security Information Workers},
    year = {2020},
    series = {WSIW~'20},
    pages = {1--12},
    address = {Virtual Conference},
    month = feb,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{mathur-18-why-adblock,
    author = {Mathur, Arunesh and Vitak, Jessica and Narayanan, Arvind  and Chetty, Marshini},
    title = {{Characterizing the Use of Browser-Based Blocking Extensions To Prevent Online Tracking}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2018},
    series = {SOUPS~'18},
    pages = {103--116},
    address = {Baltimore, Maryland, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{matte-20-cookie-banner,
    author = {Matte, C{\'e}lestin and Bielova, Nataliia and Santos, Cristiana},
    title = {{Do Cookie Banners Respect my Choice?: Measuring Legal Compliance of Banners from IAB Europe's Transparency and Consent Framework}},
    booktitle = {IEEE Symposium on Security and Privacy},
    year = {2020},
    series = {SP~'20},
    pages = {791--809},
    address = {Virtual Conference},
    month = may,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{mayer-17-policy,
    author = {Mayer, Peter and Kirchner, Jan and Volkamer, Melanie},
    title = {{A Second Look at Password Composition Policies in the Wild: Comparing Samples from 2010 and 2016}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2017},
    series = {SOUPS~'17},
    pages = {13--28},
    address = {Santa Clara, California, USA},
    month = jul,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{mayer-17-pw-misconceptions,
    author = {Mayer, Peter and Volkamer, Melanie},
    title = {{Addressing Misconceptions about Password Security Effectively}},
    booktitle = {Workshop on Socio-Technical Aspects in Security and Trust},
    year = {2017},
    series = {STAST~'17},
    pages = {16--27},
    address = {Orlando, Florida, USA},
    month = dec,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{mayer-21-a-bit-angry,
    author = {Mayer, Peter and Zou, Yixin and Schaub, Florian and Aviv, Adam J.},
    title = {{``Now I'm a bit angry:'' Individuals' Awareness, Perception, and Responses to Data Breaches that Affected Them}},
    booktitle = {USENIX Security Symposium},
    year = {2021},
    series = {SSYM~'21},
    pages = {393--410},
    address = {Virtual Conference},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{mayer-22-pwm-edu,
    author = {Mayer, Peter and Munyendo, Collins W. and Mazurek, Michelle L. and Aviv, Adam J.},
    title = {{Why Users (Don't) Use Password Managers at a Large Educational Institution}},
    booktitle = {USENIX Security Symposium},
    year = {2022},
    series = {SSYM~'22},
    pages = {1849--1866},
    address = {Boston, Massachusetts, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@article{mayron-15-bio-mobile-auth,
    author = {Mayron, Liam M.},
    title = {{Biometric Authentication on Mobile Devices}},
    journal = {IEEE Security \& Privacy},
    year = {2015},
    volume = {13},
    number = {3},
    pages = {70--73},
    month = jun,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{mazurek-13-guessability-uni,
    author = {Mazurek, Michelle L. and Komanduri, Saranga and Vidas, Timothy and Bauer, Lujo and Christin, Nicolas and Cranor, Lorrie Faith and Kelley, Patrick Gage and Shay, Richard and Ur, Blase},
    title = {{Measuring Password Guessability for an Entire University}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2013},
    series = {CCS~'13},
    pages = {173--186},
    address = {Berlin, Germany},
    month = nov,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{mccarney-12-tapas,
    author = {McCarney, Daniel and Barrera, David and Clark, Jeremy and Chiasson, Sonia and Van Oorschot, Paul C.},
    title = {{Tapas: Design, Implementation, and Usability Evaluation of a Password Manager}},
    booktitle = {Annual Computer Security Applications Conference},
    year = {2012},
    series = {ACSAC~'12},
    pages = {89--98},
    address = {Orlando, Florida, USA},
    month = dec,
    publisher = {ACM}
}

% Approved all correct
@article{mccarty-03-botnet,
    author = {McCarty, Bill},
    title = {{Botnets: Big and Bigger}},
    journal = {IEEE Security \& Privacy},
    year = {2003},
    volume = {1},
    number = {4},
    pages = {87--90},
    month = jul,
    publisher = {IEEE}
}

% Approved all correct
@misc{mcmillan-17-burr-was-wrong,
    author = {{McMillan}, Robert},
    title = {{The Man Who Wrote Those Password Rules Has a New Tip: N3v\$r M1nd!}},
    note = {\url{https://www.wsj.com/articles/the-man-who-wrote-those-password-rules-has-a-new-tip-n3v-r-m1-d-1502124118}, as of \today},
    month = aug,
    year = {2017}
}

% Approved all correct
@inproceedings{mcnally-18-pd-for-children,
    author = {McNally, Brenna and Kumar, Priya and Hordatt, Chelsea and Mauriello, Matthew Louis and Naik, Shalmali and Norooz, Leyla and Shorter, Alazandra and Golub, Evan and Druin, Allison},
    title = {{Co-Designing Mobile Online Safety Applications with Children}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2018},
    series = {CHI~'18},
    pages = {523:1--523:9},
    address = {Montreal, Quebec, Canada},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{melicher-16-mobile-passwords,
    author = {Melicher, William and Kurilova, Darya and Segreti, Sean M. and Kalvani, Pranshu and Shay, Richard and Ur, Blase and Bauer, Lujo and Christin, Nicolas and Cranor, Lorrie Faith and Mazurek, Michelle L.},
    title = {{Usability and Security of Text Passwords on Mobile Devices}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2016},
    series = {CHI~'16},
    pages = {527--539},
    address = {San Jose, California, USA},
    month = may,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{melicher-16-rnn-psm,
    author = {Melicher, William and Ur, Blase and Segreti, Sean M. and Komanduri, Saranga and Bauer, Lujo and Christin, Nicolas and Cranor, Lorrie Faith},
    title = {{Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks}},
    booktitle = {USENIX Security Symposium},
    year = {2016},
    series = {SSYM~'16},
    pages = {175--191},
    address = {Austin, Texas, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@article{mendel-19-helping-older-relatives,
    author = {Mendel, Tamir and Toch, Eran},
    title = {{My Mom Was Getting This Popup: Understanding Motivations and Processes in Helping Older Relatives with Mobile Security and Privacy}},
    journal = {ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies},
    year = {2019},
    volume = {3},
    number = {4},
    pages = {147:1--147:20},
    month = dec,
    publisher = {ACM}
}

% Approved all correct
@article{meng-14-survey-biometric,
    author = {Meng, Weizhi and Wong, Duncan S. and Furnell, Steven and Zhou, Jianying},
    title = {{Surveying the Development of Biometric User Authentication on Mobile Phones}},
    journal = {IEEE Communications Surveys \& Tutorials},
    year = {2014},
    volume = {17},
    number = {3},
    pages = {1268--1293},
    month = dec,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{mentis-20-illusion-of-choice,
    author = {Mentis, Helena M. and Madjaroff, Galina and Massey, Aaron and Trendafilova, Zoya},
    title = {{The Illusion of Choice in Discussing Cybersecurity Safeguards Between Older Adults with Mild Cognitive Impairment and Their Caregivers}},
    booktitle = {ACM Conference on Computer-Supported Cooperative Work and Social Computing},
    year = {2020},
    series = {CSCW~'20},
    pages = {164:1--164:19},
    address = {Virtual Conference},
    month = oct,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{meyer-13-tls-attacks,
    author = {Meyer, Christopher and Schwenk, J{\"o}rg},
    title = {{SoK: Lessons Learned from SSL/TLS Attacks}},
    booktitle = {Workshop on Information Security Applications},
    year = {2013},
    series = {WISA~'13},
    pages = {189--209},
    address = {Jeju Island, South Korea},
    month = aug,
    publisher = {Springer}
}

% Approved all correct
@article{meyer-19-child-apps,
    author = {Meyer, Marisa and Adkins, Victoria and Yuan, Nalingna and Weeks, Heidi M. and Chang, Yung-Ju and Radesky, Jenny},
    title = {{Advertising in Young Children's Apps: A Content Analysis}},
    journal = {Journal of Developmental and Behavioral Pediatrics},
    year = {2019},
    volume = {40},
    number = {1},
    pages = {32--39},
    month = jan,
    publisher = {Lippincot Williams \& Wilkins}
}

% Approved all correct
@inproceedings{micallef-17-memorable-fallback,
    author = {Micallef, Nicholas and Arachchilage, Nalin Asanka Gamagedara},
    title = {{A Gamified Approach to Improve Users' Memorability of Fall-back}},
    booktitle = {Who Are You?! Adventures in Authentication Workshop},
    year = {2017},
    series = {WAY~'17},
    pages = {},
    address = {Santa Clara, California, USA},
    month = jul,
    publisher = {USENIX}
} % No page numbers for this workshop

% Approved all correct
@misc{microsoft-20-three-numbers-2fa,
    author = {{Microsoft, Inc.}},
    title = {{Sign in to Your Accounts Using the Microsoft Authenticator App}},
    note = {\url{https://docs.microsoft.com/en-us/azure/active-directory/user-help/user-help-auth-app-sign-in}, as of \today},
    month = jun,
    year = {2020}
}

% Approved all correct
@misc{miessler-18-most-common-pw,
    author = {Miessler, Daniel and Community},
    title = {{SecLists: Common-Credentials - 10-million-password-list}},
    note = {\url{https://github.com/danielmiessler/SecLists}, as of \today},
    month = mar,
    year = {2018}
} % https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials

% Approved all correct
@inproceedings{milka-18-account-takeover,
    author = {Milka, Grzergor},
    title = {{Anatomy of Account Takeover}},
    booktitle = {USENIX Enigma Conference},
    year = {2018},
    series = {Enigma~'18},
    pages = {},
    address = {Santa Clara, California, USA},
    month = jan,
    publisher = {USENIX}
} % This is a presentation, no page numbers

% Approved all correct
@misc{milkaite-19-gdpr-article-8,
    author = {Milkaite, Ingrida and Lievens, Eva},
    title = {{Status Quo Regarding the Child's Article 8 GDPR Age of Consent for Data Processing Across the EU}},
    note = {\url{https://www.betterinternetforkids.eu/practice/awareness/article?id=3017751}, as of \today},
    month = dec,
    year = {2019}
}

% Approved all correct
@inproceedings{minkus-15-children-seen,
    author = {Minkus, Tehila and Liu, Kelvin and Ross, Keith W.},
    title = {{Children Seen But Not Heard: When Parents Compromise Children's Online Privacy}},
    booktitle = {The World Wide Web Conference},
    year = {2015},
    series = {WWW~'15},
    pages = {776--786},
    address = {Florence, Italy},
    month = may,
    publisher = {ACM}
}

% Approved all correct
@misc{miraglia-19-google-3-or-18-months,
    author = {Miraglia, Eric},
    title = {{Privacy That Works for Everyone}},
    note = {\url{https://www.blog.google/technology/safety-security/privacy-everyone-io/}, as of \today},
    month = may,
    year = {2019}
}

% Approved all correct
@inproceedings{mirian-19-2fa-hacking,
    author = {Mirian, Ariana and DeBlasio, Joe and Savage, Stefan and Voelker, Geoffrey M. and Thomas, Kurt},
    title = {{Hack for Hire: Exploring the Emerging Market for Account Hijacking}},
    booktitle = {The World Wide Web Conference},
    year = {2019},
    series = {WWW~'19},
    pages = {1279--1289},
    address = {San Francisco, California, USA},
    month = may,
    publisher = {ACM}
}

% Approved all correct
@book{mitnick-02-deception,
    author = {Mitnick, Kevin D. and Simon, William L.},
    title = {{The Art of Deception: Controlling the Human Element of Security}},
    year = {2002},
    publisher = {John Wiley \& Sons},
    address = {New York, New York, USA},
    edition = {1}
}

% Approved all correct
@article{mohammad-13-nrc-database,
    author = {Mohammad, Saif M. and Turney, Peter D.},
    title = {{Crowdsourcing a Word-Emotion Association Lexicon}},
    journal = {Computational Intelligence},
    year = {2013},
    volume = {29},
    number = {3},
    pages = {436--465},
    month = aug,
    publisher = {Wiley-Blackwell}
}

% Approved all correct
@misc{mondello-18-autofill,
    author = {Mondello, Ricky},
    title = {{How iOS Encourages Healthy Password Practices}},
    note = {\url{https://www.youtube.com/watch?v=-0dwX2kf6Oc}, as of \today},
    month = nov,
    year = {2018}
}

% Approved all correct
@misc{monsees-19-google-cbwwv,
    author = {Monsees, David},
    title = {{Google Assistant: More Information About Our Processes to Safeguard Speech Data}},
    note = {\url{https://www.blog.google/products/assistant/more-information-about-our-processes-safeguard-speech-data/}, as of \today},
    month = jul,
    year = {2019}
}

% Approved all correct
@article{morris-79-pw-history,
    author = {Morris, Robert and Thompson, Ken},
    title = {{Password Security: A Case History}},
    journal = {Communications of the ACM},
    year = {1979},
    volume = {22},
    number = {11},
    pages = {594--597},
    month = nov,
    publisher = {ACM}
}

% Approved all correct
@inbook{muller-12-pd-third-space-in-hci,
    author = {Muller, Michael J. and Druin, Allison},
    title = {{Participatory Design: The Third Space in HCI}},
    year = {2012},
    chapter = {49},
    pages = {1125--1153},
    publisher = {Taylor \& Francis},
    address = {Boca Raton, Florida, USA},
    edition = {3}
} % In the book: The Human-Computer Interaction Handbook: Fundamentals, Evolving Technologies and Emerging Applications

% Approved all correct
@article{murmann-17-survey-tets,
    author = {Murmann, Patrick and Fischer-H\"ubner, Simone},
    title = {{Tools for Achieving Usable Ex Post Transparency: A Survey}},
    journal = {IEEE Access},
    year = {2017},
    volume = {5},
    number = {},
    pages = {22965--22991},
    month = oct,
    publisher = {IEEE}
} % This journal does not have issue numbers

% Approved all correct
@inproceedings{naor-19-heavy-hitters,
    author = {Naor, Moni and Pinkas, Benny and Ronen, Eyal},
    title = {{How to (not) Share a Password: Privacy Preserving Protocols for Finding Heavy Hitters with Adversarial Behavior}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2019},
    series = {CCS~'19},
    pages = {1369--1386},
    address = {London, United Kingdom},
    month = nov,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{narayanan-05-markov,
    author = {Narayanan, Arvind and Shmatikov, Vitaly},
    title = {{Fast Dictionary Attacks on Passwords Using Time-Space Tradeoff}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2005},
    series = {CCS~'05},
    pages = {364--372},
    address = {Alexandria, Virginia, USA},
    month = oct,
    publisher = {ACM}
}

% Approved all correct
@misc{ncsc-16-simplify,
    author = {{National Cyber Security Centre}},
    title = {{Password Guidance: Simplifying Your Approach}},
    note = {\url{https://www.ncsc.gov.uk/guidance/password-guidance-simplifying-your-approach}, as of \today},
    month = jan,
    year = {2016}
}

% Approved all correct
@misc{ncsc-16-password-expiry,
    author = {{National Cyber Security Centre}},
    title = {{The Problems with Forcing Regular Password Expiry}},
    note = {\url{https://www.ncsc.gov.uk/articles/problems-forcing-regular-password-expiry}, as of \today},
    month = dec,
    year = {2016}
}

% Approved all correct
@misc{ncsc-18-cloud-guidance,
    author = {{National Cyber Security Centre}},
    title = {{Cloud Security Guidance: Identity and Authentication}},
    note = {\url{https://www.ncsc.gov.uk/collection/cloud-security/implementing-the-cloud-security-principles/identity-and-authentication}, as of \today},
    month = nov,
    year = {2018}
}

% Approved all correct
@misc{ncsc-21-cyber-security-terms,
    author = {{National Cyber Security Centre}},
    title = {{NCSC Glossary: Definitions for Common Cyber Security Terms}},
    note = {\url{https://www.ncsc.gov.uk/information/ncsc-glossary}, as of \today},
    month = dec,
    year = {2021}
}

% Approved all correct
@inproceedings{neil-21-remediation-advice,
    author = {Neil, Lorenzo and Bouma-Sims, Elijah and Lafontaine, Evan and Acar, Yasemin and Reaves, Bradley},
    title = {{Investigating Web Service Account Remediation Advice}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2021},
    series = {SOUPS~'21},
    pages = {359--376},
    address = {Virtual Conference},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@misc{nepper-21-single-tap,
    author = {Nepper, Patrick},
    title = {{Fix Your Passwords in Chrome With a Single Tap}},
    note = {\url{https://blog.google/products/chrome/automated-password-changes/}, as of \today},
    month = may,
    year = {2021}
}

