Publications

A Large-Scale Analysis of the Semantic Password Model and Linguistic Patterns in Passwords. ACM Transactions on Privacy and Security (TOPS) (2021)
Towards Models for Quantifying the Known Adversary. Proceedings of the New Security Paradigms Workshop (NSPW) (2019)
Geographical Security Questions for Fallback Authentication. Proceedings of the 15th International Conference on Privacy, Security and Trust (PST) (2019)
Geographic Hints for Passphrase Authentication. Proceedings of the 15th International Conference on Privacy, Security and Trust (PST) (2019)
On Password Behaviours and Attitudes in Different Populations [Author’s preprint]. Journal of Information Security and Applications (2019)
Enhanced Tacit Secrets. International Journal of Information Security (2019)
Reinforcing System-Assigned Passphrases Through Implicit Learning. ACM SIGSAC Conference on Computer and Communications Security (CCS ’18) (2018)
System-Assigned Passwords You Can't Write Down, But Don't Need To. Proceedings of the 15th International Conference on Privacy, Security and Trust (PST) (2017)
An Exploration of Geographic Authentication Schemes. IEEE Transactions on Information Forensics and Security (TIFS) (2016)
Systems, methods, and computer program products for providing video-passwords for user authentication. Patent number: 8966614 (2015)
Crypto-Assistant: Towards Facilitating Developer’s Encryption of Sensitive Data. Proceedings of the 15th International Conference on Privacy, Security and Trust (PST) (2014)
The Presentation Effect on Graphical Passwords. Proceedings of the 32nd SIGCHI Conference on Human Factors in Computing Systems (CHI) (2014)
On the Semantic Patterns of Passwords and their Security Impact. Proceedings of the 2014 Network and Distributed System Security Symposium (NDSS) (2014)
Usability and Security Evaluation of GeoPass: a Geographic Location-Password Scheme. Proceedings of the Symposium on Usable Privacy and Security (SOUPS) (2013)
Visualizing Semantics in Passwords: The Role of Dates. Proceedings of the Symposium on Visualization for Cyber Security (VizSec) (2012)
Video-Passwords: Advertising While Authenticating. Proceedings of the New Security Paradigms Workshop (NSPW) (2012)
Exploiting Predictability in Click-Based Graphical Passwords. Journal of Computer Security (2011)
Purely Automated Attacks on PassPoints-Style Graphical Passwords. IEEE Transactions on Information Forensics and Security (2010)
On Purely Automated Attacks for Click-Based Graphical Passwords. Proceedings of the 24th Annual Computer Security Applications Conference (ACSAC) (2008)
On Predictive Models and User-Drawn Graphical Passwords. ACM Transactions on Information and System Security (TISSEC) (2008)
On the Predictability and Security of User Choice in Passwords. Ph.D. thesis (2008)
Human-Seeded Attacks and Exploiting Hot-Spots in Graphical Passwords. Proceedings of the 16th USENIX Security Symposium (2007)
Pass-thoughts: Authenticating With Our Minds. Proceedings of the ACSA 2005 New Security Paradigms Workshop (2005)
Highlights from the 2005 New Security Paradigms Workshop. 21st Annual Computer Security Applications Conference (ACSAC’05) (2005)
Towards Secure Design Choices for Implementing Graphical Passwords. Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC) (2004)
Graphical Dictionaries and the Memorable Space of Graphical Passwords. In Proceedings of the 13th USENIX Security Symposium (2004)
Analyzing User Choice in Graphical Passwords. Technical Report TR-04-01 (2004)