Passwords 2016
5-7 Dec. 2016
Bochum, Germany
11th International Conference on Passwords
Passwords 2016

Call for Papers

The Passwords conference was launched in 2010 as a response to the lack of robustness and usability of current personal authentication practices and solutions. Annual participation has doubled over the past three years. Since 2014, the conference accepts peer-reviewed papers.

Important Dates

Research papers and short papers

  • Title and abstract submission: 2016-08-22 (23:59 UTC-11)
  • Paper submission: 2016-08-29 (23:59 UTC-11)
  • Notification of acceptance: 2016-10-17
  • Camera-ready from authors: 2016-10-31

"Hacker Talks"

  • Talk proposal submission: 2016-09-15 (23:59 UTC-11)
  • Notification of acceptance: 2016-09-30

Conference Aim

More than half a billion user passwords have been compromised over the last five years, including breaches at internet companies such as Target, Adobe, Heartland, Forbes, LinkedIn, Yahoo, and LivingSocial. Yet passwords, PIN codes, and similar remain the most prevalent method of personal authentication. Clearly, we have a systemic problem.

This conference gathers researchers, password crackers, and enthusiastic experts from around the globe, aiming to better understand the challenges surrounding the methods personal authentication and passwords, and how to adequately solve these problems. The Passwords conference series seek to provide a friendly environment for participants with plenty opportunity to communicate with the speakers before, during, and after their presentations.


We seek original contributions that present attacks, analyses, designs, applications, protocols, systems, practical experiences, and theory. Submitted papers may include, but are not limited to, the following topics, all related to passwords and authentication:

  • Technical challenges and issues:
    • Cryptanalytic attacks
    • Formal attack models
    • Cryptographic protocols
    • Dictionary attacks
    • Digital forensics
    • Online attacks/Rate-limiting
    • Side-channel attacks
  • Administrative challenges:
    • Account lifecycle management
    • User identification
    • Password resets
    • Cross-domain and multi-enterprise system access
    • Hardware token administration
  • Password “replacements”:
    • 2FA and multifactor authentication
    • Risk-based authentication
    • Password managers
    • Costs and economy
    • Biometrics
    • Continous authentication
    • FIDO – U2F
  • Deployed systems:
    • Best practice reports
    • Incident reports/Lessons learned
  • Human factors:
    • Usability
    • Design & UX
    • Social Engineering
    • Memorability
    • Accessibility
    • Pattern predictability
    • Gestures and graphical patterns
    • Psychology
    • Statistics (languages, age, demographics…)
    • Ethics

Instructions for authors

Papers must be submitted as PDF using the Springer LNCS format for Latex. Abstract and title must be submitted one week ahead of the paper deadline.

Submisions for research and short papers are handled via Easychair

We seek submissions for review in the following three categories:

  • Research Papers
  • Short Papers
  • "Hacker Talks" (talks without academic papers attached)

Research Papers should describe novel, previously unpublished technical contributions within the scope of the call. The papers will be subjected to double-blind peer review by the program committee. Paper length is limited to 16 pages (LNCS format) excluding references and well-marked appendices. The paper submitted for review must be anonymous, hence author names, affiliations, acknowledgements, or obvious references must be temporarily edited out for the review process. The program committee may reject non-anonymized papers without reading them. The submitted paper (in PDF format) must follow the template described by Springer at

Short Papers will also be subject to peer review, where the emphasis will be put on work in progress, hacker achievements, industrial experiences, and incidents explained, aiming at novelty and promising directions. Short paper submissions should not be more than 6 pages in standard LNCS format in total. A short paper must be labeled by the subtitle "Short Paper". Accepted short paper submissions may be included in the conference proceedings. Short papers do not need to be anonymous. The program committee may accept full research papers as short papers.

Hacker Talks are presentations without an academic paper attached. They will typically explain new methods, techniques, tools, systems, or services within the Passwords scope. Proposals for Hacker Talks can be submitted by anybody ("hackers", academics, students, enthusiasts, etc.) in any format, but typically will include a brief (2-3 paragraphs) description of the talk's content and the person presenting. They will be evaluated by a separate subcommittee led by Per Thorsheim, according to different criteria than those used for the refereed papers.

At least one of the authors of each accepted paper must register and present the paper at the workshop. Papers without a full registration will be withdrawn from the proceedings and from the workshop programme.

Papers that pass the peer review process and that are presented at the workshop will be included in the event proceedings, published by Springer in the Lecture Notes in Computer Science (LNCS) series.

Papers must be unpublished and not being considered elsewhere for publication. Plagiarism and self-plagiarism will be treated as a serious offense.

Program committee members may submit papers but program chairs may not.

The time frame for each presentation will be either 30 or 45 minutes, including Q&A. Publication will be by streaming, video and web.