% Approved all correct
@misc{newman-19-encrypt-cheap-phones,
    author = {Newman, Lily Hay},
    title = {{Google's Making it Easier to Encrypt Even Cheap Android Phones}},
    note = {\url{https://www.wired.com/story/android-encryption-cheap-smartphones/}, as of \today},
    month = feb,
    year = {2019}
}

% Approved all correct
@misc{newman-20-autodelete-18-months,
    author = {Newman, Lily Hay},
    title = {{Google Will Delete Your Data by Default--In 18 Months}},
    note = {\url{https://www.wired.com/story/google-auto-delete-data/}, as of \today},
    month = jun,
    year = {2020}
}

% Approved all correct
@misc{newton-19-jumbo-app,
    author = {Newton, Casey},
    title = {{Jumbo: Is a Powerful Privacy Assistant for iOS That Cleans up Your Social Profiles}},
    note = {\url{https://www.theverge.com/2019/4/9/18300775}, as of \today},
    month = apr,
    year = {2019}
}

% Approved all correct
@misc{nguyen-18-firefox-monitor,
    author = {Nguyen, Nick},
    title = {{Introducing Firefox Monitor: Helping People Take Control After a Data Breach}},
    note = {\url{https://blog.mozilla.org/en/products/firefox/introducing-firefox-monitor-helping-people-take-control-after-a-data-breach/}, as of \today},
    month = sep,
    year = {2018}
}

% Approved all correct
@inproceedings{nguyen-21-violations,
    author = {Nguyen, Trung Tin and Backes, Michael and Marnau, Ninja and Stock, Ben},
    title = {{Share First, Ask Later (or Never?) Studying Violations of GDPR's Explicit Consent in Android Apps}},
    booktitle = {USENIX Security Symposium},
    year = {2021},
    series = {SSYM~'21},
    pages = {3667--3684},
    address = {Virtual Conference},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{nicholson-19-headline,
    author = {Nicholson, James and Coventry, Lynne and Briggs, Pamela},
    title = {{``If It's Important It Will Be A Headline'': Cybersecurity Information Seeking in Older Adults}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2019},
    series = {CHI~'19},
    pages = {349:1--349:11},
    address = {Glasgow, Scotland, United Kingdom},
    month = may,
    publisher = {ACM}
}

% Approved all correct
@misc{nist-13-sp800-63-2,
    author = {Burr, William E. and Dodson, Donna F. and Polk, W. Timothy},
    title = {{Electronic Authentication Guideline: NIST Special Publication 800-63-2}},
    month = aug,
    year = {2013}
}

% Approved all correct
@misc{nist-17-sp800-63b,
    author = {Grassi, Paul A. and Fenton, James L. and Burr, William E.},
    title = {{Digital Identity Guidelines -- Authentication and Lifecycle Management: NIST Special Publication 800-63B}},
    month = jun,
    year = {2017}
}

% Approved all correct
@inproceedings{nouwens-20-dark-patterns,
    author = {Nouwens, Midas and Liccardi, Ilaria and Veale, Michael and Karger, David and Kagal, Lalana},
    title = {{Dark Patterns after the GDPR: Scraping Consent Pop-ups and Demonstrating their Influence}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2020},
    series = {CHI~'20},
    pages = {1--13},
    address = {Honolulu, Hawaii, USA},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@article{obar-18-biggest-lie,
    author = {Obar, Jonathan A. and Oeldorf-Hirsch, Anne},
    title = {{The Biggest Lie on the Internet: Ignoring the Privacy Policies and Terms of Service Policies of Social Networking Services}},
    journal = {Information, Communication \& Society},
    year = {2018},
    volume = {23},
    number = {1},
    pages = {128--147},
    month = jul,
    publisher = {Taylor \& Francis}
}

% Approved all correct
@misc{oconnor-20-origin-bound-otp-autofill,
    author = {O'Connor, Theresa and Goto, Sam},
    title = {{Origin-Bound One-Time Codes Delivered via SMS}},
    note = {\url{https://wicg.github.io/sms-one-time-codes/}, as of \today},
    month = aug,
    year = {2020}
}

% Approved all correct
@misc{oconnor-21-well-known,
    author = {O'Connor, Theresa and Mondello, Ricky},
    title = {{A Well-Known URL for Changing Passwords}},
    note = {\url{https://w3c.github.io/webappsec-change-password-url/}, as of \today},
    month = jan,
    year = {2021}
}

% Approved all correct
@inproceedings{ohyama-15-social-meter,
    author = {Ohyama, Takahiro and Kanaoka, Akira},
    title = {{Poster: Password Strength Meters using Social Influence}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2015},
    series = {SOUPS~'15},
    pages = {},
    address = {Ottawa, Ontario, Canada},
    month = jul,
    publisher = {USENIX}
} % No page numbers for posters

% Approved all correct
@inproceedings{oiwa-09-pake-prevent-phishing,
    author = {Oiwa, Yutaka and Takagi, Hiromitsu and Watanabe, Hajime and Suzuki, Hirofumi},
    title = {{PAKE-Based Mutual HTTP Authentication for Preventing Phishing Attacks}},
    booktitle = {The World Wide Web Conference},
    year = {2009},
    series = {WWW~'09},
    pages = {1143--1144},
    address = {Madrid, Spain},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@article{okeeffe-11-impact-social-media,
    author = {O'Keeffe, Gwenn Schurgin and Clarke-Pearson, Kathleen},
    title = {{The Impact of Social Media on Children, Adolescents, and Families}},
    journal = {Pediatrics},
    year = {2011},
    volume = {127},
    number = {4},
    pages = {800--804},
    month = apr,
    publisher = {American Academy of Pediatrics}
}

% Approved all correct
@misc{olivarez-giles-16-my-activity,
    author = {Olivarez-Giles, Nathan},
    title = {{How to Use Google's New My Activity Privacy Tool}},
    note = {\url{https://www.wsj.com/articles/how-to-use-googles-new-my-activity-privacy-tool-1467402973}, as of \today},
    month = jul,
    year = {2016}
}

% Approved all correct
@inproceedings{oltrogge-21-tls-android,
    author = {Oltrogge, Marten and Huaman, Nicolas and Amft, Sabrina and Acar, Yasemin and Backes, Michael and Fahl, Sascha},
    title = {{Why Eve and Mallory Still Love Android: Revisiting TLS (In)Security in Android Applications}},
    booktitle = {USENIX Security Symposium},
    year = {2021},
    series = {SSYM~'21},
    pages = {4347--4364},
    address = {Virtual Conference},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{onaolapo-16-leaked-credentials,
    author = {Onaolapo, Jeremiah and Mariconti, Enrico and Stringhini, Gianluca},
    title = {{What Happens After You Are Pwnd: Understanding the Use of Leaked Webmail Credentials in the Wild}},
    booktitle = {Internet Measurement Conference},
    year = {2016},
    series = {IMC~'16},
    pages = {65--79},
    address = {Santa Monica, California, USA},
    month = nov,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{oogami-20-webauthn-yahoo,
    author = {Oogami, Wataru and Gomi, Hidehito and Yamaguchi, Shuji and Yamanaka, Shota and Higurashi, Tatsuru},
    title = {{Poster: Observation Study on Usability Challenges for Fingerprint Authentication Using WebAuthn-enabled Android Smartphones}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2020},
    series = {SOUPS~'20},
    pages = {},
    address = {Virtual Conference},
    month = aug,
    publisher = {USENIX}
} % No page numbers for posters

% Approved all correct
@misc{ormandy-20-stop-sms-2fa,
    author = {Ormandy, Tavis},
    title = {{You Don't Need SMS-2FA}},
    note = {\url{https://blog.cmpxchg8b.com/2020/07/you-dont-need-sms-2fa.html}, as of \today},
    month = jul,
    year = {2020}
}

% Approved all correct
@inproceedings{owens-08-ssh-attacks,
    author = {Owens, Jim and Matthews, Jeanna},
    title = {{A Study of Passwords and Methods Used in Brute-Force SSH Attacks}},
    booktitle = {USENIX Workshop on Large-Scale Exploits and Emergent Threats},
    year = {2008},
    series = {LEET~'08},
    pages = {1--8},
    address = {San Francisco, California, USA},
    month = apr,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{owens-20-fido2-smartphones,
    author = {Owens, Kentrell and Ur, Blase and Anise, Olabode},
    title = {{A Framework for Evaluating the Usability and Security of Smartphones as FIDO2 Roaming Authenticators}},
    booktitle = {Who Are You?! Adventures in Authentication Workshop},
    year = {2020},
    series = {WAY~'20},
    pages = {1--5},
    address = {Virtual Conference},
    month = aug,
    publisher = {}
} % No publisher

% Approved all correct
@inproceedings{owens-21-roaming,
    author = {Owens, Kentrell and Anise, Olabode and Krauss, Amanda and Ur, Blase},
    title = {{User Perceptions of the Usability and Security of Smartphones as FIDO2 Roaming Authenticators}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2021},
    series = {SOUPS~'21},
    pages = {57--76},
    address = {Virtual Conference},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{pal-19-personal-psm,
    author = {Pal, Bijeeta and Daniel, Tal and Chatterjee, Rahul and Ristenpart, Thomas},
    title = {{Beyond Credential Stuffing: Password Similarity Models using Neural Networks}},
    booktitle = {IEEE Symposium on Security and Privacy},
    year = {2019},
    series = {SP~'19},
    pages = {866--883},
    address = {San Francisco, California, USA},
    month = may,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{pal-21-might-i-get-pwned,
    author = {Pal, Bijeeta and Islam, Mazharul and Sanusi, Marina and Sullivan, Nick and Valenta, Luke and Whalen, Tara and Wood, Christopher A. and Ristenpart, Thomas and Chatterjee, Rahul},
    title = {{Might I Get Pwned: A Second Generation Compromised Credential Checking Service}},
    booktitle = {USENIX Security Symposium},
    year = {2022},
    series = {SSYM~'22},
    pages = {},
    address = {Boston, Massachusetts, USA},
    month = aug,
    publisher = {USENIX}
} % Was implemented by CloudFlare https://blog.cloudflare.com/privacy-preserving-compromised-credential-checking/, will need an update

% Approved all correct
@misc{palow-13-look-at-passwords,
    author = {Palow, Christopher},
    title = {{After Watching This Talk, You'll Never Look at Passwords the Same Again}},
    note = {\url{http://www.meetup.com/HNLondon/events/150289672/}, as of \today},
    month = nov,
    year = {2013}
} % Down https://vimeo.com/80460475

% Approved all correct
@inproceedings{pearman-17-habitat,
    author = {Pearman, Sarah and Thomas, Jeremy and Naeini, Pardis Emami and Habib, Hana and Bauer, Lujo and Christin, Nicolas and Cranor, Lorrie Faith and Egelman, Serge and Forget, Alain},
    title = {{Let's Go in for a Closer Look: Observing Passwords in Their Natural Habitat}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2017},
    series = {CCS~'17},
    pages = {295--310},
    address = {Dallas, Texas, USA},
    month = oct,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{pearman-19-use-pw-manager,
    author = {Pearman, Sarah and Zhang, Shikun Aerin and Bauer, Lujo and Christin, Nicolas and Cranor, Lorrie Faith},
    title = {{Why People (Don't) Use Password Managers Effectively}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2019},
    series = {SOUPS~'19},
    pages = {319--338},
    address = {Santa Clara, California, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@article{peer-17-beyond-turk,
    author = {Peer, Eyal and Brandimarte, Laura and Samat, Sonam and Acquisti, Alessandro},
    title = {{Beyond the Turk: Alternative Platforms for Crowdsourcing Behavioral Research}},
    journal = {Journal of Experimental Social Psychology},
    year = {2017},
    volume = {70},
    number = {5},
    pages = {153--163},
    month = may,
    publisher = {Elsevier}
}

% Approved all correct
@article{peer-20-nudge-me-right,
    author = {Peer, Eyal and Egelman, Serge and Harbach, Marian and Malkin, Nathan and Mathur, Arunesh and Frik, Alisa},
    title = {{Nudge Me Right: Personalizing Online Security Nudges to People's Decision-Making Styles}},
    journal = {Computers in Human Behavior},
    year = {2020},
    volume = {109},
    number = {},
    pages = {1--9},
    month = aug,
    publisher = {Elsevier}
} % This journal does not have an issue number

% Approved all correct
@misc{peslyak-96-jtr,
    author = {Peslyak (``Solar Designer''), Alexander and Community},
    title = {{John the Ripper}},
    note = {\url{http://www.openwall.com/john/}, as of \today},
    month = jul,
    year = {1996}
} % https://twitter.com/solardiz/status/1006187451617103872

% Approved all correct
@inproceedings{petelka-19-phishing-warnings,
    author = {Petelka, Justin and Zou, Yixin and Schaub, Florian},
    title = {{Put Your Warning Where Your Link Is: Improving and Evaluating Email Phishing Warnings}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2019},
    series = {CHI~'19},
    pages = {518:1--518:15},
    address = {Glasgow, Scotland, United Kingdom},
    month = may,
    publisher = {ACM}
}

% Approved all correct
@misc{peters-21-one-click,
    author = {Peters, Jay},
    title = {{Dashlane Is Giving Its One-Click Password Changer a Big Upgrade}},
    note = {\url{https://www.theverge.com/2021/3/11/22320467}, as of \today},
    month = mar,
    year = {2021}
}

% Approved all correct
@inproceedings{petsas-15-google-2fa-adoption,
    author = {Petsas, Thanasis and Tsirantonakis, Giorgos and Athanasopoulos, Elias and Ioannidis, Sotiris},
    title = {{Two-Factor Authentication: Is the World Ready? Quantifying 2FA Adoption}},
    booktitle = {European Workshop on System Security},
    year = {2015},
    series = {EuroSec~'15},
    pages = {4:1--4:7},
    address = {Bordeaux, France},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@article{pfleeger-14-security-hero,
    author = {Pfleeger, Shari Lawrence and Sasse, Martina Angela and Furnham, Adrian},
    title = {{From Weakest Link to Security Hero: Transforming Staff Security Behavior}},
    journal = {Journal of Homeland Security and Emergency Management},
    year = {2014},
    volume = {11},
    number = {4},
    pages = {489--510},
    month = oct,
    publisher = {De Gruyter}
}

% Approved all correct
@misc{pierce-20-google-3-and-18-months,
    author = {Pierce, David},
    title = {{Google's New Magic Number for Storing Personal Data: 18 Months}},
    note = {\url{https://www.protocol.com/google-delete-data-18-months}, as of \today},
    month = jun,
    year = {2020}
}

% Approved all correct
@article{pinchot-12-facebook-pkq,
    author = {Pinchot, Jamie L. and Paullet, Karen L.},
    title = {{What's in Your Profile? Mapping Facebook Profile Data to Personal Security Questions}},
    journal = {Issues in Information Systems},
    year = {2012},
    volume = {13},
    number = {1},
    pages = {284--293},
    month = mar,
    publisher = {IACIS}
}

% Approved all correct
@inproceedings{plane-17-discrimination,
    author = {Plane, Angelisa C. and Redmiles, Elissa M. and Mazurek, Michelle L. and Tschantz, Michael Carl},
    title = {{Exploring User Perceptions of Discrimination in Online Targeted Advertising}},
    booktitle = {USENIX Security Symposium},
    year = {2017},
    series = {SSYM~'17},
    pages = {935--951},
    address = {Vancouver, British Columbia, Canada},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{pliam-00-entropy,
    author = {Pliam, John O.},
    title = {{On the Incomparability of Entropy and Marginal Guesswork in Brute-Force Attacks}},
    booktitle = {International Conference in Cryptology in India},
    year = {2000},
    series = {INDOCRYPT~'00},
    pages = {67--79},
    address = {Calcutta, India},
    month = dec,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{poddebniak-18-efail,
    author = {Poddebniak, Damian and Dresen, Christian and M{\"u}ller, Jens and Ising, Fabian and Schinzel, Sebastian and Friedberger, Simon and Somorovsky, Juraj and Schwenk, J{\"o}rg},
    title = {{Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels}},
    booktitle = {USENIX Security Symposium},
    year = {2018},
    series = {SSYM~'18},
    pages = {549--566},
    address = {Baltimore, Maryland, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{poornachandran-15-reuse,
    author = {Poornachandran, Prabaharan and Nithun, M. and Pal, Soumajit and Ashok, Aravind and Ajayan, Aravind},
    title = {{Password Reuse Behavior: How Massive Online Data Breaches Impacts Personal Data in Web}},
    booktitle = {Innovations in Computer Science and Engineering},
    year = {2015},
    series = {ICICSE~'15},
    pages = {199--210},
    address = {Hyderabad, India},
    month = aug,
    publisher = {Springer}
}

