Publications
2017
Thumprint: Socially-Inclusive Local Group Authentication Through Shared Secret Knocks
ACM Conference on Human Factors in Computing Systems (CHI)
2015
Knock x Knock: The Design and Evaluation of a Unified Authentication Management System
International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp)
Full Paper
authentication, password, smartphone, uniauth, usable privacy and security
Ph.D. Thesis
authentication, location, uniauth, usable privacy and security
Social Cybersecurity: Applying Social Psychology to Cybersecurity
Human Computer Interaction Consortium
Workshop Paper
2014
The Effect of Social Influence on Security Sensitivity
Symposium On Usable Privacy and Security (SOUPS)
Modeling Users’ Mobile App Privacy Preferences: Restoring Usability in a Sea of Permission Settings
Symposium On Usable Privacy and Security (SOUPS)
Full Paper
apps, preferences, privacy, smartphone, smartphone privacy, usable privacy and security
Styx: Design and Evaluation of a New Privacy Risk Communication Method for Smartphones
International Information Security and Privacy Conference (SEC)
Full Paper
privacy, risk, security, smartphone, smartphone privacy, usable privacy and security, user interface
2013
Why People Hate Your App — Making Sense of User Feedback in a Mobile App Store
Conference on Knowledge Discovery and Data Mining (KDD)
Full Paper
android, apps, mobile, smartphone, usable privacy and security
Smartphone Data at Scale: Small Devices, Big Opportunities, Bigger Risks
Human Computer Interaction Consortium
Workshop Paper
data mining, privacy, security, urban analytics, usable privacy and security
2012
Understanding the Implications of Offering More Disclosure Choices for Location Sharing
ACM Conference on Human Factors in Computing Systems (CHI)
Short Paper
location sharing, privacy, rules, usable privacy and security
WebTicket: Account Management Using Printable Tokens
ACM Conference on Human Factors in Computing Systems (CHI)
Full Paper
Expectation and Purpose: Understanding Users’ Mental Models of Mobile App Privacy through Crowdsourcing
International Conference on Ubiquitous Computing (Ubicomp)
Full Paper
android, crowdsourcing, mental model, mobile, privacy, smartphone, smartphone privacy, usable privacy and security
Goldilocks and the Two Mobile Devices: Going Beyond All-Or-Nothing Access to a Device's Applications
Symposium On Usable Privacy and Security (SOUPS)
Full Paper
access control, mobile, smartphone, usable privacy and security
OTO: Online Trust Oracle for User-Centric Trust Establishment
Conference on Computer and Communications Security (CCS)
Full Paper
The state of phishing attacks
Communications of the ACM
Journal Article
anti-phishing phil, phishguru, phishing, usable privacy and security
2011
A Diary Study of Password Usage in Daily Life
ACM Conference on Human Factors in Computing Systems (CHI)
Short Paper
Are you close with me? Are you nearby? Investigating social groups, closeness, and willingness to share
International Conference on Ubiquitous Computing (Ubicomp)
Master's Thesis
Security Through a Different Kind of Obscurity: Evaluating Distortion in Graphical Authentication Schemes
ACM Conference on Human Factors in Computing Systems (CHI)
Full Paper
authentication, mobile, password, usable privacy and security
Smartening the Crowds: Computational Techniques for Improving Human Verification to Fight Phishing Scams
Symposium on Usable Privacy and Security (SOUPS)
Full Paper
Understanding How Visual Representations of Location Feeds Affect End-User Privacy Concerns
International Conference on Ubiquitous Computing (Ubicomp)
Full Paper
location, location sharing, mobile, privacy, ubicomp privacy, usable privacy and security, visualization
2010
Locaccino: A Privacy-Centric Location Sharing Application
International Conference on Ubiquitous Computing (Ubicomp)
Workshop Paper
location, location sharing, mobile, ubicomp privacy, usable privacy and security
Teaching Johnny Not to Fall for Phish
ACM Transactions on Internet Technologies (ACM TOIT)
Journal Article
anti-phishing phil, phishguru, phishing, training, usable privacy and security
2009
An Empirical Analysis of Phishing Blacklists
Conference on Email and Spam (CEAS)
Full Paper
Improving Phishing Countermeasures: An Analysis of Expert Interviews
APWG eCrime Researcher’s Summit (eCrime)
Full Paper
School of Phish: A Real-World Evaluation of Anti-Phishing Training
Symposium on Usable Privacy and Security (SOUPS)
Full Paper
Usable Privacy and Security: A Grand Challenge for HCI
Human Computer Interaction Consortium
Workshop Paper
2008
Anti-Phishing Education
International Conference on E-Learning in the Workplace (ICELW)
Full Paper
Lessons From a Real World Evaluation of Anti-Phishing Training
APWG eCrime Researcher’s Summit (eCrime)
Full Paper
You've Been Warned: An Empirical Study of the Effectiveness of Web Browser Phishing Warnings
ACM Conference on Human Factors in Computing Systems (CHI)
Full Paper
2007
Anti-Phishing Phil: The Design and Evaluation of a Game That Teaches People Not to Fall for Phish
Symposium on Usable Privacy and Security (SOUPS)
Full Paper
anti-phishing phil, phishing, training, usable privacy and security
CANTINA: A Content-Based Approach to Detecting Phishing Web Sites
International Conference on World Wide Web (WWW)
Full Paper
Getting Users’ to Pay Attention to Anti-Phishing Education: Evaluation of Retention and Transfer
APWG eCrime Researcher’s Summit (eCrime)
Full Paper
Phinding Phish: An Evaluation of Anti-Phishing Toolbars
Network & Distributed System Security Conference (NDSS)
Full Paper
Protecting People from Phishing: The Design and Evaluation of an Embedded Training Email System
ACM Conference on Human Factors in Computing Systems (CHI)
Full Paper
