The 7th International Conference on Passwords
                           8-10 December 2014

The Passwords conference was launched in 2010 as a response to the lack of
robustness and usability of current personal authentication practices and
solutions. Annual participation has doubled over the past three years.
This CFP is also available as a PDF here.

Venue: NTNU campus, Trondheim, Norway.

Conference Aim

The technical and practical problem addressed by the conference is
illustrated by the fact that more than half a billion user passwords have
been compromised over the last five years, including breaches at internet
companies such as Adobe, Twitter, Forbes, LinkedIn, Yahoo, and LivingSocial.
Yet passwords, PIN codes, and similar remain the most prevalent method
of personal authentication. Clearly, we have a systemic problem.

Passwords is the singular conference gathering researchers, password
crackers, and enthusiastic experts from around the globe, aiming to
better understand the challenges surrounding the methods personal
authentication and passwords, and how to adequately solve these problems.
The Passwords conference series seek to provide a friendly environment for
participants with plenty opportunity to communicate with the speakers
before, during, and after their presentations.


This call for papers seeks original contributions that present attacks,
analyses, designs, applications, protocols, systems, practical experiences,
and theory. Submitted papers may include, but are not limited to, the
following topics, all related to passwords and personal authentication:

Best practice reports
Costs and economy
Cryptanalytic attacks
Cryptographic formal attack models
Cryptographic protections
Cryptographic protocols
Dictionary attacks
Digital forensics
Gestures and graphical patterns
Guessing attacks
Hash functions
Human factors and behavior
Implementations and tests
Incident and attack reports
Key-stroke dynamics
Languages, letters and symbols
Management and authorization
Markov models
One-time passwords
Passphrase techniques
Password based encryption
Password based key derivation
Password based key exchange
Password protection
Password replacements
Passwords and biometrics
Performance and scalability
Physical traces and smudges
Rainbow tables and trade-offs
Reset and recovery procedures
Side-channel attacks
Single sign-on
Social engineering
Statistical patterns and analyses
Time-memory tradeoffs
Tokens and devices
Usability studies

We seek submissions for review in the following three categories:

(i) Research Papers    (ii) Short papers    (iii) Tutorials

Instructions for paper submission

Accepted papers presented at the workshop will be included in the event
proceedings and published by Springer in the Lecture Notes in Computer
Science (LNCS) series. All submission must be done at

Research Papers should describe novel, previously unpublished technical
contributions within the scope of the call. The papers will be in-depth
reviewed and selected using a double-blind review process by at least three
members of the program committee. Paper length is limited to 16 pages (LNCS
format) excluding references and well-marked appendices. The paper submitted
for review must be anonymous, hence author names, affiliations,
acknowledgements, or obvious references must be temporarily edited out for
the review process.  The submitted paper (PDF or PostScript format) must
follow the template described by Springer at

Short Papers will also be subject to peer review, where the emphasis will be
put on work in progress, hackers achievements, industrial experiences, and
incidents explained, aiming at novelty and promising directions. Short paper
submissions should not be more than 6 pages in standard LNCS format in total.
A short paper must be labeled by the subtitle "Short Paper." Accepted short
paper submissions may be included in the conference proceedings. Short papers
do not need to be anonymous.  The program committee may accept full research
papers as short papers.

Tutorial proposals are expected to explain new methods, techniques, tools,
systems, and services within the Passwords scope. The time frame is one hour.
Proposals can be submitted in any format. Publication will be by streaming,
video and web.

Important dates

Papers: Submissions by October 27, 2014. 
Acceptance notification: November 10, 2014.  
Tutorials: Proposals by November 10, 2014.

Conference Organizing Chair

Per Thorsheim, God Praksis AS

Technical Papers Program Committee

Stig F. Mjolsnes, (chair) Norwegian University of Science and Technology (N)
Jean-Phillipe Aumasson, Kudelski Security (CH)
Markus Durmuth, Ruhr-University Bochum (D)
Jeremy Gosney, Stricture Consulting Group (USA)
Tor Helleseth, University of Bergen (N)
Audun Josang, University of Oslo (N)
Stefan Lucks, Bauhaus-University Weimar (D)
Markku-Juhani O.  Saarinen, ERCIM Research Fellow at NTNU (N)
Frank Stajano, University of Cambridge (UK)
Kenneth White, Open Crypto Audit Project (USA)


FRISC, a research value network funded by the Norwegian Research Council.