J. Bonneau and S. Preibusch, The password thicket: Technical and market failures in human authentication on the web, Inf. Secur, vol.8, pp.230-237, 2010.

J. Bonneau, C. Herley, P. C. Van-oorschot, and F. Stajano, The quest to replace passwords: A framework for comparative evaluation of web authentication schemes, Proceedings -IEEE Symposium on Security and Privacy, pp.553-567, 2012.

J. Bonneau, C. Herley, P. C. Van-oorschot, and F. Stajano, Passwords and the evolution of imperfect authentication, Commun. ACM, vol.58, pp.78-87, 2015.

V. Boothroyd and S. Chiasson, Writing down your password: Does it help?, Proceedings of 11th Annual Conference on Privacy, Security and Trust, PST 2013, pp.267-274, 2013.

A. S. Brown, E. Bracken, S. Zoccoli, and K. Douglas, Generating and remembering passwords, Appl. Cogn. Psychol, vol.18, pp.641-651, 2004.

M. Buhrmester, T. Kwang, and S. D. Gosling, Amazon's mechanical Turk: A new source of inexpensive, yet high-quality, data?, Perspect. Psychol. Sci, vol.6, issue.1, pp.3-5, 2011.

S. Chiasson, P. Oorschot, . Van, and R. Biddle, A usability study and critique of two password managers, 15th USENIX Security Symposium, pp.1-16, 2006.

R. Dhamija and A. Perrig, Déjà Vu: A User Study Using Images for Authentication, Proceedings of the 9th Conference on USENIX Security Symposium, pp.4-4, 2000.

D. Florencio and C. Herley, A large-scale study of web password habits, Proceedings of the 16th International Conference on the World Wide Web (WWW '07), pp.657-666, 2007.

S. Gaw and E. W. Felten, Password management strategies for online accounts, Proceedings of the second symposium on Usable privacy and Security (SOUPS '06), pp.44-66, 2006.

D. J. Hauser, G. Paolacci, and J. Chandler, Common concerns with MTurk as participant tool: Evidence and solutions, Handb. Res. Methods Consum. Psychol. pp, pp.1-43, 2018.

J. J. Horton, D. G. Rand, and R. J. Zeckhauser, The online laboratory: Conducting experiments in a real labor market, Exp. Econ, vol.14, pp.399-425, 2011.

J. Kaye, Jofish": Self-reported password sharing strategies, Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp.2619-2622, 2011.

P. G. Kelley, S. Komanduri, M. L. Mazurek, R. Shay, T. Vidas et al., Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms, Proceedings -IEEE Symposium on Security and Privacy, pp.523-537, 2012.

D. Kim and S. K. Kim, Comparing patterns of component loadings: Principal Component Analysis (PCA) versus Independent Component Analysis (ICA) in analyzing multivariate non-normal data, Behav. Res. Methods, vol.44, issue.4, pp.1239-1243, 2012.

A. Kittur, E. H. Chi, and B. Suh, Crowdsourcing user studies with Mechanical Turk, Proceedings of the SIGCHI conference on human factors in computing systems, pp.453-456, 2008.

W. Mason and S. Suri, Conducting behavioral research on Amazon's Mechanical Turk. Behavior research methods, vol.44, pp.1-23, 2012.

J. Murray, Likert data: what to use, parametric or non-parametric?, International Journal of Business and Social Science, vol.4, issue.11, pp.258-264, 2013.

G. Notoatmodjo and C. Thomborson, Passwords and perceptions, Conf. Res. Pract. Inf. Technol. Ser, vol.98, pp.71-78, 2009.

H. Petrie and B. Merdenyan, Cultural and Gender Differences in Password Behaviors, Proceedings of the 9th Nordic Conference on Human-Computer Interaction. ACM, pp.9-9, 2016.

K. Renaud and J. Ramsay, Now what was that password again? A more flexible way of identifying and authenticating our seniors, Behav. Inf. Technol, vol.26, pp.309-322, 2007.

S. Riley, Password security: what users know and what they actually do, Usability News, vol.8, issue.1, pp.2833-2836, 2006.

R. Rosenthal and R. L. Rosnow, Essentials of behavioral research: Methods and data analysis, vol.2, 1991.

T. Seitz, M. Hartmann, J. Pfab, and S. Souque, Do Differences in Password Policies Prevent Password Reuse? In: Proceedings of the 2017 CHI Conference Extended Abstracts on Human Factors in Computing Systems. ACM, pp.2056-2063, 2017.

R. Shay, S. Komanduri, P. G. Kelley, P. G. Leon, M. L. Mazurek et al., Encountering stronger password requirements: User attitudes and behaviors, Proceedings of the Sixth Symposium on Usable Privacy and Security, pp.1-20, 2010.

S. Singh, A. Cabraal, C. Demosthenous, G. Astbrink, and M. Furlong, Password sharing: implications for security design on social practice, Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp.895-904, 2007.

R. Strahan and K. C. Gerbasi, Short, homogeneous versions of the Marlow-Crowne Social Desirability Scale, Journal of clinical psychology, vol.28, issue.2, pp.191-193, 1972.

S. Suri and D. J. Watts, Cooperation and contagion in web-based, networked public goods experiments, PLoS One, vol.6, issue.3, 2011.

L. Tam, M. Glassman, and M. Vandenwauver, The psychology of password management: A tradeoff between security and convenience, Behaviour and Information Technology, vol.29, issue.3, pp.233-244, 2010.

B. Ur, P. Kelley, S. Komanduri, J. Lee, M. L. Maass et al., How does your password measure up? The effect of strength meters on password creation, Security'12 Proceedings of the 21st USENIX conference on Security symposium, pp.65-80, 2012.

B. Ur, J. Bees, R. Shay, N. Christin, F. Noma et al., I Added '!' at the End to Make It Secure": Observing Password Creation in the Lab, Proceedings of the eleventh Symposium On Usable Privacy and Security -SOUPS' 15, pp.123-140, 2015.

J. William, M. Zviran, and W. J. Haga, Password security: an empirical study, J. Manag. Inf. Syst, vol.15, pp.161-185, 1999.