Legend: Papers Presentations Videos Research Posters
Report: Authentication Diary Study – Michelle P. Steves & Mary F. Theofanos. NISTIR 7983 (2014)
Digital Identity Guidelines: Enrollment and Identity Proofing Requirements – Paul Grassi, James Fenton, Naomi Lefkovitz, Jamie Danker, Yee-Yin Choong, Kristen Greene, & Mary Theofanos. SP 800-63A (2017)
Digital Identity Guidelines: Authentication and Lifecycle Management – Paul Grassi, Elaine Newton, Ray Perliner, Andrew Regenscheid, James Fenton, William Burr, Justin Richter, Naomi Lefkovitz, Jamie Danker, Yee-Yin Choong, Kristen Greene, & Mary Theofanos. SP 800-63B (2017)
Digital Identity Guidelines: Federation and Assertions – Paul Grassi, Ellen Nadeau, Justin Richer, Sarah Squire, James Fenton, Naomi Lefkovitz, Jamie Danker, Yee-Yin Choong, Kristen Greene, & Mary Theofanos. SP 800-63C (2017)
Memory and Motor Processes of Password Entry Error - Frank Tamborello & Kristen Greene. Proceedings of the Human Factors and Ergonomics Society Annual Meeting (2016)
Password Entry Errors: Memory or Motor? - Kristen Greene & Frank Tamborello. Proceedings of the 13th International Conference on Cognitive Modeling (2015)
ACT-R Modeling of Password Entry Errors - Kristen Greene & Franklin Tamborello. Proceedings of the 24th Conference on Behavior Representation in Modeling and Simulation (2015)
Electrodermal Activity and Eye Movements Inform the Usability of Passwords - Jennifer R. Bergstrom, Kristen Greene, David C. Hawkins, & Christian Gonzalez. Proceedings of the 44th Annual Meeting of the Society for Neuroscience (2014)
Usability and Security Considerations for Public Safety Mobile Authentication - Yee-Yin Choong, Joshua M. Franklin, & Kristen Greene. NISTIR 8080 (2016)
Measuring the Usability and Security of Permuted Passwords on Mobile Platforms - Kristen Greene, John M. Kelsey, & Joshua M. Franklin. NISTIR 8040 (2016)
Tap On, Tap Off: Onscreen Keyboards and Mobile Password Entry - Kristen Greene, Joshua M. Franklin, & John M. Kelsey. Proceedings of ShmooCon (2015)
I Can't Type That! P@$$w0rd Entry on Mobile Devices - Kristen Greene, Melissa A. Gallagher, Brian C. Stanton, & Paul Y. Lee. Proceedings of HCI International (2014)
Usability of PIV Smartcards for Logical Access - Mary F. Theofanos, Emile L. Morse, Hannah Wald, Yee-Yin Choong, Celeste Paul, & Aiping L. Zhang. NISTIR 7867 (2012)
A Field Study of User Behavior and Perception in Smartcard Authentication - Emile L. Morse, Celeste L. Paul, Aiping L. Zhang, Yee-Yin Choong, & Mary F. Theofanos. Proceedings of the 13th IFIP TC13 Conference on Human-Computer Interaction (INTERACT) (2011)
PIV Pilot Usability Lessons Learned – Mary Theofanos (Nov 8, 2010)
Must I, can I? I don’t understand your ambiguous password rules – Kristen K. Greene & Yee-Yin Choong. Information and Computer Security (2017)
Secure and Usable Enterprise Authentication: Lessons from the Field - Mary F. Theofanos, Simson L. Garfinkel, & Yee-Yin Choong. IEEE Security & Privacy (2016)
What's a Special Character Anyway? Effects of Ambiguous Terminology in Password Rules - Yee-Yin Choong & Kristen Greene. Proceedings of the Human Factors and Ergonomics Society Annual Meeting (2016)
Password Usability - Yee-Yin Choong (Oct 23, 2015)
Employee Password Usability Study - Yee-Yin Choong (Sep 10, 2015)
What 4,500+ people can tell you – Employees' Attitudes toward Organizational Password Policy Do Matter - Yee-Yin Choong & Mary F. Theofanos. Proceedings of the 3rd International Conference on Human Aspects of Information Security, Privacy, and Trust (2015)
