HomeBioPublicationsTeachingOutreachMusicTheaterPhotography
USENIX
Security
2024
Data Subjects' Reactions to Exercising their Right of Access
Arthur Borem, Elleen Pan, Olufunmilola Obielodan, Aurelie Roubinowitz, Luca Dovichi, Michelle L. Mazurek, Blase Ur.
Proceedings of the 33rd USENIX Security Symposium. Philadelphia, PA, August 2024.
[ Paper ]
USENIX
Security
2024
Why Aren't We Using Passkeys? Obstacles Companies Face Deploying FIDO2 Passwordless Authentication
Leona Lassak, Elleen Pan, Blase Ur, Maximilian Golla.
Proceedings of the 33rd USENIX Security Symposium. Philadelphia, PA, August 2024.
[ Paper | Extended Version | Press ]
PETS
2024
What Does It Mean to Be Creepy? Responses to Visualizations of Personal Browsing Activity, Online Tracking, and Targeted Ads
Nathan Reitinger, Bruce Wen, Michelle L. Mazurek, Blase Ur.
Proceedings on Privacy Enhancing Technologies 2024(3). Bristol, UK, July 2024.
[ Paper ]
EuroS&P
2024

Distinguished Paper
Award Runner-Up
Can Allowlists Capture the Variability of Home IoT Device Network Behavior?
Weijia He, Kevin Bryson, Ricardo Calderon, Vijay Prakash, Nick Feamster, Danny Yuxing Huang, Blase Ur.
Proceedings of the 9th IEEE European Symposium on Security and Privacy (EuroS&P). Vienna, Austria, July 2024.
[ Paper | Slides ]
ConPro
2024
Evaluation of Ad Transparency Systems
Kevin Bryson, Arthur Borem, Phoebe Moh, Omer Akgul, Laura Edelson, Chris Geeng, Tobias Lauinger, Michelle Mazurek, Damon McCoy, Blase Ur.
Proceedings of the 8th Workshop on Technology and Consumer Protection (ConPro). San Francisco, CA, May 2024.
[ Extended Abstract ]
CHI
2024

Best Paper
Award
JupyterLab in Retrograde: Contextual Notifications That Highlight Fairness and Bias Issues for Data Scientists
Galen Harrison, Kevin Bryson, Ahmad Emmanuel Balla Bamba, Luca Dovichi, Aleksander Herrmann Binion, Arthur Borem, Blase Ur.
Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI). Online, May 2024.
[ Paper ]
CCS
2023
Comprehension from Chaos: Towards Informed Consent for Private Computation
Bailey Kacsmar, Vasisht Duddu, Kyle Tilbury, Blase Ur, Florian Kerschbaum.
Proceedings of the 30th ACM Conference on Computer and Communications Security (CCS). Copenhagen, Denmark, November 2023.
[ Paper ]
WPES
2023
Analysis of Google Ads Settings Over Time: Updated, Individualized, Accurate, and Filtered
Nathan Reitinger, Bruce Wen, Michelle Mazurek, Blase Ur.
Proceedings of the 22nd Workshop on Privacy in the Electronic Society (WPES). Copenhagen, Denmark, November 2023.
[ Paper ]
USENIX
Security
2023

