Archive for June, 2015

Jun 30 2015

Symposium on Usable Privacy and Security at Carleton

Published by under News

SOUPS 2014

Usable Privacy and Security is the field where Human-Computer Interaction and Cybersecurity meet. The premier research conference in this area is SOUPS: the Symposium on Usable Privacy and Security. This year the conference will be held here at Carleton, July 22-24! The Local Activities Chair is Sonia Chiasson, and the Technical Program Co-Chair is Robert Biddle. The Lightning Talks and Demos Chair is Elizabeth Stobert, who recently finished her PhD and is now at ETH Zurich.


Jun 01 2015

Elizabeth Stobert, PhD

Published by under News

Screen Shot 2015-07-01 at 12.03.23 PM

2015-05-01, 3:26 PM
Today, Elizabeth Stobert successfully defended her PhD.
Congratulations Elizabeth!
Robert Biddle

Elizabeth’s Thesis: Graphical Passwords and Practical Password Management


Text passwords pose a number of difficulties for end users, who must create, remember, and manage large numbers of passwords. Users are often regarded as the weak link in security systems, but they are a crucial component of the system, and need to be better considered in the design of security products. Many password alternatives have been proposed, but none have successfully replaced ordinary text passwords, and the potential consequences of password problems grow as more information relating to work and life is stored online.

This thesis explores practical approaches to helping users select, securely reuse, and manage passwords, and investigates questions about password alternatives. The attention is on the end user, and how authentication affects these users in their daily lives. Our focus is on practical, actionable results to assist end users in their daily tasks.

The thesis begins by investigating issues of memorability with graphical passwords, and proposes the design of PassTiles, a new graphical password system that allows secure random memorable passwords to be easily assigned. This graphical password system is used to explore what type of memory retrieval best supports the memorability of graphical passwords, and the results show that cued-recall graphical passwords give an advantageous combination of memorability and usability.

Password coping strategies are next explored through interviews with end users, and investigation into the techniques that users rely on to handle current password demands. Interviews with expert users were conducted to understand how their additional expertise helps them manage the same problems faced by end users. Grounded Theory analysis led to the emergence of a password life cycle model. A survey study suggested that the coping strategies discussed in the interviews are widespread.

Finally, the thesis proposes the design of a password manager to support users’ existing coping strategies by protecting password reuse, and to securely protect users’ accounts with memorable assigned random graphical passwords.