• Publications
  • Influence
"I regretted the minute I pressed share": a qualitative study of regrets on Facebook
TLDR
We investigate regrets associated with users' posts on a popular social networking site. Expand
  • 424
  • 35
  • PDF
Guess Again (and Again and Again): Measuring Password Strength by Simulating Password-Cracking Algorithms
TLDR
We develop an efficient distributed method for calculating how effectively several heuristic password-guessing algorithms guess passwords. Expand
  • 368
  • 30
  • PDF
Of passwords and people: measuring the effect of password-composition policies
TLDR
We present a large-scale study that investigates password strength, user behavior, and user sentiment across four password-composition policies and find that a number of commonly held beliefs about password composition and strength are inaccurate. Expand
  • 339
  • 26
  • PDF
Encountering stronger password requirements: user attitudes and behaviors
TLDR
A new password policy at Carnegie Mellon University requires users to create a complex password, but most users believe that they are now more secure. Expand
  • 308
  • 23
  • PDF
Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks
TLDR
We propose using artificial neural networks to model text passwords' resistance to guessing attacks and explore how different architectures and training methods impact neural networks' guessing effectiveness. Expand
  • 137
  • 23
  • PDF
How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation
TLDR
We present a 2,931-subject study of password creation in the presence of 14 password meters. Expand
  • 263
  • 21
  • PDF
Measuring Real-World Accuracies and Biases in Modeling Password Guessability
TLDR
We investigate how cracking approaches often used by researchers compare to real-world cracking by professionals, as well as how the choice of approach biases research conclusions. Expand
  • 124
  • 20
  • PDF
Measuring password guessability for an entire university
TLDR
We study the single-sign-on passwords used by over 25,000 faculty, staff, and students at a research university with a complex password policy. Expand
  • 181
  • 13
  • PDF
Bridging the Gap in Computer Security Warnings: A Mental Model Approach
TLDR
A mental model interview study designed to gain insight into how advanced and novice computer users perceive and respond to computer warnings. Expand
  • 161
  • 13
  • PDF
Correct horse battery staple: exploring the usability of system-assigned passphrases
TLDR
We explored the usability of 3- and 4-word system-assigned passphrases in comparison to system-Assigned passwords composed of 5 to 6 random characters, and 8-character system-ASSIGN pronounceable passwords. Expand
  • 127
  • 10
  • PDF