% Approved all correct
@misc{pullman-19-password-checkup,
    author = {Pullman, Jennifer and Thomas, Kurt and Bursztein, Elie},
    title = {{Password Checkup: Protect Your Accounts From Data Breaches With Password Checkup}},
    note = {\url{https://security.googleblog.com/2019/02/protect-your-accounts-from-data.html}, as of \today},
    month = feb,
    year = {2019}
}

% Approved all correct
@inproceedings{qiu-19-age-effects,
    author = {Qiu, Lina and De Luca, Alexander and Muslukhov, Ildar and Beznosov, Konstantin},
    title = {{Towards Understanding the Link Between Age and Smartphone Authentication}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2019},
    series = {CHI~'19},
    pages = {163:1--163:10},
    address = {Glasgow, Scotland, United Kingdom},
    month = may,
    publisher = {ACM}
}

% Approved all correct
@article{quan-haase-20-older-adults,
    author = {Quan-Haase, Anabel and Ho, Dennis},
    title = {{Online Privacy Concerns and Privacy Protection Strategies Among Older Adults in East York, Canada}},
    journal = {Journal of the Association for Information Science and Technology},
    year = {2020},
    volume = {71},
    number = {9},
    pages = {1089--1102},
    month = may,
    publisher = {Wiley-Blackwell}
}

% Approved all correct
@inproceedings{quermann-18-in-the-wild,
    author = {Quermann, Nils and Harbach, Marian and D\"{u}rmuth, Markus},
    title = {{The State of User Authentication in the Wild}},
    booktitle = {Who Are You?! Adventures in Authentication Workshop},
    year = {2018},
    series = {WAY~'18},
    pages = {},
    address = {Baltimore, Maryland, USA},
    month = aug,
    publisher = {USENIX}
} % There are no page numbers for this WAY

% Approved all correct
@inproceedings{rabkin-08-pkq-facebook,
    author = {Rabkin, Ariel},
    title = {{Personal Knowledge Questions for Fallback Authentication: Security Questions in the Era of Facebook}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2008},
    series = {SOUPS~'08},
    pages = {13--23},
    address = {Pittsburgh, Pennsylvania, USA},
    month = jul,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{rader-14-awareness-google,
    author = {Rader, Emilee},
    title = {{Awareness of Behavioral Tracking and Information Privacy Concern in Facebook and Google}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2014},
    series = {SOUPS~'14},
    pages = {51--67},
    address = {Menlo Park, California, USA},
    month = jul,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{rader-20-inferences-vs-perceptions,
    author = {Rader, Emilee and Hautea, Samantha and Munasinghe, Anjali},
    title = {{``I Have a Narrow Thought Process'': Constraints on Explanations Connecting Inferences and Self-Perceptions}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2020},
    series = {SOUPS~'20},
    pages = {457--488},
    address = {Virtual Conference},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{rao-14-what-do-they-know,
    author = {Rao, Ashwini and Schaub, Florian and Sadeh, Norman},
    title = {{What do they know about me? Contents and Concerns of Online Behavioral Profiles}},
    booktitle = {ASE International Conference on Privacy, Security, Risk and Trust},
    year = {2014},
    series = {PASSAT~'14},
    pages = {1--13},
    address = {Cambridge, Massachusetts, USA},
    month = dec,
    publisher = {ASE}
}

% Approved all correct
@inproceedings{rao-16-unexpected,
    author = {Rao, Ashwini and Schaub, Florian and Sadeh, Norman and Acquisti, Alessandro and Kang, Ruogu},
    title = {{Expecting the Unexpected: Understanding Mismatched Privacy Expectations Online}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2016},
    series = {SOUPS~'16},
    pages = {77--96},
    address = {Denver, Colorado, USA},
    month = jul,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{raschke-17-usable-pri-dashboard,
    author = {Raschke, Philip and K\"upper, Axel and Drozd, Olha and Kirrane, Sabrina},
    title = {{Designing a GDPR-Compliant and Usable Privacy Dashboard}},
    booktitle = {IFIP International Summer School on Privacy and Identity Management},
    year = {2017},
    series = {IFIP~SC~'17},
    pages = {221--236},
    address = {Ispra, Italy},
    month = sep,
    publisher = {IFIP}
}

% Approved all correct
@inproceedings{razaghpanah-18-mobile-tracking,
    author = {Razaghpanah, Abbas and Nithyanand, Rishab and Vallina{-}Rodriguez, Narseo and Sundaresan, Srikanth  and Allman, Mark and Kreibich, Christian and Gill, Phillipa},
    title = {{Apps, Trackers, Privacy, and Regulators: A Global Study of the Mobile Tracking Ecosystem}},
    booktitle = {Symposium on Network and Distributed System Security},
    year = {2018},
    series = {NDSS~'18},
    pages = {},
    address = {San Diego, California, USA},
    month = feb,
    publisher = {ISOC}
} % NDSS does not have page numbers

% Approved all correct
@inproceedings{redmiles-16-advice-digital-security,
    author = {Redmiles, Elissa M. and Malone, Amelia R. and Mazurek, Michelle L.},
    title = {{I Think They're Trying to Tell Me Something: Advice Sources and Selection for Digital Security}},
    booktitle = {IEEE Symposium on Security and Privacy},
    year = {2016},
    series = {SP~'16},
    pages = {272--288},
    address = {San Jose, California, USA},
    month = may,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{redmiles-16-learned-to-be-secure,
    author = {Redmiles, Elissa M. and Kross, Sean and Mazurek, Michelle L.},
    title = {{How I Learned to Be Secure: A Census-Representative Survey of Security Advice Sources and Behavior}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2016},
    series = {CCS~'16},
    pages = {666--677},
    address = {Vienna, Austria},
    month = oct,
    publisher = {ACM}
}

% Approved all correct
@techreport{redmiles-17-best-practices,
    author = {Redmiles, Elissa M. and Acar, Yasemin and Fahl, Sascha and Mazurek, Michelle L.},
    title = {{A Summary of Survey Methodology Best Practices for Security and Privacy Researchers}},
    institution = {UM Computer Science Department},
    year = {2017},
    type = {Technical Report},
    number = {CS-TR-5055},
    month = may
}

% Approved all correct
@inproceedings{redmiles-17-2fa-msg-design,
    author = {Redmiles, Elissa M. and Liu, Everest and Mazurek, Michelle L.},
    title = {{You Want Me To Do What? A Design Study of Two-Factor Authentication Messages}},
    booktitle = {Who Are You?! Adventures in Authentication Workshop},
    year = {2017},
    series = {WAY~'17},
    pages = {1--5},
    address = {Santa Clara, California, USA},
    month = aug,
    publisher = {}
} % No publisher

% Approved all correct
@inproceedings{redmiles-18-who-clicks,
    author = {Redmiles, Elissa M. and Chachra, Neha and Waismeyer, Brian},
    title = {{Examining the Demand for Spam: Who Clicks?}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2018},
    series = {CHI~'18},
    pages = {212:1--212:10},
    address = {Montreal, Quebec, Canada},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{redmiles-18-dancing-pigs,
    author = {Redmiles, Elissa M. and Mazurek, Michelle L. and Dickerson, John P.},
    title = {{Dancing Pigs or Externalities? Measuring the Rationality of Security Decisions}},
    booktitle = {ACM Conference on Economics and Computation},
    year = {2018},
    series = {EC~'18},
    pages = {215--232},
    address = {Ithaca, New York, USA},
    month = jun,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{redmiles-18-asking-friend,
    author = {Redmiles, Elissa M. and Zhu, Ziyun and Kross, Sean and Kuchhal, Dhruv and Dumitras, Tudor and Mazurek, Michelle L.},
    title = {{Asking for a Friend: Evaluating Response Biases in Security User Studies}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2018},
    series = {CCS~'18},
    pages = {1238--1255},
    address = {Toronto, Ontario, Canada},
    month = oct,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{redmiles-19-should-worry,
    author = {Redmiles, Elissa M.},
    title = {{``Should I Worry?'' A Cross-Cultural Examination of Account Security Incident Response}},
    booktitle = {IEEE Symposium on Security and Privacy},
    year = {2019},
    series = {SP~'19},
    pages = {920--934},
    address = {San Francisco, California, USA},
    month = may,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{redmiles-19-mturk-generalization,
    author = {Redmiles, Elissa M. and Kross, Sean and Mazurek, Michelle L.},
    title = {{How Well Do My Results Generalize? Comparing Security and Privacy Survey Results from MTurk, Web, and Telephone Samples}},
    booktitle = {IEEE Symposium on Security and Privacy},
    year = {2019},
    series = {SP~'19},
    pages = {227--244},
    address = {San Francisco, California, USA},
    month = may,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{redmiles-20-advice,
    author = {Redmiles, Elissa M. and Warford, Noel and Jayanti, Amritha and Koneru, Aravind and Kross, Sean and Morales, Miraida and Stevens, Rock and Mazurek, Michelle L.},
    title = {{A Comprehensive Quality Evaluation of Security and Privacy Advice on the Web}},
    booktitle = {USENIX Security Symposium},
    year = {2020},
    series = {SSYM~'20},
    pages = {89--108},
    address = {Virtual Conference},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@misc{reed-18-graykey-malwarebytes,
    author = {Reed, Thomas},
    title = {{GrayKey iPhone Unlocker Poses Serious Security Concerns}},
    note = {\url{https://blog.malwarebytes.com/security-world/2018/03/graykey-iphone-unlocker-poses-serious-security-concerns/}, as of \today},
    month = mar,
    year = {2018}
}

% Approved all correct
@article{reeder-11-secondary-auth,
    author = {Reeder, Robert W. and Schechter, Stuart},
    title = {{When the Password Doesn't Work: Secondary Authentication for Websites}},
    journal = {IEEE Security \& Privacy},
    year = {2011},
    volume = {9},
    number = {2},
    pages = {43--49},
    month = mar,
    publisher = {IEEE}
}

% Approved all correct
@article{reeder-17-152-simple-steps,
    author = {Reeder, Robert W. and Ion, Iulia and Consolvo, Sunny},
    title = {{152 Simple Steps to Stay Safe Online: Security Advice for Non-Tech-Savvy Users}},
    journal = {IEEE Security \& Privacy},
    year = {2017},
    volume = {15},
    number = {5},
    pages = {55--64},
    month = oct,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{reeder-18-warning-reaction,
    author = {Reeder, Robert W. and Felt, Adrienne Porter and Consolvo, Sunny and Malkin, Nathan and Thompson, Christopher and Egelman, Serge},
    title = {{An Experience Sampling Study of User Reactions to Browser Warnings in the Field}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2018},
    series = {CHI~'18},
    pages = {512:1--512:13},
    address = {Montreal, Quebec, Canada},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{reese-19-comp-five-2fa,
    author = {Reese, Ken and Smith, Trevor and Dutson, Jonathan and Armknecht, Jonathan and Cameron, Jacob and Seamons, Kent},
    title = {{A Usability Study of Five Two-Factor Authentication Methods}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2019},
    series = {SOUPS~'19},
    pages = {357--370},
    address = {Santa Clara, California, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@misc{reilly-19-helicopter-app,
    author = {Reilly, Natalie},
    title = {{The Problem With Helicopter Parenting Is That It Works}},
    note = {\url{https://www.smh.com.au/lifestyle/life-and-relationships/the-problem-with-helicopter-parenting-is-that-it-works-20190410-p51csx.html}, as of \today},
    month = apr,
    year = {2019}
}

% Approved all correct
@inproceedings{renaud-10-pictures-question,
    author = {Renaud, Karen and Just, Mike},
    title = {{Pictures or Questions? Examining User Responses to Association-Based Authentication}},
    booktitle = {BCS Conference on Human-Computer Interaction},
    year = {2010},
    series = {HCI~'10},
    pages = {98--107},
    address = {Dundee, United Kingdom},
    month = sep,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{renaud-15-mental-models,
    author = {Renaud, Karen and Volkamer, Melanie},
    title = {{Exploring Mental Models Underlying PIN Management Strategies}},
    booktitle = {World Congress on Internet Security},
    year = {2015},
    series = {WorldCIS~'15},
    pages = {19--21},
    address = {Dublin, United Kingdom},
    month = oct,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{reyes-18-coppa-compliance,
    author = {Reyes, Irwin and Wijesekera, Primal and Reardon, Joel and On, Amit Elazari Bar and Razaghpanah, Abbas and Vallina-Rodriguez, Narseo and Egelman, Serge},
    title = {{``Won't Somebody Think of the Children?'' Examining COPPA Compliance at Scale}},
    booktitle = {Privacy Enhancing Technologies Symposium},
    year = {2018},
    series = {PETS~'18},
    pages = {63--83},
    address = {Barcelona, Spain},
    month = jul,
    publisher = {Sciendo}
}

% Approved all correct
@inproceedings{reynaga-15-smartphone-catpcha,
    author = {Reynaga, Gerardo and Chiasson, Sonia and van Oorschot, Paul C.},
    title = {{Exploring the Usability of CAPTCHAS on Smartphones: Comparisons and Recommendations}},
    booktitle = {Workshop on Usable Security},
    year = {2015},
    series = {USEC~'15},
    pages = {},
    address = {San Diego, California, USA},
    month = feb,
    publisher = {ISOC}
} % USEC does not have page numbers

% Approved all correct
@inproceedings{reynolds-18-yubikey,
    author = {Reynolds, Joshua and Smith, Trevor and Reese, Ken and Dickinson, Luke and Ruoti, Scott and Seamons, Kent E.},
    title = {{A Tale of Two Studies: The Best and Worst of YubiKey Usability}},
    booktitle = {IEEE Symposium on Security and Privacy},
    year = {2018},
    series = {SP~'18},
    pages = {872--888},
    address = {San Francisco, California, USA},
    month = may,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{reynolds-20-measure-2fa-usability,
    author = {Reynolds, Joshua and Samarin, Nikita and Barnes, Joseph and Judd, Taylor and Mason, Joshua and Bailey, Michael and Egelman, Serge},
    title = {{Empirical Measurement of Systemic 2FA Usability}},
    booktitle = {USENIX Security Symposium},
    year = {2020},
    series = {SSYM~'20},
    pages = {127--143},
    address = {Virtual Conference},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{rinn-15-literacy-pw-habits,
    author = {Rinn, Caitlin and Summers, Kathryn and Rhodes, Emily and Virothaisakun, Jo\"{e}l and Chisnell, Dana},
    title = {{Password Creation Strategies Across High- and Low-literacy Web Users}},
    booktitle = {ASIS\&T Annual Meeting: Information Science with Impact},
    year = {2015},
    series = {ASIST~'15},
    pages = {52:1--52:9},
    address = {St. Louis, Missouri, USA},
    month = nov,
    publisher = {ASIS\&T}
}

% Approved all correct
@inproceedings{rivera-20-rba-latency,
    author = {Rivera, Esteban and Tengana, Lizzy and Solano, Jes\'{u}s and Castelblanco, Alejandra and L\'{o}pez, Christian and Ochoa, Mart\'{\i}n},
    title = {{Risk-Based Authentication Based on Network Latency Profiling}},
    booktitle = {ACM Workshop on Artifical Intelligence and Security},
    year = {2020},
    series = {AISec~'20},
    pages = {105--115},
    address = {Virtual Conference},
    month = nov,
    publisher = {ACM}
}

% Approved all correct
@incollection{rogers-97-pmt,
    author = {Rogers, Ronald W. and Prentice-Dunn, Steven},
    title = {{Protection Motivation Theory}},
    booktitle = {Handbook of Health Behavior Research I: Personal and Social Determinants},
    editor = {Gochman, David S.},
    year = {1997},
    pages = {113--132},
    address = {New York, New York, USA},
    month = aug,
    publisher = {Plenum Press}
}

% Approved all correct
@techreport{rohrmann-07-verbal,
    author = {Rohrmann, Bernd},
    title = {{Verbal Qualifiers for Rating Scales: Sociolinguistic Considerations and Psychometric Data}},
    institution = {University of Melbourne},
    year = {2007},
    type = {Technical Report},
    number = {VQSBR07},
    month = jan
}

% Approved all correct
@article{rosenblum-07-what-anyone-can-know,
    author = {Rosenblum, David},
    title = {{What Anyone Can Know: The Privacy Risks of Social Networking Sites}},
    journal = {IEEE Security \& Privacy},
    year = {2007},
    volume = {5},
    number = {3},
    pages = {40--49},
    month = jun,
    publisher = {IEEE}
}

