• Publications
  • Influence
Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks
TLDR
We propose using artificial neural networks to model text passwords' resistance to guessing attacks and explore how different architectures and training methods impact neural networks' guessing effectiveness. Expand
  • 142
  • 24
  • PDF
Measuring Real-World Accuracies and Biases in Modeling Password Guessability
TLDR
We investigate how cracking approaches often used by researchers compare to real-world cracking by professionals, as well as how the choice of approach biases research conclusions. Expand
  • 128
  • 22
  • PDF
Usability and Security of Text Passwords on Mobile Devices
TLDR
We compare the strength and usability of passwords created on mobile devices with those created and used on desktops, while varying password policy requirements and input methods. Expand
  • 72
  • 8
  • PDF
Design and Evaluation of a Data-Driven Password Meter
TLDR
We describe the development and evaluation of a data-driven password meter that provides accurate strength measurement and actionable, detailed feedback to users. Expand
  • 67
  • 8
  • PDF
Riding out DOMsday: Towards Detecting and Preventing DOM Cross-Site Scripting
TLDR
We measure the prevalence of DOM XSS vulnerabilities, evaluate and inform the design of static-analysis tools, and assess the viability of other methods for preventing DOMXSS vulnerabilities. Expand
  • 23
  • 5
  • PDF
A Spoonful of Sugar?: The Impact of Guidance and Feedback on Password-Creation Behavior
TLDR
This paper examines how feedback and guidance affect password security and usability. Expand
  • 63
  • 3
  • PDF
(Do Not) Track Me Sometimes: Users’ Contextual Preferences for Web Tracking
TLDR
We report on the first detailed study of the perceived benefits and risks of tracking-and the reasons behind them-conducted in the context of users’ own browsing histories. Expand
  • 48
  • 3
  • PDF
A comparison of users' perceptions of and willingness to use Google, Facebook, and Google+ single-sign-on functionality
TLDR
Identity providers such as Google and Facebook are increasingly used to sign in to third-party services like Flickr and USA Today. Expand
  • 17
  • 2
  • PDF
Diversify to Survive: Making Passwords Stronger with Adaptive Policies
TLDR
In this paper, we investigate the usability and security of adaptive password-composition policies, which dynamically change password requirements over time as users create new passwords. Expand
  • 28
  • 1
  • PDF
Towards Privacy-Aware Smart Buildings: Capturing, Communicating, and Enforcing Privacy Policies and Preferences
TLDR
We introduce a framework where IoT Assistants capture and manage the privacy preferences of their users and communicate them to privacy-aware smart buildings, which enforce them when collecting user data or sharing it with building services. Expand
  • 24
  • 1
  • PDF