Effects of Password Permutation on Subjective Usability Across Platforms - Kristen Greene. Proceedings of HCI International (2015)
Human Generated Passwords - The Impacts of Password Requirements and Presentation Styles - Paul Y. Lee & Yee-Yin Choong. Proceedings of HCI International (2015)
The Authentication Equation: A Tool to Visualize the Convergence of Security and Usability of Text-Based Passwords - Cathryn A. Ploehn & Kristen Greene Proceedings of HCI International (2015)
Development of a Scale to Assess the Linguistic and Phonological Difficulty of Passwords - Jennifer R. Bergstrom, Stefan A. Frisch, David C. Hawkins, Joy Hackenbracht, Kristen Greene, Mary F. Theofanos, & Brian Griepentrog. Proceedings of the 6th International Conference on Cross-Cultural Design (2014)
United States Federal Employees' Password Management Behaviors – A Department of Commerce Case Study - Yee-Yin Choong, Mary F. Theofanos, & Hung-Kung Liu. NISTIR 7991 (2014)
Character Strings, Memory and Passwords: What a Recall Study Can Tell Us - Brian C. Stanton & Kristen K. Greene. Proceedings of the International Conference on Human Aspects of Information Security, Privacy, and Trust (HAS) (2014)
A Cognitive-Behavioral Framework of User Password Management Lifecycle – Yee-Yin Choong. Proceedings of HCI International (2014)
Password Policy Languages: Usable Translation from the Informal to the Formal – Michelle Steves, Mary Theofanos, Celia Paulsen, & Athos Ribeiro. Proceedings of the International Conference on Human Aspects of Information Security, Privacy, and Trust (2015)
Clear, Unambiguous Password Policies: An Oxymoron? – Michelle Steves, Kevin Killourhy, & Mary F. Theofanos Proceedings of the 6th International Conference on Cross-Cultural Design (2014)
Taxonomic Rules for Password Policies: Translating the Informal to the Formal Language - Kevin Killourhy, Yee-Yin Choong, & Mary Theofanos. NISTIR 7970 (2013)
Usability Research in Support Of Cyber-Security: A Password Policy Taxonomy – Kevin Killourhy (May 7, 2008)
“Passwords protect my stuff”— A Study of Children’s Password Practices - Yee-Yin Choong, Mary F. Theofanos, Karen Renaud, & Suzanne Prior. Journal of Cybersecurity (December 2019)
Case Study – Exploring Children’s Password Knowledge and Practices - Yee-Yin Choong, Mary F. Theofanos, Karen Renaud, & Suzanne Prior. Proceedings of the Workshop on Usable Security (USEC) at the Network and Distributed Systems Security (NDSS) Symposium (2019)
Organizational Views of NIST Cryptographic Standards and Testing and Validation Programs – Julie Haney, Mary Theofanos, Yasemin Acar, & Sandra S. Prettyman. NISTIR 8241 (2018)
"We make it a big deal in the company": Security Mindsets in Organizations that Develop Cryptographic Products - Julie M. Haney, Mary F. Theofanos, Yasemin Acar & Sandra S. Prettyman. Proceedings of the Symposium on Usable Privacy and Security (SOUPS) (2018).
Organizational Practices in Cryptographic Development and Testing - Julie M. Haney, Simson L. Garfinkel, & Mary F. Theofanos. Proceedings of the IEEE Conference on Communications and Network Security (CNS) (2017).
Usability and Key Management – Mary Theofanos (Jun 8, 2009)
Security Awareness Training for the Workforce: Moving Beyond "Check-the-box" Compliance - Julie M. Haney & Wayne Lutters. Computer (2020).
Security Awareness in Action: A Case Study [extended abstract] - Julie M. Haney & Wayne G. Lutters. 5th Workshop on Security Information Workers (WSIW) at the Symposium on Usable Privacy and Security (SOUPS) (2019).