% Approved all correct
@article{ross-07-fingerprint-template-to-image,
    author = {Ross, Arun and Shah, Jidnya and Jain, Anil K.},
    title = {{From Template to Image: Reconstructing Fingerprints from Minutiae Points}},
    journal = {IEEE Transactions on Pattern Analysis and Machine Intelligence},
    year = {2007},
    volume = {29},
    number = {4},
    pages = {544--560},
    month = feb,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{sahin-21-typo-tolerant,
    author = {Sahin, Sena and Li, Frank},
    title = {{Don't Forget the Stuffing! Revisiting the Security Impact of Typo-Tolerant Password Authentication}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2021},
    series = {CCS~'21},
    pages = {252--270},
    address = {Virtual Conference},
    month = nov,
    publisher = {ACM}
}

% Approved all correct
@techreport{sahni-16-personalization,
    author = {Sahni, Navdeep S. and Wheeler, S. Christian and Chintagunta, Pradeep K.},
    title = {{Personalization in Email Marketing: The Role of Non-Informative Advertising Content}},
    institution = {Stanford University Graduate School of Business},
    year = {2016},
    type = {Technical Report},
    number = {3409},
    month = feb
}

% Approved all correct
@inproceedings{saleem-20-anatomy,
    author = {Saleem, Hamza and Naveed, Muhammad},
    title = {{SoK: Anatomy of Data Breaches}},
    booktitle = {Privacy Enhancing Technologies Symposium},
    year = {2020},
    series = {PETS~'20},
    pages = {153--174},
    address = {Virtual Conference},
    month = jul,
    publisher = {Sciendo}
}

% Approved all correct
@inproceedings{sanchez-rola-19-gdpr-cookie-control,
    author = {Sanchez-Rola, Iskander and Dell'Amico, Matteo and Kotzias, Platon and Balzarotti, Davide and Bilge, Leyla and Vervier, Pierre-Antoine and Santos, Igor},
    title = {{Can I Opt Out Yet? GDPR and the Global Illusion of Cookie Control}},
    booktitle = {ACM Asia Conference on Computer and Communications Security},
    year = {2019},
    series = {ASIA~CCS~'19},
    pages = {340--351},
    address = {Auckland, New Zealand},
    month = jul,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{sanusi-22-gossamer,
    author = {Sanusi, Marina and Islam, Mazharul and Ahmad, Syed Suleman and Swift, Michael and Ristenpart, Thomas and Chatterjee, Rahul},
    title = {{Gossamer: Securely Measuring Password-based Logins}},
    booktitle = {USENIX Security Symposium},
    year = {2022},
    series = {SSYM~'22},
    pages = {1867--1884},
    address = {Boston, Massachusetts, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inbook{sasse-05-why-and-how,
    author = {Sasse, M. Angela and Flechais, Ivan},
    title = {{Usable Security: Why Do We Need It? How Do We Get It?}},
    year = {2005},
    chapter = {2},
    pages = {13--30},
    publisher = {O'Reilly},
    address = {Sebastopol, California, USA},
    edition = {1}
}

% Approved all correct
@inproceedings{sasse-14-auth-fatigue,
    author = {Sasse, M. Angela and Steves, Michelle and Krol, Kat and Chisnell, Dana},
    title = {{The Great Authentication Fatigue -- And How to Overcome It}},
    booktitle = {International Conference on Cross-Cultural Design},
    year = {2014},
    series = {CCD~'14},
    pages = {228--239},
    address = {Heraklion, Crete, Greece},
    month = jun,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{schaewitz-21-e2ee,
    author = {Schaewitz, Leonie and Lakotta, David and Sasse, M. Angela and Rummel, Nikol},
    title = {{Peeking Into the Black Box: Towards Understanding User Understanding of E2EE}},
    booktitle = {European Workshop on Usable Security},
    year = {2021},
    series = {EuroUSEC~'21},
    pages = {129--140},
    address = {Virtual Conference},
    month = oct,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{schaub-12-passwords-on-smartphones,
    author = {Schaub, Florian and Deyhle, Ruben and Weber, Michael},
    title = {{Password Entry Usability and Shoulder Surfing Susceptibility on Different Smartphone Platforms}},
    booktitle = {International Conference on Mobile and Ubiquitous Multimedia},
    year = {2012},
    series = {MUM~'12},
    pages = {13:1--13:10},
    address = {Ulm, Germany},
    month = dec,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{schaub-15-effective-notices,
    author = {Schaub, Florian and Balebako, Rebecca and Durity, Adam L. and Cranor, Lorrie Faith},
    title = {{A Design Space for Effective Privacy Notices}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2015},
    series = {SOUPS~'15},
    pages = {1--17},
    address = {Ottawa, Canada},
    month = jul,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{schaub-16-watching-me,
    author = {Schaub, Florian and Marella, Aditya and Kalvani, Pranshu and Ur, Blase and Pan, Chao and Forney, Emily and Cranor, Lorrie Faith},
    title = {{Watching Them Watching Me: Browser Extensions' Impact on User Privacy Awareness and Concern}},
    booktitle = {Workshop on Usable Security},
    year = {2016},
    series = {USEC~'16},
    pages = {},
    address = {San Diego, California, USA},
    month = feb,
    publisher = {ISOC}
} % USEC does not have page numbers

% Approved all correct
@inproceedings{sawaya-17-behavior,
    author = {Sawaya, Yukiko and Sharif, Mahmood and Christin, Nicolas and Kubota, Ayumu and Nakarai, Akihiro and Yamada, Akira},
    title = {{Self-Confidence Trumps Knowledge: A Cross-Cultural Study of Security Behavior}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2017},
    series = {CHI~'17},
    pages = {2202--2214},
    address = {Denver, Colorado, USA},
    month = may,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{schechter-09-social,
    author = {Schechter, Stuart and Egelman, Serge and Reeder, Robert W.},
    title = {{It's Not What You Know, But Who You Know: A Social Approach to Last-Resort Authentication}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2009},
    series = {CHI~'09},
    pages = {1983--1992},
    address = {Boston, Massachusetts, USA},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{schechter-09-no-secret,
    author = {Schechter, Stuart and Brush, A. J. Bernheim and Egelman, Serge},
    title = {{It's No Secret. Measuring the Security and Reliability of Authentication via ``Secret'' Questions}},
    booktitle = {IEEE Symposium on Security and Privacy},
    year = {2009},
    series = {SP~'09},
    pages = {375--390},
    address = {Oakland, California, USA},
    month = may,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{schechter-10-popularity,
    author = {Schechter, Stuart and Herley, Cormac and Mitzenmacher, Michael},
    title = {{Popularity Is Everything: A New Approach to Protecting Passwords from Statistical-Guessing Attacks}},
    booktitle = {Workshop on Hot Topics in Security},
    year = {2010},
    series = {HotSec~'10},
    pages = {},
    address = {Washington, District of Columbia, USA},
    month = aug,
    publisher = {USENIX}
} % HotSec does not have page numbers

% Approved all correct
@inproceedings{schechter-15-learning-secrets,
    author = {Schechter, Stuart and Bonneau, Joseph},
    title = {{Learning Assigned Secrets for Unlocking Mobile Devices}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2015},
    series = {SOUPS~'15},
    pages = {277--295},
    address = {Ottawa, Ontario, Canada},
    month = jul,
    publisher = {USENIX}
}

% Approved all correct
@misc{schlosser-15-linkedin-dark-patterns,
    author = {Schlosser, Dan},
    title = {{LinkedIn Dark Patterns}},
    note = {\url{https://medium.com/@danrschlosser/linkedin-dark-patterns-3ae726fe1462}, as of \today},
    month = jun,
    year = {2015}
}

% Approved all correct
@inproceedings{schnorf-14-transparency-trust,
    author = {Schnorf, Sebastian and Ortlieb, Martin and Sharma, Nikhil},
    title = {{Trust, Transparency \& Control in Inferred User Interest Models}},
    booktitle = {ACM Conference Extended Abstracts on Human Factors in Computing Systems},
    year = {2014},
    series = {CHI~EA~'14},
    pages = {2449--2454},
    address = {Toronto, Ontario, Canada},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@article{schoenherr-22-accidental,
    author = {Sch\"{o}nherr, Lea and Golla, Maximilian and Eisenhofer, Thorsten and Wiele, Jan and Kolossa, Dorothea and Holz, Thorsten},
    title = {{Exploring Accidental Triggers of Smart Speakers}},
    journal = {Computer Speech and Language},
    year = {2022},
    volume = {73},
    number = {},
    pages = {101328:1--101328:21},
    month = may,
    publisher = {Elsevier}
} % No number

% Approved all correct
@inproceedings{segreti-17-adaptive-policy,
    author = {Segreti, Sean M. and Melicher, William and Komanduri, Saranga and Melicher, Darya and Shay, Richard and Ur, Blase and Bauer, Lujo and Christin, Nicolas and Cranor, Lorrie Faith and Mazurek, Michelle L.},
    title = {{Diversify to Survive: Making Passwords Stronger with Adaptive Policies}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2017},
    series = {SOUPS~'17},
    pages = {1--12},
    address = {Santa Clara, California, USA},
    month = jul,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{seitz-17-pasdjo,
    author = {Seitz, Tobias and Hussmann, Heinrich},
    title = {{PASDJO: Quantifying Password Strength Perceptions with an Online Game}},
    booktitle = {Australian Conference on Human-Computer Interaction},
    year = {2017},
    series = {OZCHI~'17},
    pages = {117--125},
    address = {Brisbane, Australia},
    month = nov,
    publisher = {ACM}
}

% Approved all correct
@article{selwyn-11-parental-engagement,
    author = {Selwyn, Neil and Banaji, Shakuntala and Hadjithoma{-}Garstka, Christina and Clark, Wilma},
    title = {{Providing a Platform for Parents? Exploring the Nature of Parental Engagement with School Learning Platforms}},
    journal = {Journal of Computer Assisted Learning},
    year = {2011},
    volume = {27},
    number = {4},
    pages = {314--323},
    month = jul,
    publisher = {Wiley-Blackwell}
}

% Approved all correct
@misc{shah-11-google-two-step,
    author = {Shah, Nishit},
    title = {{Google: Advanced Sign-In Security for Your Google Account}},
    note = {\url{https://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html}, as of \today},
    month = dec,
    year = {2011}
}

% Approved all correct
@article{shannon-48-math-theory,
    author = {Shannon, Claude E.},
    title = {{A Mathematical Theory of Communication}},
    journal = {Bell System Technical Journal},
    year = {1948},
    volume = {27},
    number = {3},
    pages = {379--423},
    month = jul,
    publisher = {American Telephone and Telegraph Company}
}

% Approved all correct
@inproceedings{shay-10-pw-requirements,
    author = {Shay, Richard and Komanduri, Saranga and Kelley, Patrick Gage and Leon, Pedro Giovanni and Mazurek, Michelle L. and Bauer, Lujo and Christin, Nicolas and Cranor, Lorrie Faith},
    title = {{Encountering Stronger Password Requirements: User Attitudes and Behaviors}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2010},
    series = {SOUPS~'10},
    pages = {2:1--2:20},
    address = {Redmond, Washington, USA},
    month = jul,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{shay-14-religious-aunt,
    author = {Shay, Richard and Ion, Iulia and Reeder, Robert W. and Consolvo, Sunny},
    title = {{``My Religious Aunt Asked Why I Was Trying to Sell Her Viagra'': Experiences with Account Hijacking}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2014},
    series = {CHI~'14},
    pages = {2657--2666},
    address = {Toronto, Ontario, Canada},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{shay-15-sugar,
    author = {Shay, Richard and Bauer, Lujo and Christin, Nicolas and Cranor, Lorrie Faith and Forget, Alain and Komanduri, Saranga and Mazurek, Michelle L. and Melicher, William and Segreti, Sean M. and Ur, Blase},
    title = {{A Spoonful of Sugar?: The Impact of Guidance and Feedback on Password-Creation Behavior}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2015},
    series = {CHI~'15},
    pages = {2903--2912},
    address = {Seoul, Republic of Korea},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@article{shay-16-policy,
    author = {Shay, Richard and Komanduri, Saranga and Durity, Adam L. and Huh, Phillip (Seyoung) and Mazurek, Michelle L. and Segreti, Sean M. and Ur, Blase and Bauer, Lujo and Christin, Nicolas and Cranor, Lorrie Faith},
    title = {{Designing Password Policies for Strength and Usability}},
    journal = {ACM Transactions on Information and System Security},
    year = {2016},
    volume = {18},
    number = {4},
    pages = {13:1--13:34},
    month = may,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{sheng-07-anti-phishing-phil,
    author = {Sheng, Steve and Magnien, Bryant and Kumaraguru, Ponnurangam and Acquisti, Alessandro and Cranor, Lorrie Faith and Hong, Jason and Nunge, Elizabeth},
    title = {{Anti-Phishing Phil: The Design and Evaluation of a Game That Teaches People Not to Fall for Phish}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2007},
    series = {SOUPS~'07},
    pages = {88--99},
    address = {Pittsburgh, Pennsylvania, USA},
    month = jul,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{sherman-21-indicator-fake-media,
    author = {Sherman, Imani N. and Stokes, Jack W. and Redmiles, Elissa M.},
    title = {{Designing Media Provenance Indicators to Combat Fake Media}},
    booktitle = {International Symposium on Research in Attacks, Intrusions and Defenses},
    year = {2021},
    series = {RAID~'21},
    pages = {324--339},
    address = {San Sebastian, Spain},
    month = oct,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{shirvanian-17-sphinx,
    author = {Shirvanian, Maliheh and Jareckiy, Stanislaw and Krawczykz, Hugo and Saxena, Nitesh},
    title = {{SPHINX: A Password Store that Perfectly Hides Passwords from Itself}},
    booktitle = {International Conference on Distributed Computing Systems},
    year = {2017},
    series = {ICDCS~'17},
    pages = {1094--1104},
    address = {Atlanta, Georgia, USA},
    month = jun,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{silver-14-pw-manager,
    author = {Silver, David and Jana, Suman and Boneh, Dan and Chen, Eric and Jackson, Collin},
    title = {{Password Managers: Attacks and Defenses}},
    booktitle = {USENIX Security Symposium},
    year = {2014},
    series = {SSYM~'14},
    pages = {449--464},
    address = {San Diego, California, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@misc{simons-16-microsoft-rba,
    author = {Simons, Alex},
    title = {{Azure AD Identity Protection: Risk-Based Conditional Access Policies}},
    note = {\url{https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azure-ad-identity-protection-is-in-public-preview-whoop-whoop/ba-p/244242}, as of \today},
    month = mar,
    year = {2016}
}

% Approved all correct
@inproceedings{sivakorn-16-no-captcha,
    author = {Sivakorn, Suphannee and Polakis, Iasonas and Keromytis, Angelos D.},
    title = {{I am Robot: (Deep) Learning to Break Semantic Image CAPTCHAs}},
    booktitle = {European Symposium on Security and Privacy},
    year = {2016},
    series = {EuroSP~'16},
    pages = {388--403},
    address = {Saarbr{\"{u}}cken, Germany},
    month = mar,
    publisher = {IEEE}
}

% Approved all correct
@article{solano-19-biometric-rba-context,
    author = {Solano, Jes\'{u}s and Camacho, Luis and Correa, Alejandro and Deiro, Claudio and Vargas, Javier and Ochoa, Mart\'{\i}n},
    title = {{Risk-Based Static Authentication in Web Applications with Behavioral Biometrics and Session Context Analytics}},
    booktitle = {Workshop on Security in Machine Learning and its Applications},
    year = {2019},
    series = {SiMLA'19},
    pages = {3--23},
    address = {Bogota, Colombia},
    month = jun,
    publisher = {Springer}
} % ACNS'19 Workshops

% Approved all correct
@inproceedings{solano-20-biometrics-rba-practical,
    author = {Solano, Jes\'{u}s and  Tengana, Lizzy and Castelblanco, Alejandra and Rivera, Esteban and Lopez, Christian and Ochoa, Mart\'{\i}n},
    title = {{A Few-Shot Practical Behavioral Biometrics Model for Login Authentication in Web Applications}},
    booktitle = {Workshop on Measurements, Attacks, and Defenses for the Web},
    year = {2020},
    series = {MADWeb~'20},
    pages = {},
    address = {San Diego, California, USA},
    month = feb,
    publisher = {ISOC}
} % MADWeb does not have page numbers

% Approved all correct
@article{solano-21-biometric-rba-combined,
    author = {Solano, Jes\'{u}s and Camacho, Luis and Correa, Alejandro and Deiro, Claudio and Vargas, Javier and Ochoa, Mart\'{\i}n},
    title = {{Combining Behavioral Biometrics and Session Context Analytics to Enhance Risk-Based Static Authentication in Web Applications}},
    journal = {International Journal of Information Security},
    year = {2021},
    volume = {20},
    number = {2},
    pages = {181--197},
    month = apr,
    publisher = {Springer}
} % This is just the ACNS'19 Workshops

