• Publications
  • Influence
Practical trigger-action programming in the smart home
We investigate the practicality of letting average users customize smart-home devices using trigger-action ("if, then") programming. We find trigger-action programming can express most desiredExpand
  • 224
  • 23
Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks
Human-chosen text passwords, today's dominant form of authentication, are vulnerable to guessing attacks. Unfortunately, existing approaches for evaluating password strength by modeling adversarialExpand
  • 125
  • 22
How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation
To help users create stronger text-based passwords, many web sites have deployed password meters that provide visual feedback on password strength. Although these meters are in wide use, theirExpand
  • 249
  • 20
Trigger-Action Programming in the Wild: An Analysis of 200,000 IFTTT Recipes
While researchers have long investigated end-user programming using a trigger-action (if-then) model, the website IFTTT is among the first instances of this paradigm being used on a large scale. ToExpand
  • 124
  • 20
Measuring Real-World Accuracies and Biases in Modeling Password Guessability
Parameterized password guessability--how many guesses a particular cracking algorithm with particular training data would take to guess a password--has become a common metric of password security.Expand
  • 118
  • 19
Smart, useful, scary, creepy: perceptions of online behavioral advertising
We report results of 48 semi-structured interviews about online behavioral advertising (OBA). We investigated non-technical users' attitudes about and understanding of OBA, using participants'Expand
  • 233
  • 14
Measuring password guessability for an entire university
Despite considerable research on passwords, empirical studies of password strength have been limited by lack of access to plaintext passwords, small data sets, and password sets specificallyExpand
  • 174
  • 13
SmartAuth: User-Centered Authorization for the Internet of Things
Internet of Things (IoT) platforms often require users to grant permissions to third-party apps, such as the ability to control a lock. Unfortunately, because few users act based upon, or evenExpand
  • 83
  • 12
Why Johnny can't opt out: a usability evaluation of tools to limit online behavioral advertising
We present results of a 45-participant laboratory study investigating the usability of nine tools to limit online behavioral advertising (OBA). We interviewed participants about OBA and recordedExpand
  • 148
  • 11
Correct horse battery staple: exploring the usability of system-assigned passphrases
Users tend to create passwords that are easy to guess, while system-assigned passwords tend to be hard to remember. Passphrases, space-delimited sets of natural language words, have been suggested asExpand
  • 123
  • 10