• Publications
  • Influence
Why phishing works
TLDR
This paper provides the first empirical evidence about which malicious strategies are successful at deceiving general users by analyzing a large set of captured phishing attacks and developing a set of hypotheses about why these strategies might work.
Deja Vu-A User Study: Using Images for Authentication
TLDR
Deja Vu is a recognition-based authentication system, which authenticates a user through her ability to recognize previously seen images, which is more reliable and easier to use than traditional recall-based schemes, which require the user to precisely recall passwords or PINs.
The battle against phishing: Dynamic Security Skins
TLDR
A new scheme is proposed, Dynamic Security Skins, that allows a remote web server to prove its identity in a way that is easy for a human user to verify and hard for an attacker to spoof.
The Emperor's New Security Indicators
TLDR
The first empirical evidence that role playing affects participants' security behavior is contributed: role-playing participants behaved significantly less securely than those using their own passwords.
The Seven Flaws of Identity Management: Usability and Security Challenges
TLDR
By separating the role of and IdP from the RP, identity management systems let users leverage one identifier across multiple Web services.
Use Your Illusion: secure authentication usable anywhere
TLDR
This paper proposes and evaluates Use Your Illusion, a novel mechanism for user authentication that is secure and usable regardless of the size of the device on which it is used and demonstrates that, regardless of their age or gender, users are very skilled at recognizing degraded versions of self-chosen images, even on small displays and after time periods of one month.
Stopping spyware at the gate: a user study of privacy, notice and spyware
TLDR
An ecological study of users installing five real world applications found that privacy and security become important factors when choosing between two applications with similar functionality, and that providing vague information in EULAs and short notices can create an unwarranted impression of increased security.
Animated exploration of dynamic graphs with radial layout
TLDR
A method for animating the transition to a new layout when a new focus node is selected, which linearly interpolates the polar coordinates of the nodes, while enforcing ordering and orientation constraints.
The Emperor's New Security Indicators An evaluation of website authentication and the effect of role playing on usability studies †
TLDR
The first empirical investigation of site-authentication images is presented, and they are found to be ineffective: even when they were removed, 23 of the 25 participants who used their own accounts entered their passwords when these indicators were removed.
Hash visualization in user authentication
TLDR
This paper has investigated how the usability and security of user authentication systems can be improved by replacing text strings with structured images.
...
...