% Approved all correct
@inproceedings{song-15-pattern-psm,
    author = {Song, Youngbae and Cho, Geumhwan and Oh, Seongyeol and Kim, Hyoungshick and Huh, Jun Ho},
    title = {{On the Effectiveness of Pattern Lock Strength Meters: Measuring the Strength of Real World Pattern Locks}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2015},
    series = {CHI~'15},
    pages = {2343--2352},
    address = {Seoul, Republic of Korea},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{song-17-multi-touch,
    author = {Song, Yunpeng and Cai, Zhongmin and Zhang, Zhi{-}Li},
    title = {{Multi-touch Authentication Using Hand Geometry and Behavioral Information}},
    booktitle = {IEEE Symposium on Security and Privacy},
    year = {2017},
    series = {SP~'17},
    pages = {357--372},
    address = {San Jose, California, USA},
    month = may,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{sotirakopoulos-11-lab-studies,
    author = {Sotirakopoulos, Andreas and Hawkey, Kirstie and Beznosov, Konstantin},
    title = {{On the Challenges in Usable Security Lab Studies: Lessons Learned from Replicating a Study on SSL Warnings}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2011},
    series = {SOUPS~'11},
    pages = {3:1--3:18},
    address = {Pittsburgh, Pennsylvania, USA},
    month = jul,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{spafford-92-reusable-choices,
    author = {Spafford, Eugene H.},
    title = {{Observing Reusable Password Choices}},
    booktitle = {USENIX Security Symposium},
    year = {1992},
    series = {SSYM~'92},
    pages = {299--312},
    address = {Berkeley, California, USA},
    month = sep,
    publisher = {USENIX}
}

% Approved all correct
@article{spitzer-10-map,
    author = {Spitzer, Jake and Singh, Cal and Schweitzer, Dino},
    title = {{A Security Class Project in Graphical Passwords}},
    journal = {Journal of Computing Sciences in Colleges},
    year = {2010},
    volume = {26},
    number = {2},
    pages = {7--13},
    month = dec,
    publisher = {Consortium for Computing Sciences in Colleges}
}

% Approved all correct
@misc{spreitzenbarth-12-crack-pattern-offline,
    author = {Spreitzenbarth, Michael},
    title = {{Cracking the Pattern Lock on Android}},
    note = {\url{https://forensics.spreitzenbarth.de/2012/02/28/cracking-the-pattern-lock-on-android/}, as of \today},
    month = feb,
    year = {2012}
}

% Approved all correct
@inproceedings{stajano-14-manager-annotations,
    author = {Stajano, Frank and Spencer, Max and Jenkinson, Graeme and Stafford-Fraser, Quentin},
    title = {{Password-Manager Friendly~(PMF): Semantic Annotations to Improve the Effectiveness of Password Managers}},
    booktitle = {International Conference on Passwords},
    year = {2014},
    series = {PASSWORDS~'14},
    pages = {61--73},
    address = {Trondheim, Norway},
    month = dec,
    publisher = {Springer}
}

% Approved all correct
@article{stanton-16-fatigue,
    author = {Stanton, Brian and Theofanos, Mary F. and Prettyman, Sandra Spickard and Furman, Susanne},
    title = {{Security Fatigue}},
    journal = {IT Professional},
    year = {2016},
    volume = {18},
    number = {5},
    pages = {26--32},
    month = sep,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{stark-19-urlephant,
    author = {Stark, Emily},
    title = {{The URLephant}},
    booktitle = {USENIX Enigma Conference},
    year = {2019},
    series = {Enigma~'19},
    pages = {},
    address = {Burlingame, California, USA},
    month = jan,
    publisher = {USENIX}
} % This is a presentation, no page numbers

% Approved all correct
@inproceedings{steffens-19-xss,
    author = {Steffens, Marius and Rossow, Christian and Johns, Martin and Stock, Ben},
    title = {{Don't Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild}},
    booktitle = {Symposium on Network and Distributed System Security},
    year = {2019},
    series = {NDSS~'19},
    pages = {},
    address = {San Diego, California, USA},
    month = feb,
    publisher = {ISOC}
} % NDSS does not have page numbers

% Approved all correct
@misc{steube-12-best64-optimization,
    author = {Steube (``atom''), Jens and Community},
    title = {{Official Best64 Challenge Thread}},
    note = {\url{https://hashcat.net/forum/thread-1002-post-5284.html\#pid5284}, as of \today},
    month = mar,
    year = {2012}
} % https://web.archive.org/web/20120408233034/http://beeeer.org/best64/

% Approved all correct
@inproceedings{steube-14-prince,
    author = {Steube (``atom''), Jens},
    title = {{Introducing the PRINCE Attack-Mode}},
    booktitle = {International Conference on Passwords},
    year = {2014},
    series = {PASSWORDS~'14},
    pages = {1--42},
    address = {Trondheim, Norway},
    month = dec,
    publisher = {Springer}
}

% Approved all correct
@misc{steube-16-hashcat,
    author = {Steube (``atom''), Jens and Community},
    title = {{Hashcat}},
    note = {\url{https://hashcat.net/hashcat/}, as of \today},
    month = jun,
    year = {2016}
} % https://hashcat.net/forum/thread-5559.html

% Approved all correct
@inproceedings{stobert-14-pw-life-cycle,
    author = {Stobert, Elizabeth and Biddle, Robert},
    title = {{The Password Life Cycle: User Behaviour in Managing Passwords}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2014},
    series = {SOUPS~'14},
    pages = {243--255},
    address = {Menlo Park, California, USA},
    month = jul,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{stobert-14-doesnt-remember,
    author = {Stobert, Elizabeth and Biddle, Robert},
    title = {{A Password Manager That Doesn't Remember Passwords}},
    booktitle = {New Security Paradigms Workshop},
    year = {2014},
    series = {NSPW~'14},
    pages = {39--52},
    address = {Victoria, British Columbia, Canada},
    month = sep,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{stobert-15-expert-pw-management,
    author = {Stobert, Elizabeth and Biddle, Robert},
    title = {{Expert Password Management}},
    booktitle = {International Conference on Passwords},
    year = {2015},
    series = {PASSWORDS~'15},
    pages = {3--20},
    address = {Cambridge, United Kingdom},
    month = dec,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{stock-14-pw-manager-xss,
    author = {Stock, Ben and Johns, Martin},
    title = {{Protecting Users Against XSS-based Password Manager Abuse}},
    booktitle = {ACM Symposium on Information, Computer and Communications Security},
    year = {2014},
    series = {ASIA~CCS~'14},
    pages = {183--194},
    address = {Kyoto, Japan},
    month = jun,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{stockhardt-16-teaching-phishing,
    author = {Stockhardt, Simon and Reinheimer, Benjamin and Volkamer, Melanie and Mayer, Peter and Kunz, Alexandra and Rack, Philipp and Lehmann, Daniel},
    title = {{Teaching Phishing-Security: Which Way is Best?}},
    booktitle = {International Conference on ICT Systems Security and Privacy Protection},
    year = {2016},
    series = {IFIP~SEC~'16},
    pages = {135--149},
    address = {Ghent, Belgium},
    month = may,
    publisher = {IFIP}
}

% Approved all correct
@misc{stockley-15-poor,
    author = {Stockley, Mark},
    title = {{Why You Can't Trust Password Strength Meters}},
    note = {\url{https://nakedsecurity.sophos.com/2015/03/02/why-you-cant-trust-password-strength-meters/}, as of \today},
    month = mar,
    year = {2015}
}

% Approved all correct
@inproceedings{story-21-web-privacy,
    author = {Story, Peter and Smullen, Daniel and Yao, Yaxing and Acquisti, Alessandro and Cranor, Lorrie Faith and Sadeh, Norman and Schaub, Florian},
    title = {{Awareness, Adoption, and Misconceptions of Web Privacy Tools}},
    booktitle = {Privacy Enhancing Technologies Symposium},
    year = {2021},
    series = {PETS~'21},
    pages = {308--333},
    address = {Virtual Conference},
    month = jul,
    publisher = {Sciendo}
}

% Approved all correct
@inproceedings{strouble-09-cac-2fa,
    author = {Strouble, Dennis and Shechtman, Gregory M. and Alsop, Alan S.},
    title = {{Productivity and Usability Effects of Using a Two-Factor Security System}},
    booktitle = {Southern Association for Information Systems Conference},
    year = {2009},
    series = {SAIS~'09},
    pages = {196--201},
    address = {Charleston, South Carolina, USA},
    month = mar,
    publisher = {AIS}
}

% Approved all correct
@inproceedings{sun-11-openid,
    author = {Sun, San-Tsai and Pospisil, Eric and Muslukhov, Ildar and Dindar, Nuray and Hawkey, Kirstie and Beznosov, Konstantin},
    title = {{What Makes Users Refuse Web Single Sign-on?: An Empirical Investigation of OpenID}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2011},
    series = {SOUPS~'11},
    pages = {4:1--4:20},
    address = {Pittsburgh, Pennsylvania, USA},
    month = jul,
    publisher = {ACM}
}

% Approved all correct
@article{sun-14-pattern-psm,
    author = {Sun, Chen and Wang, Yang and Zheng, Jun},
    title = {{Dissecting Pattern Unlock: The Effect of Pattern Strength Meter on Pattern Selection}},
    journal = {Journal of Information Security and Applications},
    year = {2014},
    volume = {19},
    number = {4--5},
    pages = {308--320},
    month = nov,
    publisher = {Elsevier}
}

% Approved all correct
@inproceedings{sunshine-09-crying-wolf,
    author = {Sunshine, Joshua and Egelman, Serge and Almuhimedi, Hazim and Atri, Neha and Cranor, Lorrie Faith},
    title = {{Crying Wolf: An Empirical Study of SSL Warning Effectiveness}},
    booktitle = {USENIX Security Symposium},
    year = {2009},
    series = {SSYM~'09},
    pages = {399--416},
    address = {San Diego, California, USA},
    month = jun,
    publisher = {USENIX}
}

% Approved all correct
@phdthesis{takakuwa-19-phd-thesis,
    author = {Takakuwa, Alex},
    title = {{Moving From Passwords to Authenticators}},
    year = {2019},
    school = {University of Washington}
}

% Approved all correct
@article{tam-10-psych-pw-mgmt,
    author = {Tam, Leona and Glassman, Myron and Vandenwauver, Mark},
    title = {{The Psychology of Password Management: A Tradeoff between Security and Convenience}},
    journal = {Behaviour \& Information Technology},
    year = {2010},
    volume = {29},
    number = {3},
    pages = {233--244},
    month = apr,
    publisher = {Taylor \& Francis}
}

% Approved all correct
@inproceedings{tan-20-pw-recommendations,
    author = {Tan, Joshua and Bauer, Lujo and Christin, Nicolas and Cranor, Lorrie Faith},
    title = {{Practical Recommendations for Stronger, More Usable Passwords Combining Minimum-Strength, Minimum-Length, and Blocklist Requirements}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2020},
    series = {CCS~'20},
    pages = {1407--1426},
    address = {Virtual Conference},
    month = oct,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{tang-22-generalize,
    author = {Tang, Jenny and Birrell, Eleanor and Lerner, Ada},
    title = {{Replication: How Well Do My Results Generalize Now? The External Validity of Online Privacy and Security Surveys}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2022},
    series = {SOUPS~'22},
    pages = {367--385},
    address = {Boston, Massachusetts, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@article{tao-08-passgo,
    author = {Tao, Hai and Adams, Carlisle},
    title = {{Pass-Go: A Proposal to Improve the Usability of Graphical Passwords}},
    journal = {International Journal of Network Security},
    year = {2008},
    volume = {7},
    number = {2},
    pages = {273--292},
    month = sep,
    publisher = {Femto Technology Co. Ltd.}
}

% Approved all correct
@article{tavani-07-theories-of-privacy,
    author = {Tavani, Herman T.},
    title = {{Philosophical Theories of Privacy: Implications for an Adequate Online Privacy Policy}},
    journal = {Metaphilosophy},
    year = {2007},
    volume = {38},
    number = {1},
    pages = {1--22},
    month = jan,
    publisher = {John Wiley \& Sons}
}

% Approved all correct
@article{theofanos-16-enterprise-auth-cac,
    author = {Theofanos, Mary and Garfinkel, Simson and Choong, Yee-Yin},
    title = {{Secure and Usable Enterprise Authentication: Lessons from the Field}},
    journal = {IEEE Security \& Privacy},
    year = {2016},
    volume = {14},
    number = {5},
    pages = {14--21},
    month = sep,
    publisher = {IEEE}
}

% Approved all correct
@misc{thielman-16-yahoo-breach,
    author = {Thielman, Sam},
    title = {{Yahoo Hack: 1bn Accounts Compromised by Biggest Data Breach in History}},
    note = {\url{https://www.theguardian.com/technology/2016/dec/14/yahoo-hack-security-of-one-billion-accounts-breached}, as of \today},
    month = dec,
    year = {2016}
}

% Approved all correct
@inproceedings{thomas-14-hijacking-twitter,
    author = {Thomas, Kurt and Li, Frank and Grier, Chris and Paxson, Vern},
    title = {{Consequences of Connectivity: Characterizing Account Hijacking on Twitter}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2014},
    series = {CCS~'14},
    pages = {489--500},
    address = {Scottsdale, Arizona, USA},
    month = nov,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{thomas-17-leak,
    author = {Thomas, Kurt and Li, Frank and Zand, Ali and Barrett, Jacob and Ranieri, Juri and Invernizzi, Luca and Markov, Yarik and Comanescu, Oxana and Eranti, Vijay and Moscicki, Angelika and Margolis, Daniel and Paxson, Vern and Bursztein, Elie},
    title = {{Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2017},
    series = {CCS~'17},
    pages = {1421--1434},
    address = {Dallas, Texas, USA},
    month = oct,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{thomas-17-illicit-origin,
    author = {Thomas, Daniel R. and Pastrana, Sergio and Hutchings, Alice and Clayton, Richard and Beresford, Alastair R.},
    title = {{Ethical Issues in Research Using Datasets of Illicit Origin}},
    booktitle = {Internet Measurement Conference},
    year = {2017},
    series = {IMC~'17},
    pages = {445--462},
    address = {London, United Kingdom},
    month = nov,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{thomas-19-pw-checkup,
    author = {Thomas, Kurt and Pullman, Jennifer and Yeo, Kevin and Raghunathan, Ananth and Kelley, Patrick Gage and Invernizzi, Luca and Benko, Borbala and Pietraszek, Tadek and Patel, Sarvar and Boneh, Dan and Bursztein, Elie},
    title = {{Protecting Accounts From Credential Stuffing With Password Breach Alerting}},
    booktitle = {USENIX Security Symposium},
    year = {2019},
    series = {SSYM~'19},
    pages = {1556--1571},
    address = {Santa Clara, California, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{tian-19-stopguessing,
    author = {Tian, Yuan and Herley, Cormac and Schechter, Stuart},
    title = {{StopGuessing: Using Guessed Passwords to Thwart Online Guessing}},
    booktitle = {European Symposium on Security and Privacy},
    year = {2019},
    series = {EuroSP~'19},
    pages = {576--589},
    address = {Stockholm, Sweden},
    month = jun,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{tiefenau-19-lets-encrypt,
    author = {Tiefenau, Christian and von Zezschwitz, Emanuel and H\"{a}ring, Maximilian and Krombholz, Katharina and Smith, Matthew},
    title = {{A Usability Evaluation of Let's Encrypt and Certbot: Usable Security Done Right}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2019},
    series = {CCS~'19},
    pages = {1971--1988},
    address = {London, United Kingdom},
    month = nov,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{tiefenau-20-admin-update-behavior,
    author = {Tiefenau, Christian and H{\"a}ring, Maximilian and Krombholz, Katharina and von Zezschwitz, Emanuel},
    title = {{Security, Availability, and Multiple Information Sources: Exploring Update Behavior of System Administrators}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2020},
    series = {SOUPS~'20},
    pages = {239--258},
    address = {Virtual Conference},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{tischer-16-usb-drive,
    author = {Tischer, Matthew and Durumeric, Zakir and Foster, Sam and Duan, Sunny and Mori, Alec and Bursztein, Elie and Bailey, Michael},
    title = {{Users Really Do Plug in USB Drives They Find}},
    booktitle = {IEEE Symposium on Security and Privacy},
    year = {2016},
    series = {SP~'16},
    pages = {306--319},
    address = {San Jose, California, USA},
    month = may,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{tomczyk-19-digital-divide,
    author = {Tomczyk, {\L}ukasz and Eliseo, Maria Amelia and Costas, Vladimir and S{\'a}nchez, Gloria and Silveira, Ismar Frango and Barros, Maria-Jose and Amado-Salvatierra, H{\'e}ctor R. and Oyelere, Solomon Sunday},
    title = {{Digital Divide in Latin America and Europe: Main Characteristics in Selected Countries}},
    booktitle = {Iberian Conference on Information Systems and Technologies},
    year = {2019},
    series = {CISTI~'19},
    pages = {1--6},
    address = {Coimbra, Portugal},
    month = jun,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{trewin-12-mobile-biometric,
    author = {Trewin, Shari and Swart, Cal and Koved, Larry and Martino, Jacquelyn and Singh, Kapil and Ben-David, Shay},
    title = {{Biometric Authentication on a Mobile Device: A Study of User Effort, Error and Task Disruption}},
    booktitle = {Annual Computer Security Applications Conference},
    year = {2012},
    series = {ACSAC~'12},
    pages = {159--168},
    address = {Orlando, Florida, USA},
    month = dec,
    publisher = {ACM}
}

