Usable privacy and security researchers have developed a variety of approaches to
represent risk to research participants. To understand how these approaches are used and …

From the end of the last century to date, consumers are increasingly living their lives online.
In today's world, the average person spends a significant proportion of their time connecting …

Human-chosen text passwords, today's dominant form of authentication, are vulnerable to
guessing attacks. Unfortunately, existing approaches for evaluating password strength by …

Password-composition policies are the result of service providers becoming increasingly
concerned about the security of online accounts. These policies restrict the space of user …

We examined the policies of 120 of the most popular websites for when a user creates a
new password for their account. Despite well-established advice that has emerged from the …

Multiple mechanisms exist to encourage users to create stronger passwords, including
minimum-length and character-class requirements, prohibiting blocklisted passwords, and …

Password managers (PMs) are considered highly effective tools for increasing security, and
a recent study by Pearman et al.(SOUPS'19) highlighted the motivations and barriers to …

Due to the prevalence of online services in modern society, such as internet banking and
social media, it is important for users to have an understanding of basic security measures in …

We provide the first comprehensive study of user-chosen 4-and 6-digit PINs (n= 1220)
collected on smartphones with participants being explicitly primed for device unlocking. We …

How can we encourage end-user acceptance of expert recommended cybersecurity and
privacy (S&P) behaviors? We review prior art in human-centered S&P and identified three …