Computer Laboratory

Passwords 2015

The 9th International Conference on Passwords
7, 8, 9 December 2015
University of Cambridge, United Kingdom

The Passwords conference was launched in 2010 as a response to the lack of robustness and usability of current personal authentication practices and solutions. Annual participation has doubled over the past three years. Since 2014, the conference accepts peer-reviewed papers.

This CFP is also available as plain text or two-page PDF.


Registration for Passwords15 is now closed. We look forward to seeing you in Cambridge

Important dates

Password15 submissions

The deadline for submission of tutorials and research papers has now passed.


  • Tutorial proposal submission: 2015-10-15
  • Notification of acceptance: 2015-11-02

Research papers and short papers

  • Title and abstract submission: 2015-09-01
  • Title and abstract submission: 2015-09-07
  • Paper submission: 2015-09-07
  • Paper submission: 2015-09-14
  • Notification of acceptance: 2015-11-02
  • Camera-ready from authors: 2015-11-16

Conference Aim

More than half a billion user passwords have been compromised over the last five years, including breaches at internet companies such as Target, Adobe, Heartland, Forbes, LinkedIn, Yahoo, and LivingSocial. Yet passwords, PIN codes, and similar remain the most prevalent method of personal authentication. Clearly, we have a systemic problem.

This conference gathers researchers, password crackers, and enthusiastic experts from around the globe, aiming to better understand the challenges surrounding the methods personal authentication and passwords, and how to adequately solve these problems. The Passwords conference series seek to provide a friendly environment for participants with plenty opportunity to communicate with the speakers before, during, and after their presentations.


We seek original contributions that present attacks, analyses, designs, applications, protocols, systems, practical experiences, and theory. Submitted papers may include, but are not limited to, the following topics, all related to passwords and authentication:

  • Technical challenges and issues:
    • Cryptanalytic attacks
    • Cryptographic formal attack models
    • Cryptographic protections
    • Cryptographic protocols
    • Dictionary attacks
    • Digital forensics
    • Online attacks
    • Rate-limiting
    • Side-channel attacks
    • Physical access control systems
  • Administrative challenges:
    • Account lifecycle management
    • User identification
    • Password resets
    • Cross-domain and multi-enterprise system access
    • Hardware token administration
  • Password “replacements”:
    • 2FA and multifactor authentication
    • Best practice reports
    • Costs and economy
    • Biometrics
    • Continous authentication
    • FIDO – U2F
  • The soft side of password security – humans:
    • Best practices
    • Social Engineering
    • Security usability
    • Design & UX
    • Memorability
    • Pattern predictability
    • Gestures and graphical patterns
    • Guessing attacks
    • Psychology
    • Statistics (languages, age, demographics…)

Instructions for authors

Papers must be submitted to Easychair at as PDF using the Springer LNCS format for Latex. Abstract and title must be submitted one week ahead of the paper deadline.

We seek submissions for review in the following three categories:

  • Research Papers
  • Short papers
  • Tutorials (talks without academic papers attached)

Research Papers should describe novel, previously unpublished technical contributions within the scope of the call. The papers will be subjected to double-blind peer review by the program committee. Paper length is limited to 16 pages (LNCS format) excluding references and well-marked appendices. The paper submitted for review must be anonymous, hence author names, affiliations, acknowledgements, or obvious references must be temporarily edited out for the review process. The program committee may reject non-anonymized papers without reading them. The submitted paper (PDF or PostScript format) must follow the template described by Springer at

Short Papers will also be subject to peer review, where the emphasis will be put on work in progress, hacker achievements, industrial experiences, and incidents explained, aiming at novelty and promising directions. Short paper submissions should not be more than 6 pages in standard LNCS format in total. A short paper must be labeled by the subtitle "Short Paper". Accepted short paper submissions may be included in the conference proceedings. Short papers do not need to be anonymous. The program committee may accept full research papers as short papers.

Tutorials are expected to explain new methods, techniques, tools, systems, and services within the Passwords scope. Tutorial proposals can be submitted in any format. They will be evaluated by a separate subcommittee led by Per Thorsheim, according to different criteria than those used for the refereed papers.

At least one of the authors of each accepted paper must register and present the paper at the workshop. Papers without a full registration will be withdrawn from the proceedings and from the workshop programme.

Papers that pass the peer review process and that are presented at the workshop will be included in the event proceedings, published by Springer in the Lecture Notes in Computer Science (LNCS) series.

Papers must be unpublished and not being considered elsewhere for publication. Plagiarism and self-plagiarism will be treated as a serious offense.

Program committee members may submit papers but program chairs may not.

The time frame for each presentation will be either 30 or 45 minutes, including Q&A. Publication will be by streaming, video and web.

passwords logo