Distinguished
Paper Award
A Two-Decade Retrospective Analysis of a University's Vulnerability to Attacks Exploiting Reused Passwords
Alexandra Nisenoff, Maximilian Golla, Miranda Wei, Juliette Hainline, Hayley Szymanek, Annika Braun, Annika Hildebrandt, Blair Christensen, David Langenberg, Blase Ur.
Proceedings of the 32nd USENIX Security Symposium. Anaheim, CA, August 2023.
[ Paper | Extended Version ]
USENIX
Security
2023
Defining "Broken": User Experiences and Remediation Tactics When Ad-Blocking or Tracking-Protection Tools Break a Website's User Experience
Alexandra Nisenoff, Arthur Borem, Madison Pickering, Grant Nakanishi, Maya Thumpasery, Blase Ur.
Proceedings of the 32nd USENIX Security Symposium. Anaheim, CA, August 2023.
[ Paper ]
USENIX
;login:
Magazine
2023
Measuring the Risk Password Reuse Poses for a University
Alexandra Nisenoff, Maximilian Golla, Blase Ur.
USENIX ;login: magazine. July 27, 2023.
[ Article | Authors' Copy ]
(Poster)
SOUPS
2023
Poster: MARI: Semi-Automated, Human-in-the-Loop Redaction of Text Corpora
Emma I. C. Peterson, Valerie Zhao, Dan Byrne, Blase Ur.
Proceedings of the Nineteenth Symposium On Usable Privacy and Security (SOUPS). Anaheim, CA, August 2023.
[ Extended Abstract | Poster ]
IMWUT 2022
(UbiComp
2023)
Helping Users Debug Trigger-Action Programs
Lefan Zhang, Cyrus Zhou, Michael L. Littman, Blase Ur, Shan Lu.
Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 6, 4, Article 196, December 2022. Melbourne, Australia, September 2023.
[ Paper ]
UIST
2022
Summarizing Sets of Related ML-Driven Recommendations for Improving File Management in Cloud Storage
Will Brackenbury, Kyle Chard, Aaron Elmore, Blase Ur.
Proceedings of the 35th ACM Symposium on User Interface Software and Technology (UIST). Bend, OR, October 2022.
[ Paper ]
USENIX
Security
2022
"The Same PIN, Just Longer": On the (In)Security of Upgrading PINs from 4 to 6 Digits
Collins W. Munyendo, Philipp Markert, Alexandra Nisenoff, Miles Grant, Elena Korkes, Blase Ur, Adam J. Aviv.
Proceedings of the 31st USENIX Security Symposium. Boston, MA, August 2022.
[ Paper ]
NAACL
2022
Explaining Why: How Instructions and User Interfaces Impact Annotator Rationales When Labeling Text Data
Jamar L. Sullivan Jr., Will Brackenbury, Andrew McNutt, Kevin Bryson, Kwam Byll, Yuxin Chen, Michael L. Littman, Chenhao Tan, Blase Ur.
Proceedings of the 2022 Annual Conference of the North American Chapter of the Association for Computational Linguistics (NAACL). Seattle, WA, July 2022.
[ Paper ]
(Poster)
RLDM
2022
Supporting End Users in Defining Reinforcement-Learning Problems for Human-Robot Interactions
Valerie Zhao, Michael L. Littman, Shan Lu, Sarah Sebo, Blase Ur.
Extended Abstracts of the Fifth Multi-disciplinary Conference on Reinforcement Learning and Decision Making (RLDM). Providence, RI, June 2022.
[ Extended Abstract ]
WPES
2021
From Secure to Military-Grade: Exploring the Effect of App Descriptions on User Perceptions of Secure Messaging
Omer Akgul, Ruba Abu-Salma, Wei Bai, Elissa M. Redmiles, Michelle L. Mazurek, Blase Ur.
Proceedings of the 20th Workshop on Privacy in the Electronic Society (WPES). Online, November 2021.
[ Paper ]
UIST
2021
KondoCloud: Improving Information Management in Cloud Storage via Recommendations Based on File Similarity
Will Brackenbury, Andrew McNutt, Kyle Chard, Aaron Elmore, Blase Ur.
Proceedings of the 34th ACM Symposium on User Interface Software and Technology (UIST). Online, October 2021.
[ Paper ]
IMWUT 2021
(UbiComp
2021)
Who Am I? A Design Probe Exploring Real-Time Transparency About Online and Offline User Profiling Underlying Targeted Ads
Natã M. Barbosa, Gang Wang, Blase Ur, Yang Wang.
Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 5, 3, Article 88, September 2021. Online, September 2021.
[ Paper ]
EuroS&P
2021
SoK: Context Sensing for Access Control in the Adversarial Home IoT
Weijia He, Valerie Zhao, Olivia Morkved, Sabeeka Siddiqui, Earlence Fernandes, Josiah Hester, Blase Ur.
Proceedings of the 6th IEEE European Symposium on Security and Privacy (EuroS&P). Online, September 2021.
[ Paper ]
USENIX
Security
2021
"It's Stored, Hopefully, on an Encrypted Server": Mitigating Users' Misconceptions About FIDO2 Biometric WebAuthn
Leona Lassak, Annika Hildebrandt, Maximilian Golla, Blase Ur.
Proceedings of the 30th USENIX Security Symposium. Online, August 2021.
[ Paper | Extended Version ]
USENIX
Security
2021
Helping Users Automatically Find and Manage Sensitive, Expendable Files in Cloud Storage
Mohammad Taha Khan, Christopher Tran, Shubham Singh, Dimitri Vasilkov, Chris Kanich, Blase Ur, Elena Zheleva.
Proceedings of the 30th USENIX Security Symposium. Online, August 2021.
[ Paper ]
SOUPS
2021
Pursuing Usable and Useful Data Downloads Under GDPR/CCPA Access Rights via Co-Design
Sophie Veys, Daniel Serrano, Madison Stamos, Margot Herman, Nathan Reitinger, Michelle L. Mazurek, Blase Ur.
Proceedings of the Seventeenth Symposium On Usable Privacy and Security (SOUPS). Online, August 2021.
[ Paper ]
SOUPS
2021
User Perceptions of the Usability and Security of Smartphones as FIDO2 Roaming Authenticators
Kentrell Owens, Olabode Anise, Amanda Krauss, Blase Ur.
Proceedings of the Seventeenth Symposium On Usable Privacy and Security (SOUPS). Online, August 2021.
[ Paper ]
SOUPS
2021
On the Limited Impact of Visualizing Encryption: Perceptions of E2E Messaging Security
Christian Stransky, Dominik Wermke, Johanna Schrader, Nicolas Huaman, Yasemin Acar, Anna Lena Fehlhaber, Miranda Wei, Blase Ur, Sascha Fahl.
Proceedings of the Seventeenth Symposium On Usable Privacy and Security (SOUPS). Online, August 2021.
[ Paper ]
SIGIR
2021
Files of a Feather Flock Together? Measuring and Modeling How Users Perceive File Similarity in Cloud Storage
Will Brackenbury, Galen Harrison, Kyle Chard, Aaron Elmore, Blase Ur.
Proceedings of the 44th International ACM SIGIR Conference on Research and Development in Information Retrieval (SIGIR). Online, July 2021.
[ Paper ]
UMAP
2021
Do Users Have Contextual Preferences for Smartphone Power Management?
Sophie Welber, Valerie Zhao, Claire Dolin, Olivia Morkved, Henry Hoffmann, Blase Ur.
Proceedings of the 29th Conference on User Modeling, Adaptation and Personalization (UMAP). Online, June 2021.
[ Paper ]
ICWSM
2021
Perceptions of Retrospective Edits, Changes, and Deletion on Social Media
Günce Su Yılmaz, Fiona Gasaway, Blase Ur, Mainack Mondal.
Proceedings of the Fifteenth International AAAI Conference on Web and Social Media (ICWSM). Online, June 2021.
[ Paper ]
CHI
2021