% Approved all correct
@article{tsai-16-protection-motivation,
    author = {Tsai, Hsin-yi Sandy and Jiang, Mengtian and Alhabash, Saleem  and LaRose, Robert and Rifon, Nora J. and Cotten, Shelia R.},
    title = {{Understanding Online Safety Behaviors: A Protection Motivation Theory Perspective}},
    journal = {Computers \& Security},
    year = {2016},
    volume = {59},
    number = {},
    pages = {138--150},
    month = jun,
    publisher = {Elsevier}
} % This journal does not have issue numbers

% Approved all correct
@inproceedings{tschantz-18-accu-google-ad,
    author = {Tschantz, Michael Carl and Egelman, Serge and Choi, Jaeyoung and Weaver, Nicholas and Friedland, Gerald},
    title = {{The Accuracy of the Demographic Inferences Shown on Google's Ad Settings}},
    booktitle = {Workshop on Privacy in the Electronic Society},
    year = {2018},
    series = {WPES~'18},
    pages = {33--41},
    address = {Toronto, Canada},
    month = oct,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{tupsamudre-17-pass-o,
    author = {Tupsamudre, Harshal and Banahatti, Vijayanand and Lodha, Sachin and Vyas, Ketan},
    title = {{Pass-O: A Proposal to Improve the Security of Pattern Unlock Scheme}},
    booktitle = {ACM Asia Conference on Computer and Communications Security},
    year = {2017},
    series = {ASIA~CCS~'17},
    pages = {400--407},
    address = {Abu Dhabi, United Arab Emirates},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{tupsamudre-18-tinpal,
    author = {Tupsamudre, Harshal and Vaddepalli, Sukanya and Banahatti, Vijayanand and Lodha, Sachin},
    title = {{TinPal: An Enhanced Interface for Pattern Locks}},
    booktitle = {Workshop on Usable Security},
    year = {2018},
    series = {USEC~'18},
    pages = {},
    address = {San Diego, California, USA},
    month = feb,
    publisher = {ISOC}
} % USEC does not have page numbers

% Approved all correct
@inproceedings{uellenbeck-13-pattern,
    author = {Uellenbeck, Sebastian and D\"{u}rmuth, Markus and Wolf, Christopher and Holz, Thorsten},
    title = {{Quantifying the Security of Graphical Passwords: The Case of Android Unlock Patterns}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2013},
    series = {CCS~'13},
    pages = {161--172},
    address = {Berlin, Germany},
    month = nov,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{ulqinaku-21-fido-phish,
    author = {Ulqinaku, Enis and Assal, Hala and Abdou, AbdelRahman and Chiasson, Sonia and Capkun, Srdjan},
    title = {{Is Real-time Phishing Eliminated with FIDO? Social Engineering Downgrade Attacks against FIDO Protocols}},
    booktitle = {USENIX Security Symposium},
    year = {2021},
    series = {SSYM~'21},
    pages = {3811--3828},
    address = {Virtual Conference},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@misc{unesco-12-isced,
    author = {{UNESCO Institute for Statistics}},
    title = {{International Standard Classification of Education: ISCED 2011}},
    note = {\url{http://uis.unesco.org/sites/default/files/documents/international-standard-classification-of-education-isced-2011-en.pdf}, as of \today},
    month = dec,
    year = {2012}
}

% Approved all correct
@inproceedings{ur-12-creepy,
    author = {Ur, Blase and Leon, Pedro Giovanni and Cranor, Lorrie Faith and Shay, Richard and Wang, Yang},
    title = {{Smart, Useful, Scary, Creepy: Perceptions of Online Behavioral Advertising}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2012},
    series = {SOUPS~'12},
    pages = {4:1--4:15},
    address = {Washington, District of Columbia, USA},
    month = jul,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{ur-12-measure-up,
    author = {Ur, Blase and Kelley, Patrick Gage and Komanduri, Saranga and Lee, Joel and Maass, Michael and Mazurek, Michelle L. and Passaro, Timothy and Shay, Richard and Vidas, Timothy and Bauer, Lujo and Christin, Nicolas and Cranor, Lorrie Faith},
    title = {{How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation}},
    booktitle = {USENIX Security Symposium},
    year = {2012},
    series = {SSYM~'12},
    pages = {65--80},
    address = {Bellevue, Washington, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{ur-13-cross-cultural,
    author = {Ur, Blase and Wang, Yang},
    title = {{A Cross-Cultural Framework for Protecting User Privacy in Online Social Media}},
    booktitle = {The World Wide Web Conference},
    year = {2013},
    series = {WWW~'13},
    pages = {755--762},
    address = {Rio de Janeiro, Brazil},
    month = may,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{ur-15-added-at-the-end,
    author = {Ur, Blase and Noma, Fumiko and Bees, Jonathan and Segreti, Sean M. and Shay, Richard and Bauer, Lujo and Christin, Nicolas and Cranor, Lorrie Faith},
    title = {{``I Added `!' at the End to Make It Secure'': Observing Password Creation in the Lab}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2015},
    series = {SOUPS~'15},
    pages = {123--140},
    address = {Ottawa, Ontario, Canada},
    month = jul,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{ur-15-pgs,
    author = {Ur, Blase and Segreti, Sean M. and Bauer, Lujo and Christin, Nicolas and Cranor, Lorrie Faith and Komanduri, Saranga and Kurilova, Darya and Mazurek, Michelle L. and Melicher, William and Shay, Richard},
    title = {{Measuring Real-World Accuracies and Biases in Modeling Password Guessability}},
    booktitle = {USENIX Security Symposium},
    year = {2015},
    series = {SSYM~'15},
    pages = {463--481},
    address = {Washington, District of Columbia, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{ur-16-user-perceptions,
    author = {Ur, Blase and Bees, Jonathan and Segreti, Sean M. and Bauer, Lujo and Christin, Nicolas and Cranor, Lorrie Faith},
    title = {{Do Users' Perceptions of Password Security Match Reality?}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2016},
    series = {CHI~'16},
    pages = {3748--3760},
    address = {San Jose, California, USA},
    month = may,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{ur-17-data-driven-pm,
    author = {Ur, Blase and Alfieri, Felicia and Aung, Maung and Bauer, Lujo and Christin, Nicolas and Colnago, Jessica and Cranor, Lorrie Faith and Dixon, Henry and Naeini, Pardis Emami and Habib, Hana and Johnson, Noah and Melicher, William},
    title = {{Design and Evaluation of a Data-Driven Password Meter}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2017},
    series = {CHI~'17},
    pages = {3775--3786},
    address = {Denver, Colorado, USA},
    month = may,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{urban-19-subject-data-access,
    author = {Urban, Tobias and Tatang, Dennis and Degeling, Martin and Holz, Thorsten and Pohlmann, Norbert},
    title = {{A Study on Subject Data Access in Online Advertising After the GDPR}},
    booktitle = {International Workshop on Data Privacy Management},
    year = {2019},
    series = {DPM~'19},
    pages = {61--79},
    address = {Luxembourg City, Luxembourg},
    month = sep,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{urban-19-hashed-ip-ubuntu,
    author = {Urban, Tobias and Degeling, Martin and Holz, Thorsten and Pohlmann, Norbert},
    title = {{``Your Hashed IP Address: Ubuntu.'': Perspectives on Transparency Tools for Online Advertising}},
    booktitle = {Annual Conference on Computer Security Applications},
    year = {2019},
    series = {ACSAC~'19},
    pages = {702--717},
    address = {San Juan, Puerto Rico, USA},
    month = dec,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{urban-20-ad-networks,
    author = {Urban, Tobias and Tatang, Dennis and Degeling, Martin and Holz, Thorsten and Pohlmann, Norbert},
    title = {{Measuring the Impact of the GDPR on Data Sharing in Ad Networks}},
    booktitle = {ACM Asia Conference on Computer and Communications Security},
    year = {2020},
    series = {ASIA~CCS~'20},
    pages = {222--235},
    address = {Taipei, Taiwan},
    month = oct,
    publisher = {ACM}
}

% Approved all correct
@misc{usa-20-nikulin-linkedin,
    author = {{United States District Court for the Northern District of California}},
    title = {{Trial Brief: CR 16-00440 WHA -- United States of America vs.\ Yevgeniy Alexandrovich Nikulin}},
    note = {\url{https://s3.documentcloud.org/documents/6793888/Nikulin-pre-trial-filing-alleging-Ieremenko.pdf}, as of \today},
    month = mar,
    year = {2020}
}

% Approved all correct
@inproceedings{utz-19-uninformed-consent,
    author = {Utz, Christine and Degeling, Martin and Fahl, Sascha and Schaub, Florian and Holz, Thorsten},
    title = {{(Un)informed Consent: Studying GDPR Consent Notices in the Field}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2019},
    series = {CCS~'19},
    pages = {973--990},
    address = {London, United Kingdom},
    month = nov,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{vaidya-15-cocaine,
    author = {Vaidya, Tavish and Zhang, Yuankai and Sherr, Micah and Shields, Clay},
    title = {{Cocaine Noodles: Exploiting the Gap between Human and Machine Speech Recognition}},
    booktitle = {USENIX Workshop on Offensive Technologies},
    year = {2015},
    series = {WOOT~'15},
    pages = {},
    address = {Washington, District of Columbia, USA},
    month = aug,
    publisher = {USENIX}
} % WOOT does not have page numbers

% Approved all correct
@inproceedings{valente-17-smart-toys,
    author = {Valente, Junia and Cardenas, Alvaro A.},
    title = {{Security \& Privacy in Smart Toys}},
    booktitle = {Workshop on Internet of Things Security and Privacy},
    year = {2017},
    series = {IoT~S\&P~'17},
    pages = {19--240},
    address = {Dallas, Texas, USA},
    month = nov,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{valois-19-real-world-cracking,
    author = {Valois, Mathieu and Lacharme, Patrick and Le~Bars, Jean-Marie},
    title = {{Performance of Password Guessing Enumerators under Cracking Conditions}},
    booktitle = {International Conference on ICT Systems Security and Privacy Protection},
    year = {2019},
    series = {IFIP~SEC~'19},
    pages = {67--80},
    address = {Lisbon, Portugal},
    month = jun,
    publisher = {IFIP}
}

% Approved all correct
@inproceedings{van-bruggen-13-modifying-behavior,
    author = {Van Bruggen, Dirk and Liu, Shu and Kajzer, Mitch Striegel, Aaron and Crowell, Charles R. and D'Arcy, John},
    title = {{Modifying Smartphone User Locking Behavior}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2013},
    series = {SOUPS~'13},
    pages = {10:1--10:14},
    address = {Newcastle, United Kingdom},
    month = jul,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{van-der-horst-07-simple-auth,
    author = {{van der Horst}, Timothy W. and Seamons, Kent E.},
    title = {{Simple Authentication for the Web}},
    booktitle = {Conference on Security and Privacy in Communication Networks},
    year = {2007},
    series = {SecureComm~'07},
    pages = {473--482},
    address = {Nice, France},
    month = sep,
    publisher = {IEEE}
}

% Approved all correct
@misc{van-hee-19-google-employees-eavesdropping,
    author = {{Van Hee}, Lente and Baert, Denny and Verheyden, Tim and {Van Den Heuvel}, Ruben},
    title = {{Google Employees Are Eavesdropping, Even in Your Living Room}},
    note = {\url{https://www.vrt.be/vrtnws/en/2019/07/10/google-employees-are-eavesdropping-even-in-flemish-living-rooms/}, as of \today},
    month = jul,
    year = {2019}
}

% Approved all correct
@inproceedings{vance-13-fear,
    author = {Vance, Anthony and Eargle, David and Ouimet, Kirk and Straub, Detmar},
    title = {{Enhancing Password Security through Interactive Fear Appeals: A Web-based Field Experiment}},
    booktitle = {Hawaii International Conference on System Sciences},
    year = {2013},
    series = {HICSS~'13},
    pages = {2988--2997},
    address = {Wailea, Maui, Hawaii, USA},
    month = jan,
    publisher = {IEEE}
}

% Approved all correct
@article{vapen-16-third-party-identity-management,
    author = {Vapen, Anna and Carlsson, Niklas and Mahanti, Anirban and Shahmehri, Nahid},
    title = {{A Look at the Third-Party Identity Management Landscape}},
    journal = {IEEE Internet Computing},
    year = {2016},
    volume = {20},
    number = {2},
    pages = {18--25},
    month = mar,
    publisher = {IEEE}
}

% Approved all correct
@misc{vasilyev-15--fingerprintjs2,
    author = {Vasilyev, Valentin},
    title = {{Fingerprintjs2}},
    note = {\url{https://valve.github.io/fingerprintjs2/}, as of \today},
    month = may,
    year = {2015}
}

% Approved all correct
@inproceedings{vastel-18-fp-scanner,
    author = {Vastel, Antoine and Laperdrix, Pierre and Rudametkin, Walter and Rouvoy, Romain},
    title = {{Fp-Scanner: The Privacy Implications of Browser Fingerprint Inconsistencies}},
    booktitle = {USENIX Security Symposium},
    year = {2018},
    series = {SSYM~'18},
    pages = {135--150},
    address = {Baltimore, Maryland, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{veras-12-visualizing-semantics,
    author = {Veras, Rafael and Thorpe, Julie and Collins, Christopher},
    title = {{Visualizing Semantics in Passwords: The Role of Dates}},
    booktitle = {Symposium on Visualization for Cyber Security},
    year = {2012},
    series = {VizSec~'12},
    pages = {88--95},
    address = {Seattle, Washington, USA},
    month = oct,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{veras-14-semantic-patterns,
    author = {Veras, Rafael and Collins, Christopher and Thorpe, Julie},
    title = {{On the Semantic Patterns of Passwords and their Security Impact}},
    booktitle = {Symposium on Network and Distributed System Security},
    year = {2014},
    series = {NDSS~'14},
    pages = {},
    address = {San Diego, California, USA},
    month = feb,
    publisher = {ISOC}
} % NDSS does not have page numbers

% Approved all correct
@article{verdi-20-usability-matters,
    author = {Verdi, F\'{a}bio Luciano and Oliveira, H\'{e}lio Tibag\'{i} de and Sampaio, Leobino N. and Zaina, Luciana A. M.},
    title = {{Usability Matters: A Human-Computer Interaction Study on Network Management Tools}},
    journal = {Transactions on Network and Service Management},
    year = {2020},
    volume = {17},
    number = {3},
    pages = {1865--1874},
    month = sep,
    publisher = {IEEE}
}

% Approved all correct
@techreport{volkamer-20-phishing-campaigns-harmful,
    author = {Volkamer, Melanie and Sasse, Martina Angela and Boehm, Franziska},
    title = {{Phishing-Kampagnen zur Mitarbeiter-Awareness: Analyse aus verschiedenen Blickwinkeln -- Security, Recht und Faktor Mensch}},
    institution = {Karlsruher Institut f\"{u}r Technologie},
    year = {2020},
    type = {Technical Report},
    number = {KITopen-ID: 1000119662},
    month = may
}

% Approved all correct
@inproceedings{voronkov-19-firewall-interfaces,
    author = {Voronkov, Artem and Martucci, Leonardo A. and Lindskog, Stefan},
    title = {{System Administrators Prefer Command Line Interfaces, Don't They? An Exploratory Study of Firewall Interfaces}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2019},
    series = {SOUPS~'19},
    pages = {259--271},
    address = {Santa Clara, California, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@misc{waffle-13-dollar-hex,
    author = {{Waffle}},
    title = {{Hashcat Forum: The case for \$HEX[]}},
    note = {\url{https://hashcat.net/forum/thread-2483.html}, as of \today},
    month = jul,
    year = {2013}
}