Motivating Cybersecurity Advocates: Implications for Recruitment and Retention - Julie M. Haney & Wayne G. Lutters. ACM SIGMIS Computers & Personnel Research (2019)
"It's Scary...It's Confusing...It's Dull": How Cybersecurity Advocates Overcome Negative Perceptions of Security [presentation] - Julie Haney. Presented at FISSEA Conference (June 27, 2019)
Perceptions of Smart Home Privacy and Security Responsibility, Concerns, and Mitigations - Julie Haney, Susanne Furman, Yasemin Acar, & Mary Theofanos. Extended abstract from poster presented at Symposium on Usable Privacy and Security (SOUPS) (2019).
The Power of Qualitative Methods: Aha Moments in Exploring Cybersecurity and Trust - Brian C. Stanton, Mary F. Theofanos, Susanne M. Furman, & Sandra S. Prettyman. User Experience Magazine (2016)
No Phishing Beyond This Point - Kristen Greene, Michelle Steves, & Mary Theofanos. IEEE Computer (2018)
You've Been Phished (2018)
ISPAB presentation - User Context: An Explanatory Variable in Phishing Susceptibility - Kristen Greene, Michelle Steves, & Mary Theofanos. (June 21, 2018)
User Context: An Explanatory Variable in Phishing Susceptibility – Kristen K. Greene, Michelle P. Steves, Mary F. Theofanos, & Jennifer Kostick. Proceedings of the Workshop on Usable Security (USEC) at the Network and Distributed Systems Security (NDSS) Symposium (2018)
The New NIST Phish Scale, Revealing Why End Users Click - Shaneé Dawkins, Kristen Greene, & Jody Jacobs. Presented at SecureWorld Expo (2020)
Categorizing Human Phishing Difficulty: A Phish Scale - Michelle P. Steves, Kristen K. Greene, & Mary F. Theofanos. Journal of Cybersecurity (2020)
Introducing Phish Scale (2020)
A Phish Scale: Rating Human Phishing Message Detection Difficulty - Michelle P. Steves, Kristen K. Greene, & Mary F. Theofanos. Proceedings of the Workshop on Usable Security (USEC) at the Network and Distributed Systems Security (NDSS) Symposium (2019)
Exploratory Lens Model of Decision-Making in Potential Phishing Attack Scenario - Franklin Tamborello & Kristen Greene. NISTIR 8194 (2017)
Differential Privacy (2018)
Non-breach Privacy Events - Simson L Garfinkel & Mary Theofanos. IEEE Security & Privacy (2018)
Preserving Privacy – More Than Reading a Message - Susanne M. Furman & Mary F. Theofanos. Proceedings of the International Conference on Universal Access in Human-Computer Interaction (2014)
Is Usable Security an Oxymoron? - Mary Theofanos. IEEE Computer (2020).
Shouldn't All Security Be Usable? - Mary Frances Theofanos & Shari Lawrence Pfleeger. IEEE Security & Privacy (2011)
ISPAB Panel on Usable Security – Mary Theofanos & Ellen Kowalczyk (Oct 29, 2010)
Usability Research in Support of Cybersecurity – Mary Theofanos (May 7, 2008)
Poor Usability: The Inherent Insider Threat – Mary Theofanos (Mar 21, 2008)
Be Prepared: How US Government Experts Think About Cybersecurity - Mary F. Theofanos, Brian C. Stanton, Sandra S. Prettyman, Susanne M. Furman, & Simson L. Garfinkel. Proceedings of the Workshop on Usable Security (USEC) at the Network and Distributed Systems Security (NDSS) Symposium (2017)
Security Fatigue - Brian C. Stanton, Sandra S. Prettyman, Mary F. Theofanos, & Susanne M. Furman. IT Professional (2016)
Cybersecurity Fatigue (2016)
Privacy and Security in the Brave New World: The Use of Multiple Mental Models - Susanne M. Furman, Mary F. Theofanos, Brian C. Stanton, & Sandra S. Prettyman. Proceedings of HCI International (2015)
Basing Cybersecurity Training on User Perceptions - Susanne M. Furman, Mary Frances Theofanos, Yee-Yin Choong, & Brian Stanton. IEEE Security & Privacy (2012)
Security and Privacy: authentication, behavior, general security & privacy, privacy, security programs & operations, usability
Technologies: email
Applications: cybersecurity education, cybersecurity workforce, Internet of Things