• Publications
  • Influence
Guess Again (and Again and Again): Measuring Password Strength by Simulating Password-Cracking Algorithms
Text-based passwords remain the dominant authentication method in computer systems, despite significant advancement in attackers' capabilities to perform password cracking. In response to thisExpand
  • 358
  • 28
Of passwords and people: measuring the effect of password-composition policies
Text-based passwords are the most common mechanism for authenticating humans to computer systems. To prevent users from picking passwords that are too easy for an adversary to guess, systemExpand
  • 324
  • 26
A "nutrition label" for privacy
We used an iterative design process to develop a privacy label that presents to consumers the ways organizations collect, use, and share personal information. Many surveys have shown that consumersExpand
  • 282
  • 25
Encountering stronger password requirements: user attitudes and behaviors
Text-based passwords are still the most commonly used authentication mechanism in information systems. We took advantage of a unique opportunity presented by a significant change in the CarnegieExpand
  • 295
  • 22
How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation
To help users create stronger text-based passwords, many web sites have deployed password meters that provide visual feedback on password strength. Although these meters are in wide use, theirExpand
  • 248
  • 20
Understanding and capturing people’s privacy policies in a mobile social networking application
A number of mobile applications have emerged that allow users to locate one another. However, people have expressed concerns about the privacy implications associated with this class of software,Expand
  • 317
  • 19
Privacy as part of the app decision-making process
Smartphones have unprecedented access to sensitive personal information. While users report having privacy concerns, they may not actively consider privacy while downloading apps from smartphoneExpand
  • 217
  • 19
A Conundrum of Permissions: Installing Applications on an Android Smartphone
Each time a user installs an application on their Android phone they are presented with a full screen of information describing what access they will be granting that application. This information isExpand
  • 293
  • 17
Who's viewed you?: the impact of feedback in a mobile location-sharing application
Feedback is viewed as an essential element of ubiquitous computing systems in the HCI literature for helping people manage their privacy. However, the success of online social networks and existingExpand
  • 192
  • 16
Location-Sharing Technologies: Privacy Risks and Controls
Due to the ability of cell phone providers to use cell phone towers to pinpoint users’ locations, federal E911 requirements, the increasing popularity of GPS-capabilities in cellular phones, and theExpand
  • 170
  • 15