% Approved all correct
@misc{walkington-19-better-warnings,
    author = {Walkington, Meridel},
    title = {{Designing Better Security Warnings}},
    note = {\url{https://blog.mozilla.org/ux/2019/03/designing-better-security-warnings/}, as of \today},
    month = mar,
    year = {2019}
}

% Approved all correct
@inproceedings{walsh-21-account-remediation,
    author = {Walsh, Kathryn and Tazi, Faiza and Markert, Philipp and Das, Sanchari},
    title = {{My Account Is Compromised -- What Do I Do? Towards an Intercultural Analysis of Account Remediation for Websites}},
    booktitle = {Workshop on Inclusive Privacy and Security},
    year = {2021},
    series = {WIPS~'21},
    pages = {},
    address = {Virtual Conference},
    month = aug,
    publisher = {USENIX}
} % No page numbers for this workshop

% Approved all correct
@inproceedings{wang-11-concerns,
    author = {Wang, Yang and Norcie, Gregory and Cranor, Lorrie Faith},
    title = {{Who Is Concerned about What? A Study of American, Chinese and Indian Users' Privacy Concerns on Social Network Sites}},
    booktitle = {International Conference on Trust and Trustworthy Computing},
    year = {2011},
    series = {TRUST~'11},
    pages = {46--153},
    address = {Pittsburgh, Pennsylvania, USA},
    month = jun,
    publisher = {Springer}
}

% Approved all correct
@misc{wang-15-mdxfind,
    author = {Wang (``Waffle''), Fred and Community},
    title = {{MDXfind}},
    note = {\url{https://hashes.org/mdxfind.php}, as of \today},
    month = apr,
    year = {2015}
} % Chat with authors + https://web.archive.org/web/20150419015725/https://hashes.org/mdxfind.php

% Approved all correct
@inproceedings{wang-15-emperor-policies,
    author = {Wang, Ding and Wang, Ping},
    title = {{The Emperor's New Password Creation Policies}},
    booktitle = {European Symposium on Research in Computer Security},
    year = {2015},
    series = {ESORICS~'15},
    pages = {456--477},
    address = {Vienna, Austria},
    month = sep,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{wang-16-fuzzypsm,
    author = {Wang, Ding and He, Debiao and Cheng, Haibo and Wang, Ping},
    title = {{fuzzyPSM: A New Password Strength Meter Using Fuzzy Probabilistic Context-Free Grammars}},
    booktitle = {Conference on Dependable Systems and Networks},
    year = {2016},
    series = {DSN~'16},
    pages = {595--606},
    address = {Toulouse, France},
    month = jun,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{wang-16-online-guessing,
    author = {Wang, Ding and Zhang, Zijian and Wang, Ping and Yan, Jeff and Huang, Xinyi},
    title = {{Targeted Online Password Guessing: An Underestimated Threat}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2016},
    series = {CCS~'16},
    pages = {1242--1254},
    address = {Vienna, Austria},
    month = oct,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{wang-17-pin,
    author = {Wang, Ding and Gu, Qianchen and Huang, Xinyi and Wang, Ping},
    title = {{Understanding Human-Chosen PINs: Characteristics, Distribution and Security}},
    booktitle = {ACM Asia Conference on Computer and Communications Security},
    year = {2017},
    series = {ASIA~CCS~'17},
    pages = {372--385},
    address = {Abu Dhabi, United Arab Emirates},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@article{wang-17-zipf-law-pw,
    author = {Wang, Ding and Cheng, Haibo and Wang, Ping and Huang, Xinyi and Jian, Gaopeng},
    title = {{Zipf's Law in Passwords}},
    journal = {{IEEE Transactions on Information Forensics and Security}},
    year = {2017},
    volume = {12},
    number = {11},
    pages = {2776--2791},
    month = jun,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{wang-18-domino,
    author = {Wang, Chun and Jan, Steve T.K. and Hu, Hang and Bossart, Douglas and Wang, Gang},
    title = {{The Next Domino to Fall: Empirical Analysis of User Passwords across Online Services}},
    booktitle = {ACM Conference on Data and Application Security and Privacy},
    year = {2018},
    series = {CODASPY~'18},
    pages = {196--203},
    address = {Tempe, Arizona, USA},
    month = mar,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{wang-19-end-reuse,
    author = {Wang, Ke Coby and Reiter, Michael K.},
    title = {{How to End Password Reuse on the Web}},
    booktitle = {Symposium on Network and Distributed System Security},
    year = {2019},
    series = {NDSS~'19},
    pages = {},
    address = {San Diego, California, USA},
    month = feb,
    publisher = {ISOC}
} % NDSS does not have page numbers

% Approved all correct
@inproceedings{wang-19-chinese-pw,
    author = {Wang, Ding and Wang, Ping and He, Debiao and Tian, Yuan},
    title = {{Birthday, Name and Bifacial-Security: Understanding Passwords of Chinese Web Users}},
    booktitle = {USENIX Security Symposium},
    year = {2019},
    series = {SSYM~'19},
    pages = {1537--1555},
    address = {Santa Clara, California, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{wang-20-detecting-stuffing,
    author = {Wang, Ke Coby and Reiter, Michael K.},
    title = {{Detecting Stuffing of a User's Credentials at Her Own Accounts}},
    booktitle = {USENIX Security Symposium},
    year = {2020},
    series = {SSYM~'20},
    pages = {2201--2218},
    address = {Virtual Conference},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{wash-10-folk-models,
    author = {Wash, Rick},
    title = {{Folk Models of Home Computer Security}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2010},
    series = {SOUPS~'10},
    pages = {11:1--11:16},
    address = {Redmond, Washington, USA},
    month = jul,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{wash-16-pw-choice,
    author = {Wash, Rick and Radar, Emilee and Berman, Ruthie and Wellmer, Zac},
    title = {{Understanding Password Choices: How Frequently Entered Passwords are Re-used Across Websites}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2016},
    series = {SOUPS~'16},
    pages = {175--188},
    address = {Denver, Colorado, USA},
    month = jul,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{weber-15-pd-sec-interfaces,
    author = {Weber, Susanne and Harbach, Marian and Smith, Matthew},
    title = {{Participatory Design for Security-Related User Interfaces}},
    booktitle = {Workshop on Usable Security},
    year = {2015},
    series = {USEC~'15},
    pages = {},
    address = {San Diego, California, USA},
    month = feb,
    publisher = {ISOC}
} % USEC does not have page numbers

% Approved all correct
@inproceedings{wei-18-pw-semantics,
    author = {Wei, Miranda and Golla, Maximilian and Ur, Blase},
    title = {{The Password Doesn't Fall Far: How Service Influences Password Choice}},
    booktitle = {Who Are You?! Adventures in Authentication Workshop},
    year = {2018},
    series = {WAY~'18},
    pages = {},
    address = {Baltimore, Maryland, USA},
    month = aug,
    publisher = {USENIX}
} % There are no page numbers for this WAY

% Approved all correct
@inproceedings{wei-20-twitter-knows,
    author = {Wei, Miranda and Stamos, Madison and Veys, Sophie and Reitinger, Nathan and Goodman, Justin and Herman, Margot and Filipczuk, Dorota and Weinshel, Ben and Mazurek, Michelle L. and Ur, Blase},
    title = {{What Twitter Knows: Characterizing Ad Targeting Practices, User Perceptions, and Ad Explanations Through Users' Own Twitter Data}},
    booktitle = {USENIX Security Symposium},
    year = {2020},
    series = {SSYM~'20},
    pages = {145--162},
    address = {Virtual Conference},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{weidman-17-byod-2fa,
    author = {Weidman, Jake and Grossklags, Jens},
    title = {{I Like It, but I Hate It: Employee Perceptions Towards an Institutional Transition to BYOD Second-Factor Authentication}},
    booktitle = {Annual Conference on Computer Security Applications},
    year = {2017},
    series = {ACSAC~'17},
    pages = {212--224},
    address = {Orlando, Florida, USA},
    month = dec,
    publisher = {ACM}
}

% Approved all correct
@misc{weinert-19-2fa-99-percent,
    author = {Weinert, Alex},
    title = {{Your Pa\$\$word Doesn't Matter}},
    note = {\url{https://techcommunity.microsoft.com/t5/azure-active-directory-identity/your-pa-word-doesn-t-matter/ba-p/731984}, as of \today},
    month = sep,
    year = {2019}
}

% Approved all correct
@misc{weinert-20-stop-phone-based-auth,
    author = {Weinert, Alex},
    title = {{It's Time to Hang Up on Phone Transports for Authentication}},
    note = {\url{https://techcommunity.microsoft.com/t5/azure-active-directory-identity/it-s-time-to-hang-up-on-phone-transports-for-authentication/ba-p/1751752}, as of \today},
    month = oct,
    year = {2020}
}

% Approved all correct
@inproceedings{weinshall-04-never-forget,
    author = {Weinshall, Daphna and Kirkpatrick, Scott},
    title = {{Passwords You'll Never Forget, But Can't Recall}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2004},
    series = {CHI~'04},
    pages = {1399--1402},
    address = {Vienna, Austria},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{weinshel-19-places-you-been,
    author = {Weinshel, Ben and Wei, Miranda and Mondal, Mainack and Choi, Euirim and Shan, Shawn and Dolin, Claire and Mazurek, Michelle L. and Ur, Blase},
    title = {{Oh, the Places You've Been! User Reactions to Longitudinal Transparency About Third-Party Web Tracking and Inferencing}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2019},
    series = {CCS~'19},
    pages = {149--166},
    address = {London, United Kingdom},
    month = nov,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{weir-09-pcfg,
    author = {Weir, Matt and Aggarwal, Sudhir and Medeiros, Breno de and Glodek, Bill},
    title = {{Password Cracking Using Probabilistic Context-Free Grammars}},
    booktitle = {IEEE Symposium on Security and Privacy},
    year = {2009},
    series = {SP~'09},
    pages = {391--405},
    address = {Oakland, California, USA},
    month = may,
    publisher = {IEEE}
}

% Approved all correct
@article{weir-10-2fa-ebanking,
    author = {Weir, Catherine S. and Douglas, Gary and Richardson, Tim and Jack, Mervyn},
    title = {{Usable Security: User Preferences for Authentication Methods in eBanking and the Effects of Experience Author Links Open Overlay Panel}},
    journal = {Interacting with Computers},
    year = {2010},
    volume = {22},
    number = {3},
    pages = {153--164},
    month = may,
    publisher = {Elsevier}
}

% Approved all correct
@inproceedings{weir-10-testing-metrics,
    author = {Weir, Matt and Aggarwal, Sudhir and Collins, Michael and Stern, Henry},
    title = {{Testing Metrics for Password Creation Policies by Attacking Large Sets of Revealed Passwords}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2010},
    series = {CCS~'10},
    pages = {162--175},
    address = {Chicago, Illinois, USA},
    month = oct,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{weir-20-secure-apps,
    author = {Weir, Charles and Hermann, Ben and Fahl, Sascha},
    title = {{From Needs to Actions to Secure Apps? The Effect of Requirements and Developer Practices on App Security}},
    booktitle = {USENIX Security Symposium},
    year = {2020},
    series = {SSYM~'20},
    pages = {289--305},
    address = {Virtual Conference},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@misc{welch-18-ios-usb-restricted-mode,
    author = {Welch, Chris},
    title = {{Apple Releases iOS 11.4.1 and Blocks Passcode Cracking Tools Used by Police}},
    note = {\url{https://www.theverge.com/2018/7/9/17549538/apple-ios-11-4-1-blocks-police-passcode-cracking-tools}, as of \today},
    month = jul,
    year = {2018}
}

% Approved all correct
@misc{wheeler-12-zxcvbn-blogpost,
    author = {Wheeler, Daniel Lowe},
    title = {{zxcvbn: Realistic Password Strength Estimation}},
    note = {\url{https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-strength-estimation/}, as of \today},
    month = apr,
    year = {2012}
}

% Approved all correct
@inproceedings{wheeler-16-zxcvbn,
    author = {Wheeler, Daniel Lowe},
    title = {{zxcvbn: Low-Budget Password Strength Estimation}},
    booktitle = {USENIX Security Symposium},
    year = {2016},
    series = {SSYM~'16},
    pages = {157--173},
    address = {Austin, Texas, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{whitten-99-johnny-encrypt,
    author = {Whitten, Alma and Tygar, J. Doug},
    title = {{Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0}},
    booktitle = {USENIX Security Symposium},
    year = {1999},
    series = {SSYM~'99},
    pages = {169--183},
    address = {Washington, District of Columbia, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@misc{whitten-12-combined-services,
    author = {Whitten, Alma},
    title = {{Updating Our Privacy Policies and Terms of Service}},
    note = {\url{https://googleblog.blogspot.com/2012/01/updating-our-privacy-policies-and-terms.html}, as of \today},
    month = jan,
    year = {2012}
}

% Approved all correct
@article{wiedenbeck-05-passpoints,
    author = {Wiedenbeck, Susan and Waters, Jim and Birget, Jean-Camille and Brodskiy, Alex and Memon, Nasir},
    title = {{PassPoints: Design and Longitudinal Evaluation of a Graphical Password System}},
    journal = {International Journal of Human-Computer Studies},
    year = {2005},
    volume = {63},
    number = {1--2},
    pages = {102--127},
    month = jul,
    publisher = {Academic Press, Inc.}
}

% Approved all correct
@inproceedings{wiefling-19-rba-in-the-wild,
    author = {Wiefling, Stephan and Iacono, Luigi Lo and D\"{u}rmuth, Markus},
    title = {{Is This Really You? An Empirical Study on Risk-Based Authentication Applied in the Wild}},
    booktitle = {International Conference on ICT Systems Security and Privacy Protection},
    year = {2019},
    series = {IFIP~SEC~'19},
    pages = {134--148},
    address = {Lisbon, Portugal},
    month = jun,
    publisher = {IFIP}
}

% Approved all correct
@inproceedings{wiefling-19-turing,
    author = {Wiefling, Stephan and Gruschka, Nils and Lo Iacono, Luigi},
    title = {{Even Turing Should Sometimes Not Be Able to Tell: Mimicking Humanoid Usage Behavior for Exploratory Studies of Online Services}},
    booktitle = {Nordic Conference on Secure IT Systems},
    year = {2019},
    series = {NordSec~'19},
    pages = {188--203},
    address = {Aalborg, Denmark},
    month = nov,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{wiefling-20-2fa-vs-rba-usability,
    author = {Wiefling, Stephan and D\"urmuth, Markus and Lo Iacono, Luigi},
    title = {{More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication}},
    booktitle = {Annual Conference on Computer Security Applications},
    year = {2020},
    series = {ACSAC~'20},
    pages = {203--218},
    address = {Virtual Conference},
    month = dec,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{wiefling-20-rba-evaluation,
    author = {Wiefling, Stephan and Patil, Tanvi and D\"{u}rmuth, Markus and Lo Iacono, Luigi},
    title = {{Evaluation of Risk-based Re-Authentication Methods}},
    booktitle = {International Conference on ICT Systems Security and Privacy Protection},
    year = {2020},
    series = {IFIP~SEC~'20},
    pages = {280--294},
    address = {Virtual Conference},
    month = sep,
    publisher = {IFIP}
}

% Approved all correct
@inproceedings{wiefling-21-whats-in-score,
    author = {Wiefling, Stephan and D\"{u}rmuth, Markus and Lo Iacono, Luigi},
    title = {{What's in Score for Website Users: A Data-Driven Long-Term Study on Risk-Based Authentication Characteristics}},
    booktitle = {Financial Cryptography and Data Security},
    year = {2021},
    series = {FC~'21},
    pages = {361--381},
    address = {Virtual Conference},
    month = mar,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{wiefling-21-rba-privacy,
    author = {Wiefling, Stephan and Tolsdorf, Jan and Lo Iacono, Luigi},
    title = {{Privacy Considerations for Risk-Based Authentication Systems}},
    booktitle = {International Workshop on Privacy Engineering},
    year = {2021},
    series = {IWPE '21},
    pages = {320--327},
    address = {Virtual Conference},
    month = sep,
    publisher = {IEEE}
}

% Approved all correct
@article{wiefling-21-verify-its-you,
    author = {Wiefling, Stephan and D\"urmuth, Markus and Lo Iacono, Luigi},
    title = {{Verify It's You: How Users Perceive Risk-based Authentication}},
    journal = {IEEE Security \& Privacy},
    year = {2021},
    volume = {19},
    number = {6},
    pages = {47--57},
    month = nov,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{wiemer-14-bcrypt,
    author = {Wiemer, Friedrich and Zimmermann, Ralf},
    title = {{High-Speed Implementation of bcrypt Password Search Using Special-Purpose Hardware}},
    booktitle = {International Conference on ReConFigurable Computing and FPGAs},
    year = {2014},
    series = {ReConFig~'14},
    pages = {1--6},
    address = {Cancun, Mexico},
    month = dec,
    publisher = {IEEE}
}

