Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms.   [PDF, BibTeX, ]
Patrick Gage Kelley, Saranga Komanduri, Michelle L. Mazurek, Richard Shay, Tim Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, and Julio Lopez.
In Proceedings of the 2012 IEEE Symposium on Security and Privacy, pages 523–537, May 2012. IEEE. © IEEE  DOI:10.1109/SP.2012.38