HomeBioPublicationsTeachingOutreachMusicTheaterPhotography
CHI
2017

Best Paper
Award
Design and Evaluation of a Data-Driven Password Meter
Blase Ur, Felicia Alfieri, Maung Aung, Lujo Bauer, Nicolas Christin, Jessica Colnago, Lorrie Faith Cranor, Henry Dixon, Pardis Emami Naeini, Hana Habib, Noah Johnson, William Melicher.
Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI). Denver, CO, May 2017 (forthcoming).
[ Paper (forthcoming) | Slides (forthcoming) | Video preview | Code (forthcoming) ]
CHI
2017
Can Unicorns Help Users Compare Crypto Key Fingerprints?
Joshua Tan, Lujo Bauer, Joseph Bonneau, Lorrie Faith Cranor, Jeremy Thomas, Blase Ur.
Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI). Denver, CO, May 2017 (forthcoming).
[ Paper | Video preview ]
USEC
2017
Password Creation in the Presence of Blacklists
Hana Habib, Jessica Colnago, William Melicher, Blase Ur, Sean Segreti, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor.
Proceedings of the NDSS Workshop on Usable Security 2017 (USEC). San Diego, CA, February 2017 (forthcoming).
[ Paper (forthcoming) ]
PhD
Thesis
Supporting Password-Security Decisions with Data
Blase Ur.
Carnegie Mellon University PhD Thesis. Pittsburgh, Pennsylvania, September 2016.
[ Paper ]
USENIX
Security
2016

Best Paper
Award
Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks
William Melicher, Blase Ur, Sean M. Segreti, Saranga Komanduri, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor.
Proceedings of the 25th USENIX Security Symposium. Austin, TX, August 2016.
[ Paper | Video preview | Code ]
CHI
2016
Honorable
Mention for
Best Paper
Do Users' Perceptions of Password Security Match Reality?
Blase Ur, Jonathan Bees, Sean M. Segreti, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor.
Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI). San Jose, CA, May 2016.
[ Paper | Slides | Video preview | Press ]
CHI
2016
Trigger-Action Programming in the Wild: An Analysis of 200,000 IFTTT Recipes
Blase Ur, Melwyn Pak Yong Ho, Stephen Brawner, Jiyun Lee, Sarah Mennicken, Noah Picard, Diane Schulze, Michael L. Littman.
Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI). San Jose, CA, May 2016.
[ Paper | Slides | Video preview ]
CHI
2016
Usability and Security of Text Passwords on Mobile Devices
William Melicher, Darya Kurilova, Sean M. Segreti, Pranshu Kalvani, Richard Shay, Blase Ur, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Michelle L. Mazurek.
Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI). San Jose, CA, May 2016.
[ Paper ]
TWEB
2016
A Large-Scale Evaluation of U.S. Financial Institutions' Standardized Privacy Notices
Lorrie Faith Cranor, Pedro Giovanni Leon, Blase Ur.
ACM Transactions on the Web (TWEB) 10(3):17. 2016.
[ Paper ]
TISSEC
2016
Designing Password Policies for Strength and Usability
Richard Shay, Saranga Komanduri, Adam L. Durity, Philip (Seyoung) Huh, Michelle L. Mazurek, Sean M. Segreti, Blase Ur, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor.
ACM Transactions on Information and System Security (TISSEC) 18(4):13. 2016.
[ Paper ]
USEC
2016
Watching Them Watching Me: Browser Extensions' Impact on User Privacy Awareness and Concern
Florian Schaub, Aditya Marella, Pranshu Kalvani, Blase Ur, Chao Pan, Emily Forney, Lorrie Faith Cranor.
Proceedings of the NDSS Workshop on Usable Security 2016 (USEC). San Diego, California, February 2016.
[ Paper ]
SPSM
2015
Supporting Privacy-Conscious App Update Decisions with User Reviews
Yuan Tian, Bin Liu, Weisi Dai, Blase Ur, Patrick Tague, and Lorrie Faith Cranor.
Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices. Denver, CO, October 2015.
[ Paper ]
USENIX
Security
2015
Measuring Real-World Accuracies and Biases in Modeling Password Guessability
Blase Ur, Sean M. Segreti, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Saranga Komanduri, Darya Kurilova, Michelle L. Mazurek, William Melicher, Richard Shay.
Proceedings of the 24th USENIX Security Symposium. Washington, DC, August 2015.
[ Paper | Slides | Video preview | Password Guessability Service ]
SOUPS
2015
"I Added '!' at the End to Make It Secure": Observing Password Creation in the Lab
Blase Ur, Fumiko Noma, Jonathan Bees, Sean M. Segreti, Richard Shay, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor.
Proceedings of the Eleventh Symposium On Usable Privacy and Security (SOUPS). Ottawa, Canada, July 2015.
[ Paper | Slides ]
CHI
2015
A Spoonful of Sugar? The Impact of Guidance and Feedback on Password-Creation Behavior
Richard Shay, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Alain Forget, Saranga Komanduri, Michelle L. Mazurek, William Melicher, Sean M. Segreti, Blase Ur.
Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI). Seoul, South Korea, April 2015.
[ Paper | Slides | Press ]
USEC
2015
Biometric Authentication on iPhone and Android: Usability, Perceptions, and Influences on Adoption
Chandrasekhar Bhagavatula, Blase Ur, Kevin Iacovino, Su Mon Kywe, Lorrie Faith Cranor, Marios Savvides.
Proceedings of the NDSS Workshop on Usable Security 2015 (USEC). San Diego, California, February 2015.
[ Paper | Slides ]
UbiComp
2014

Best Paper
Award
Intruders Versus Intrusiveness: Teens' and Parents' Perspectives on Home-Entryway Surveillance
Blase Ur, Jaeyeon Jung, Stuart Schechter.
Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp). Seattle, Washington, September 2014.
[ Paper | Slides ]
SOUPS
2014
Parents' and Teens' Perspectives on Privacy In a Technology-Filled World
Lorrie Faith Cranor, Adam L. Durity, Abigail Marsh, Blase Ur.
Proceedings of the Tenth Symposium On Usable Privacy and Security (SOUPS). Mountain View, California, July 2014.
[ Paper ]
CHI
2014
Practical Trigger-Action Programming in the Smart Home
Blase Ur, Elyse McManus, Melwyn Pak Yong Ho, Michael L. Littman.
Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI). Toronto, ON, Canada, April 2014.
[ Paper | Slides | Video preview | Press ]
CHI
2014
Can long passwords be secure and usable?
Richard Shay, Saranga Komanduri, Adam L. Durity, Philip (Seyoung) Huh, Michelle L. Mazurek, Sean M. Segreti, Blase Ur, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor.
Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI). Toronto, ON, Canada, April 2014.
[ Paper ]
Book
Chapter
(2014)
Chapter 5: Tracking and Surveillance
Lorrie Faith Cranor, Manya Sleeper, Blase Ur.
Introduction to IT Privacy: A Handbook for Technologists. (Travis Breaux, Executive Editor.) IAPP, 2014.
[ Unedited first draft ]
CCS
2013
Measuring Password Guessability for an Entire University
Michelle Mazurek, Saranga Komanduri, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Patrick Gage Kelley, Richard Shay, Blase Ur.
Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS). Berlin, Germany, November 2013.
[ Paper | Press ]
WPES
2013
The Post Anachronism: The Temporal Dimension of Facebook Privacy
Lujo Bauer, Lorrie Faith Cranor, Saranga Komanduri, Michelle L. Mazurek, Michael K. Reiter, Manya Sleeper, Blase Ur.
Workshop on Privacy in the Electronic Society. Berlin, Germany, November 2013.
[ Paper | Slides ]
I/S
Journal
2013
{Privacy, Privacidad, Приватност} Policies in Social Media: Providing Translated Privacy Notice
Blase Ur, Manya Sleeper, Lorrie Faith Cranor.
I/S: A Journal of Law and Policy for the Information Society. 9(2): 201--243. Summer 2013
[ Paper | Link ]
SOUPS
2013
What Matters to Users? Factors that Affect Users’ Willingness to Share Information with Online Advertisers
Pedro G. Leon, Blase Ur, Yang Wang, Manya Sleeper, Rebecca Balebako, Richard Shay, Lujo Bauer, Mihai Christodorescu, Lorrie Faith Cranor.
Proceedings of the Ninth Symposium On Usable Privacy and Security (SOUPS). Newcastle, UK, July 2013.
[ Paper ]
HUPS
2013
The Current State of Access Control for Smart Devices in Homes
Blase Ur, Jaeyeon Jung, Stuart Schechter.
Workshop on Home Usable Privacy and Security (HUPS). Newcastle, UK, July 2013.
[ Paper | Slides | Press ]
WEIS
2013
Are They Actually Any Different? Comparing Thousands of Financial Institutions' Privacy Practices
Lorrie Faith Cranor, Kelly Idouchi, Pedro Giovanni Leon, Manya Sleeper, Blase Ur.
Workshop on the Economics of Information Security (WEIS). Washington, DC, June 2013.
[ Paper | Slides | Press]
(Poster)
Oakland
2013
Poster: The Art of Password Creation
Blase Ur, Saranga Komanduri, Richard Shay, Stephanos Matsumoto, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Patrick Gage Kelley, Michelle L. Mazurek, Timothy Vidas.
IEEE Symposium on Security and Privacy (Oakland). San Francisco, California, May 2013.
[ Extended Abstract | Poster ]
CHI
2013
"I read my Twitter the next morning and was astonished": A Conversational Perspective on Twitter Regrets
Manya Sleeper, Justin Cranshaw, Patrick Gage Kelley, Blase Ur, Alessandro Acquisti, Lorrie Faith Cranor, Norman Sadeh.
Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI). Paris, France, May 2013.
[ Paper ]
PSOSM
2013
A Cross-Cultural Framework for Protecting User Privacy in Online Social Media
Blase Ur and Yang Wang.
WWW Workshop on Privacy and Security in Online Social Media (PSOSM). Rio de Janeiro, Brazil. May 2013.