% Approved all correct
@inbook{willems-19-myths,
    author = {Willems, Eddy},
    title = {{Malware Myths}},
    year = {2019},
    chapter = {7},
    pages = {111--121},
    publisher = {Springer International Publishing},
    address = {Basel, Switzerland},
    edition = {1}
} % In the book: Cyberdanger: Understanding and Guarding Against Cybercrime

% Approved all correct
@inproceedings{wisniewski-17-middle-ground,
    author = {Wisniewski, Pamela and Ghosh, Arup Kumar and Xu, Heng and Rosson, Mary Beth and Carroll, John M.},
    title = {{Parental Control vs. Teen Self-Regulation: Is There a Middle Ground for Mobile Online Safety?}},
    booktitle = {ACM Conference on Computer-Supported Cooperative Work and Social Computing},
    year = {2017},
    series = {CSCW~'17},
    pages = {51--69},
    address = {Portland, Oregon, USA},
    month = nov,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{wolf-19-must-have,
    author = {Wolf, Flynn and Kuber, Ravi and Aviv, Adam J.},
    title = {{``Pretty Close to a Must-Have'': Balancing Usability Desire and Security Concern in Biometric Adoption}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2019},
    series = {CHI~'19},
    pages = {151:1--151:12},
    address = {Glasgow, Scotland, United Kingdom},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{wu-98-srp,
    author = {Wu, Thomas},
    title = {{The Secure Remote Password Protocol}},
    booktitle = {Symposium on Network and Distributed System Security},
    year = {1998},
    series = {NDSS~'98},
    pages = {97--111},
    address = {San Diego, California, USA},
    month = mar,
    publisher = {ISOC}
}

% Approved all correct
@inproceedings{wu-18-private-browsing,
    author = {Wu, Yuxi and Gupta, Panya and Wei, Miranda and Acar, Yasemin and Fahl, Sascha and Ur, Blase},
    title = {{Your Secrets Are Safe: How Browsers' Explanations Impact Misconceptions About Private Browsing Mode}},
    booktitle = {The World Wide Web Conference},
    year = {2018},
    series = {WWW~'18},
    pages = {217--226},
    address = {Lyon, France},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{xiong-20-dp-communication,
    author = {Xiong, Aiping and Wang, Tianhao and Li, Ninghui and Jha, Somesh},
    title = {{Towards Effective Differential Privacy Communication for Users' Data Sharing Decision and Comprehension}},
    booktitle = {IEEE Symposium on Security and Privacy},
    year = {2020},
    series = {SP~'20},
    pages = {392--410},
    address = {San Francisco, California, USA},
    month = may,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{xu-14-touch-biometrics,
    author = {Xu, Hui and Zhou, Yangfan and Lyu, Michael R.},
    title = {{Towards Continuous and Passive Authentication via Touch Biometrics: An Experimental Study on Smartphones}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2014},
    series = {SOUPS~'14},
    pages = {187--198},
    address = {Menlo Park, California, USA},
    month = jul,
    publisher = {USENIX}
}

% Approved all correct
@article{xu-15-configuration-errors,
    author = {Xu, Tianyin and Zhou, Yuanyuan},
    title = {{Systems Approaches to Tackling Configuration Errors: A Survey}},
    journal = {ACM Computing Surveys},
    year = {2015},
    volume = {47},
    number = {4},
    pages = {70:1--70:41},
    month = jul,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{xu-17-admin-resolve,
    author = {Xu, Tianyin and Naing, Han Min and Lu, Le and Zhou, Yuanyuan},
    title = {{How Do System Administrators Resolve Access-Denied Issues in the Real World?}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2017},
    series = {CHI~'17},
    pages = {348--361},
    address = {Denver, Colorado, USA},
    month = may,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{yadav-15-pin-glass,
    author = {Yadav, Dhruv Kumar and Ionascu, Beatrice and Krishna Ongole, Sai Vamsi and Roy, Aditiand Memon, Nasir},
    title = {{Design and Analysis of Shoulder Surfing Resistant PIN Based Authentication Mechanisms on Google Glass}},
    booktitle = {Workshop on Wearable Security and Privacy},
    year = {2015},
    series = {Wearable~'15},
    pages = {281--297},
    address = {Isla Verde, Puerto Rico, USA},
    month = jan,
    publisher = {Springer}
}

% Approved all correct
@inproceedings{yampolskiy-07-passmap,
    author = {Yampolskiy, Roman V.},
    title = {{User Authentication via Behavior Based Passwords}},
    booktitle = {IEEE Long Island Systems, Applications and Technology Conference},
    year = {2007},
    series = {LISAT~'07},
    pages = {1--8},
    address = {Farmingdale, New York, USA},
    month = may,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{yan-01-proactive-checking,
    author = {Yan, Jianxin Jeff},
    title = {{A Note on Proactive Password Checking}},
    booktitle = {New Security Paradigms Workshop},
    year = {2001},
    series = {NSPW~'01},
    pages = {127--135},
    address = {Cloudcroft, New Mexico},
    month = sep,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{yang-14-entry-method-affects,
    author = {Yang, Yulong and Lindqvist, Janne and Oulasvirta, Antti},
    title = {{Text Entry Method Affects Password Security}},
    booktitle = {Learning from Authoritative Security Experiment Results},
    year = {2014},
    series = {LASER~'14},
    pages = {11--20},
    address = {Arlington, Virginia, USA},
    month = oct,
    publisher = {USENIX}
}

% Approved all correct
@inproceedings{yang-16-mnemonic,
    author = {Yang, Weining and Li, Ninghui and Chowdhury, Omar and Xiong, Aiping and Proctor, Robert W.},
    title = {{An Empirical Study of Mnemonic Sentence-based Password Generation Strategies}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2016},
    series = {CCS~'16},
    pages = {1216--1229},
    address = {Vienna, Austria},
    month = oct,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{yao-17-oba-folk,
    author = {Yao, Yaxing and Lo Re, Davide and Wang, Yang},
    title = {{Folk Models of Online Behavioral Advertising}},
    booktitle = {ACM Conference on Computer-Supported Cooperative Work and Social Computing},
    year = {2017},
    series = {CSCW~'17},
    pages = {1957--1969},
    address = {Portland, Oregon, USA},
    month = feb,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{yardi-08-photo-auth-social,
    author = {Yardi, Sarita and Feamster, Nick and Bruckman, Amy},
    title = {{Photo-Based Authentication Using Social Networks}},
    booktitle = {Workshop on Online Social Networks},
    year = {2008},
    series = {WOSN~'08},
    pages = {55--60},
    address = {Seattle, Washington, USA},
    month = aug,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{yardi-11-teens-challenges,
    author = {Yardi, Sarita and Bruckman, Amy},
    title = {{Social and Technical Challenges in Parenting Teens' Social Media Use}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2011},
    series = {CHI~'11},
    pages = {3237--3246},
    address = {Vancouver, British Columbia, Canada},
    month = may,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{ye-17-pattern-five-attempts,
    author = {Ye, Guixin and Tang, Zhanyong and Fang, Dingyi and Chen, Xiaojiang and Kim, Kwang In and Taylor, Ben and Wang, Zheng},
    title = {{Cracking Android Pattern Lock in Five Attempts}},
    booktitle = {Symposium on Network and Distributed System Security},
    year = {2017},
    series = {NDSS~'17},
    pages = {},
    address = {San Diego, California, USA},
    month = feb,
    publisher = {ISOC}
} % NDSS does not have page numbers

% Approved all correct
@article{ye-18-pattern-video-attack,
    author = {Ye, Guixin and Tang, Zhanyong and Fang, Dingyi and Chen, Xiaojiang and Wolff, Willy and Aviv, Adam J. and Wang, Zheng},
    title = {{A Video-based Attack for Android Pattern Lock}},
    journal = {ACM Transactions on Privacy and Security},
    year = {2018},
    volume = {21},
    number = {4},
    pages = {19:1--19:31},
    month = jul,
    publisher = {ACM}
}

% Approved all correct
@misc{zetter-08-palin-hack,
    author = {Zetter, Kim},
    title = {{Palin E-Mail Hacker Says It Was Easy}},
    note = {\url{https://www.wired.com/2008/09/palin-e-mail-ha/}, as of \today},
    month = sep,
    year = {2008}
}

% Approved all correct
@inproceedings{zezschwitz-13-patterns-in-the-wild,
    author = {{von Zezschwitz}, Emanuel and Dunphy, Paul and De Luca, Alexander},
    title = {{Patterns in the Wild: A Field Study of the Usability of Pattern and PIN-based Authentication on Mobile Devices}},
    booktitle = {Conference on Human-Computer Interaction with Mobile Devices and Services},
    year = {2013},
    series = {MobileHCI~'13},
    pages = {261--270},
    address = {Munich, Germany},
    month = aug,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{zezschwitz-14-honey-i-shrunk,
    author = {{von Zezschwitz}, Emanuel and De Luca, Alexander and Hussmann, Heinrich},
    title = {{Honey, I Shrunk the Keys: Influences of Mobile Devices onPassword Composition and Authentication Performance}},
    booktitle = {Nordic Conference on Human-Computer Interaction},
    year = {2014},
    series = {NordiCHI~'14},
    pages = {461--470},
    address = {Helsinki, Finland},
    month = oct,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{zezschwitz-15-pattern-shoulder-surfing,
    author = {{von Zezschwitz}, Emanuel and De Luca, Alexander and Janssen, Philipp and Hussmann, Heinrich},
    title = {{Easy to Draw, but Hard to Trace?: On the Observability of Grid-based (Un)Lock Patterns}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2015},
    series = {CHI~'15},
    pages = {2339--2342},
    address = {Seoul, Republic of Korea},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{zezschwitz-16-pattern-effective-space,
    author = {{von Zezschwitz}, Emanuel and Eiband, Malin and Buschek, Daniel and Oberhuber, Sascha and De Luca, Alexander and Alt, Florian and Hussmann, Heinrich},
    title = {{On Quantifying the Effective Passsword Space of Grid-Based Unlock Gestures}},
    booktitle = {Conference on Mobile and Ubiquitous Multimedia},
    year = {2016},
    series = {MUM~'16},
    pages = {201--212},
    address = {Rovaniemi, Finland},
    month = dec,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{zhang-10-expiration,
    author = {Zhang, Yinqian and Monrose, Fabian and Reiter, Michael K.},
    title = {{The Security of Modern Password Expiration: An Algorithmic Framework and Empirical Analysis}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2010},
    series = {CCS~'10},
    pages = {176--186},
    address = {Chicago, Illinois, USA},
    month = oct,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{zhang-13-pw-advice-boring,
    author = {Zhang-Kennedy, Leah and Chiasson, Sonia and Biddle, Robert},
    title = {{Password Advice Shouldn't Be Boring: Visualizing Password Guessing Attacks}},
    booktitle = {APWG Symposium on Electronic Crime Research},
    year = {2013},
    series = {eCrime~'13},
    pages = {1--11},
    address = {San Francisco, California, USA},
    month = sep,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{zhangkennedy-16-nosy-little-brothers,
    author = {Zhang-Kennedy, Leah and Mekhail, Christine and Abdelaziz, Yomna and Chiasson, Sonia},
    title = {{From Nosy Little Brothers to Stranger-Danger: Children and Parents' Perception of Mobile Threats}},
    booktitle = {ACM Conference on Interaction Design and Children},
    year = {2016},
    series = {IDC~'16},
    pages = {388--399},
    address = {Manchester, United Kingdom},
    month = jun,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{zhao-13-commercial-pw-manager,
    author = {Zhao, Rui and Yue, Chuan and Sun, Kun},
    title = {{A Security Analysis of Two Commercial Browser and Cloud Based Password Managers}},
    booktitle = {IEEE International Conference on Social Computing},
    year = {2013},
    series = {SocialCom~'13},
    pages = {448--453},
    address = {Alexandria, Virginia, USA},
    month = sep,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{zhao-13-fake-session,
    author = {Zhao, Lianying and Mannan, Mohammad},
    title = {{Explicit Authentication Response Considered Harmful}},
    booktitle = {New Security Paradigms Workshop},
    year = {2013},
    series = {NSPW~'13},
    pages = {77--86},
    address = {Banff, Alberta, Canada},
    month = sep,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{zhao-19-silly-name,
    author = {Zhao, Jun and Wang, Ge and Dally, Carys and Slovak, Petr and Edbrooke-Childs, Julian and Van Kleek, Max and Shadbolt, Nigel},
    title = {{`I Make up a Silly Name': Understanding Children's Perception of Privacy Risks Online}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2019},
    series = {CHI~'19},
    pages = {106:1--106:13},
    address = {Glasgow, Scotland, United Kingdom},
    month = may,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{zhou-18-pattern-patternlistener,
    author = {Zhou, Man and Wang, Qian and Yang, Jingxiao and Li, Qi and Xiao, Feng and Wang, Zhibo and Chen, Xiaofen},
    title = {{PatternListener: Cracking Android Pattern Lock Using Acoustic Signals}},
    booktitle = {ACM Conference on Computer and Communications Security},
    year = {2018},
    series = {CCS~'18},
    pages = {1775--1787},
    address = {Toronto, Ontario, Canada},
    month = oct,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{zimmermann-14-privacy-dashboards,
    author = {Zimmermann, Christian and Accorsi, Rafael and M\"{u}ller, G\"{u}nter},
    title = {{Privacy Dashboards: Reconciling Data-Driven Business Models and Privacy}},
    booktitle = {IEEE Conference on Availability, Reliability and Security},
    year = {2014},
    series = {ARES~'14},
    pages = {152--157},
    address = {Fribourg, Switzerland},
    month = sep,
    publisher = {IEEE}
}

% Approved all correct
@book{zipf-49-zipf-law,
    author = {Zipf, George Kingsley},
    title = {{Human Behavior and the Principle of Least Effort: An Introduction to Human Ecology}},
    year = {1949},
    address = {Cambridge, Massachusetts, USA},
    publisher = {Addison-Wesley Press}
}

% Approved all correct
@inproceedings{zou-18-equifax,
    author = {Zou, Yixin and Mhaidli, Abraham H and McCall, Austin and Schaub, Florian},
    title = {{``I've Got Nothing to Lose'': Consumers' Risk Perceptions and Protective Actions after the Equifax Data Breach}},
    booktitle = {Symposium on Usable Privacy and Security},
    year = {2018},
    series = {SOUPS~'18},
    pages = {197--216},
    address = {Baltimore, Maryland, USA},
    month = aug,
    publisher = {USENIX}
}

% Approved all correct
@article{zou-19-useful-breach-notifications,
    author = {Zou, Yixin and Schaub, Florian},
    title = {{Beyond Mandatory: Making Data Breach Notifications Useful for Consumers}},
    journal = {IEEE Security \& Privacy},
    year = {2019},
    volume = {17},
    number = {2},
    pages = {67--72},
    month = mar,
    publisher = {IEEE}
}

% Approved all correct
@inproceedings{zou-19-might-be-affected,
    author = {Zou, Yixin and Danino, Shawn and Sun, Kaiwen and Schaub, Florian},
    title = {{You `Might' Be Affected: An Empirical Analysis of Readability and Usability Issues in Data Breach Notifications}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2019},
    series = {CHI~'19},
    pages = {194:1--194:14},
    address = {Glasgow, Scotland, United Kingdom},
    month = may,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{zou-20-identity-theft,
    author = {Zou, Yixin and Roundy, Kevin and Tamersoy, Acar and Shintre, Saurabh and Roturier, Johann and Schaub, Florian},
    title = {{Examining the Adoption and Abandonment of Security, Privacy, and Identity Theft Protection Practices}},
    booktitle = {ACM Conference on Human Factors in Computing Systems},
    year = {2020},
    series = {CHI~'20},
    pages = {1--15},
    address = {Honolulu, Hawaii, USA},
    month = apr,
    publisher = {ACM}
}

% Approved all correct
@inproceedings{zviran-90-cognitive-passwords,
    author = {Zviran, Moshe and Haga, William J.},
    title = {{User Authentication by Cognitive Passwords: An Empirical Assessment}},
    booktitle = {Jerusalem Conference on Information Technology},
    year = {1990},
    series = {JCIT~'90},
    pages = {137--144},
    address = {Jerusalem, Israel},
    month = oct,
    publisher = {IEEE}
}