Y. Acar, M. Backes, S. Fahl, D. Kim, M. L. Mazurek et al., How internet resources might be helping you develop faster but less securely, IEEE Security Privacy, vol.15, issue.2, pp.50-60, 2017.

Y. Acar, S. Fahl, and M. L. Mazurek, You are not your developer, either: A research agenda for usable security and privacy research beyond end users, IEEE Cybersecurity Development -SecDev, pp.3-8, 2016.


N. Alkaldi and K. Renaud, Why do people adopt, or reject, smartphone password managers?, Proceedings of EuroUSEC (2016), eprint on Enlighten: Publications 4. Amazon Alexa: 500 global sites, 2019.

R. Baskerville, F. Rowe, and F. C. Wolff, Functionality vs. security in is: Tradeoff or equilibrium, International Conference on Information Systems, pp.1210-1229, 2012.

R. Baskerville, P. Spagnoletti, and J. Kim, Incident-centered information security: Managing a strategic balance between prevention and response, Information & management, vol.51, issue.1, pp.138-151, 2014.

S. M. Bellovin and M. Merritt, Encrypted key exchange: Password-based protocols secure against dictionary attacks, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy, pp.72-84, 1992.

A. Biryukov, D. Dinu, and D. Khovratovich, Argon2: new generation of memoryhard functions for password hashing and other applications, IEEE European Symposium on Security and Privacy -EuroS&P, pp.292-302, 2016.

C. I. Center, 18th statistical survey report on the internet development in china. Tech. rep., CINIC, 2006.

C. Cimpanu, Extended validation (ev) certificates abused to create insanely believable phishing sites, 2017.

M. Dürmuth and T. Kranz, On password guessing with gpus and fpgas, pp.19-38, 2015.

S. Eskandari, A. Leoutsarakos, T. Mursch, and J. Clark, A first look at browserbased cryptojacking, 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pp.58-66, 2018.

A. P. Felt, R. Barnes, A. King, C. Palmer, C. Bentzel et al., Measuring {HTTPS} adoption on the web, 26th {USENIX} Security Symposium ({USENIX} Security 17), pp.1323-1338, 2017.

D. Florêncio, C. Herley, and P. C. Van-oorschot, An administrator's guide to internet password research, vol.14, pp.35-52, 2014.

C. Ge, L. Xu, W. Qiu, Z. Huang, J. Guo et al., Optimized password recovery for sha-512 on gpus, IEEE International Conference on Computational Science and Engineering -CSE -and Embedded and Ubiquitous Computing -EUC, vol.2, pp.226-229, 2017.

N. K. Blanchard,

D. Goodin, Once seen as bulletproof, 11 million+ ashley madison passwords already cracked, 2015.

M. Green, Let's talk about pake, 2018.

T. C. Hales, The NSA back door to NIST, Notices of the AMS, vol.61, issue.2, pp.190-209, 2013.

P. Hannay and G. Baatard, The 2011 idn homograph attack mitigation survey, Proceedings of the International Conference on Security and Management (SAM'12), 2012.

G. Hatzivasilis, I. Papaefstathiou, and C. Manifavas, Password hashing competitionsurvey and benchmark, IACR Cryptology ePrint Archive, 2015.

T. Holgers, D. E. Watson, and S. D. Gribble, Cutting through the confusion: A measurement study of homograph attacks, USENIX Annual Technical Conference, pp.261-266, 2006.

, Independent Security Evaluators: Password managers: Under the hood of secrets management, 2019.

B. Ives, K. R. Walsh, and H. Schneider, The domino effect of password reuse, Communications of the ACM, vol.47, issue.4, pp.75-78, 2004.


D. Jaeger, C. Pelchen, H. Graupner, F. Cheng, and C. Meinel, Analysis of publicly leaked credentials and the long story of password (re-) use, Proc. Int. Conf. Passwords, 2016.

S. Jarecki, H. Krawczyk, and J. Xu, Opaque: an asymmetric pake protocol secure against pre-computation attacks, Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp.456-486, 2018.

M. Karyda and L. Mitrou, Data breach notification: Issues and challenges for security management, Mediterranean Conference on Information Systems, 2016.

S. Khandelwal, Facebook caught asking some users passwords for their email accounts, 2019.

K. Kisa and E. Tatli, Analysis of http security headers in turkey, International Journal of Information Security Science, vol.5, issue.4, pp.96-105, 2016.

S. Komanduri, R. Shay, P. G. Kelley, M. L. Mazurek, L. Bauer et al., Of passwords and people: Measuring the effect of passwordcomposition policies, Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp.2595-2604, 2011.

M. Kranch and J. Bonneau, Upgrading https in mid-air, Proceedings of thz 2015 Network and Distributed System Security Symposium. NDSS, 2015.

B. Krebs, Twitter to all users: Change your password now!, 2018.

B. Krebs, Facebook stored hundreds of millions of user passwords in plain text for years, 2019.

H. Kumar, S. Kumar, R. Joseph, D. Kumar, S. K. Singh et al., Rainbow table to crack password using md5 hashing algorithm, IEEE Conference on Information & Communication Technologies -ICT, pp.433-439, 2013.

L. B. Martinkauppi and Q. He, Performance Evaluation and Comparison of Standard Cryptographic Algorithms and Chinese Cryptographic Algorithms, 2019.

M. L. Mazurek, S. Komanduri, T. Vidas, L. Bauer, N. Christin et al., Measuring password guessability for an entire university, Proceedings of the 2013 ACM SIGSAC Conference on Computer Communications Security, pp.173-186, 2013.

T. Mcelroy, P. Hannay, and G. Baatard, The 2017 idn homograph attack mitigation survey, Proceedings of the 15th Australian Information Security Management Conference, 2017.

R. Morris and K. Thompson, Password security: A case history, Communications of the ACM, vol.22, issue.11, pp.594-597, 1979.

D. M'raihi, S. Machani, M. Pei, and J. Rydell, Rfc6238: Totp: Time-based one-time password algorithm, 2011.

P. Peng, C. Xu, L. Quinn, H. Hu, B. Viswanath et al., What happens after you leak your password: Understanding credential sharing on phishing sites, AsiaCCS 2019, pp.181-192, 2019.

E. Schechter, Moving towards a more secure web, credential spill report. Tech. rep., Shape Security, 2016.

J. Siegrist, Lastpass hacked -identified early & resolved, 2015.

M. Sprengers, GPU-based Password Cracking, 2011.

, State Council of the People's Republic of China: Regulations on administration of business premises for internet access services, p.23, 2002.

M. D. Swaine, Chinese views on cybersecurity in foreign relations, China Leadership Monitor, issue.42, 2013.

T. Tryfonas, M. Carter, T. Crick, and P. Andriotis, Mass surveillance in cyberspace and the lost art of keeping a secret, International Conference on Human Aspects of Information Security, Privacy, and Trust, pp.174-185, 2016.

T. Vyas and P. Dolanjski, Communicating the dangers of non-secure http, 2017.

Z. Whittaker, Github says bug exposed some plaintext passwords, 2018.

F. Wiemer and R. Zimmermann, High-speed implementation of bcrypt password search using special-purpose hardware, International Conference on ReCon-Figurable Computing and FPGAs -ReConFig, pp.1-6, 2014.

T. Wu, The SRP authentication and key exchange system, 2000.