The The valuation of a given security policy is often predicated varying extent to which a compromised account at one service upon assumptions that fail in practice (e.g, (Blythe, Koppel, can escalate to compromise accounts on other services and Smith 2013)). For example, a plethora of password further complicates matters. And we're just scratching the discussions begin with the password paradox: users must surface. In such complex environments, a mathematical pick strong passwords-so strong that the average user cannot analysis of security can quickly become unwieldy, while a remember them-yet they must never be written down.