[ Paper | Slides ]
USENIX
;login:
Magazine
2012
Helping Users Create Better Passwords
Blase Ur, Patrick Gage Kelley, Saranga Komanduri, Joel Lee, Michael Maass, Michelle L. Mazurek, Timothy Passaro, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, Julio López.
USENIX ;login: magazine. 37(6): 51--57. December 2012.
[ Article ]
WPES
2012
What Do Online Behavioral Advertising Disclosures Communicate to Users?
Pedro G. Leon, Justin Cranshaw, Lorrie Faith Cranor, Jim Graves, Manoj Hastak, Blase Ur, Guzi Xu.
Workshop on Privacy in the Electronic Society. Raleigh, North Carolina. October 2012.
[ Paper | Pre-print Tech Report ]
USENIX
Security
2012
How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation
Blase Ur, Patrick Gage Kelley, Saranga Komanduri, Joel Lee, Michael Maass, Michelle Mazurek, Timothy Passaro, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor.
Proceedings of the 21st USENIX Security Symposium. Bellevue, Washington, August 2012.
[ Paper | Slides ]
SOUPS
2012
Smart, Useful, Scary, Creepy: Perceptions of Online Behavioral Advertising
Blase Ur, Pedro G. Leon, Lorrie Faith Cranor, Richard Shay, Yang Wang.
Proceedings of the Eighth Symposium On Usable Privacy and Security (SOUPS). Washington, D.C., July 2012.
[ Paper | Slides ]
SOUPS
2012
Correct Horse Battery Staple: Exploring the Usability of System-Assigned Passphrases
Richard Shay, Patrick Gage Kelley, Saranga Komanduri, Michelle Mazurek, Blase Ur, Timothy Vidas, Lujo Bauer, Nicholas Christin, Lorrie Faith Cranor.
Proceedings of the Eighth Symposium On Usable Privacy and Security (SOUPS). Washington, D.C., July 2012.
[ Paper ]
CHI
2012
Honorable
Mention for
Best Paper
Why Johnny Can't Opt Out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising
Pedro G. Leon, Blase Ur, Rebecca Balebako, Lorrie Faith Cranor, Richard Shay, Yang Wang.
Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI). Austin, Texas, May 2012.
[ Paper | Extended Tech Report | Press]
CHI
2012
Tag, You Can See It! Using Tags for Access Control in Photo Sharing
Peter Klemperer, Yuan Liang, Michelle Mazurek, Manya Sleeper, Blase Ur, Lujo Bauer, Lorrie Faith Cranor, Nitin Gupta, Michael Reiter.
Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI). Austin, Texas, May 2012.
[ Paper ]
W2SP
2012
Measuring the Effectiveness of Privacy Tools for Limiting Behavioral Advertising
Rebecca Balebako, Pedro Leon, Richard Shay, Blase Ur, Yang Wang, Lorrie Faith Cranor.
Web 2.0 Security and Privacy Workshop (W2SP). San Francisco, California, May 2012.
[ Paper ]
PSOSM
2012
{Privacy, Privacidad, Приватност} Policies in Social Media: Providing Translated Privacy Notice
Blase Ur, Manya Sleeper, Lorrie Faith Cranor.
WWW Workshop on Privacy and Security in Online Social Media (PSOSM). Lyon, France, April 2012.
[ Paper | Slides | Press ]
iConference
2012
Online Social Networks in a Post-Soviet State: How Hungarians Protect and Share on Facebook
Blase Ur and Yang Wang.
Proceedings of the iConference. Toronto, Ontario, Canada, February 2012.
[ Paper | Slides ]
I/S
Journal
2011
AdChoices? Compliance with Online Behavioral Advertising Notice and Choice Requirements
Saranga Komanduri, Richard Shay, Greg Norcie, Blase Ur, Lorrie Faith Cranor.
I/S: A Journal of Law and Policy for the Information Society. 7(3): 603--638. 2011.
[ Paper | Link | Extended Tech Report ]
HCII
2011
Scratchable Devices: User-Friendly Programming for Household Appliances
Jordan Ash, Monica Babes, Gal Cohen, Sameen Jalal, Sam Lichtenberg, Michael Littman, Phillip Quiza, Blase Ur, Emily Zhang.
HCI International (HCII). Orlando, Florida, July 2011.
[ Paper ]
(Poster)
Scratch
Conference
2010
Poster: Scratchable Devices: We'd Like to Teach The World to Code
Jordan Ash, Monica Babes, Gal Cohen, Sameen Jalal, Michael Littman, Luis Piloto, Phillip Quiza, Blase Ur.
Scratch@MIT. Cambridge, Massachusetts, August 2010.
[ Poster | Press ]
W2SP
2009
Evaluating Attack Amplification in Online Social Networks
Blase Ur and Vinod Ganapathy.
Web 2.0 Security and Privacy Workshop (W2SP). Oakland, California, May 2009.
[ Paper | Slides ]
Undergrad
Thesis
Privacy In Social Networking: A Usability Study
Blase Ur.
Harvard University Undergraduate Thesis. Cambridge, Massachusetts, April 2007.
[ Paper ]