• Publications
  • Influence
Why phishing works
TLDR
To build systems shielding users from fraudulent (or phishing) websites, designers need to know which attack strategies work and why. Expand
  • 1,245
  • 105
  • PDF
Deja Vu-A User Study: Using Images for Authentication
TLDR
We address a fundamental weakness of knowledge-based authentication schemes and propose Deja Vu, which authenticates a user through her ability to recognize previously seen images. Expand
  • 916
  • 84
  • PDF
The battle against phishing: Dynamic Security Skins
TLDR
We propose a new scheme, Dynamic Security Skins, that allows a remote web server to prove its identity in a way that is easy for a human user to verify and hard for an attacker to spoof. Expand
  • 527
  • 22
  • PDF
The Emperor's New Security Indicators
TLDR
We present the first empirical investigation of site-authentication images, and we find them to be ineffective: even when we removed them, 23 of the 25 (92%) participants who used their own accounts entered their passwords. Expand
  • 425
  • 17
  • PDF
The Seven Flaws of Identity Management: Usability and Security Challenges
TLDR
Identity management systems let users leverage one identifier across multiple Web services by separating the role of and IdP from the RP. Expand
  • 177
  • 17
Use Your Illusion: secure authentication usable anywhere
TLDR
We propose Use Your Illusion, a novel mechanism for user authentication that is secure and usable regardless of the size of the device on which it is used. Expand
  • 143
  • 15
  • PDF
Stopping spyware at the gate: a user study of privacy, notice and spyware
TLDR
We discovered that regardless of the bundled content, users will often install an application if they believe the utility is high enough. Expand
  • 134
  • 13
  • PDF
Animated exploration of dynamic graphs with radial layout
TLDR
We describe a new animation technique for supporting interactive exploration of a graph. Expand
  • 277
  • 9
  • PDF
The Emperor's New Security Indicators An evaluation of website authentication and the effect of role playing on usability studies †
We evaluate website authentication measures that are designed to protect users from man-in-the-middle, ‘phishing’, and other site forgery attacks. We asked 67 bank customers to conduct common onlineExpand
  • 144
  • 6
  • PDF
Hash visualization in user authentication
TLDR
In this paper, we have investigated how the usability and security of user authentication systems can be improved by replacing text strings with structured images. Expand
  • 50
  • 3
  • PDF