Honorable
Mention
Award
Understanding Trigger-Action Programs Through Novel Visualizations of Program Differences
Valerie Zhao, Lefan Zhang, Bo Wang, Michael L. Littman, Shan Lu, Blase Ur.
Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI). Online, May 2021.
[ Paper ]
CHI
2021

Honorable
Mention
Award
Understanding the Security and Privacy Advice Given to Black Lives Matter Protesters
Maia J. Boyd, Jamar L. Sullivan Jr., Marshini Chetty, Blase Ur.
Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI). Online, May 2021.
[ Paper ]
IMWUT 2020
(UbiComp
2020)
Trace2TAP: Synthesizing Trigger-Action Programs From Traces of Behavior
Lefan Zhang, Weijia He, Olivia Morkved, Valerie Zhao, Michael L. Littman, Shan Lu, Blase Ur.
Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 4, 3, Article 104, September 2020. Online, September 2020.
[ Paper ]
USENIX
Security
2020
What Twitter Knows: Characterizing Ad Targeting Practices, User Perceptions, and Ad Explanations Through Users' Own Twitter Data
Miranda Wei, Madison Stamos, Sophie Veys, Nathan Reitinger, Justin Goodman, Margot Herman, Dorota Filipczuk, Ben Weinshel, Michelle L. Mazurek, Blase Ur.
Proceedings of the 29th USENIX Security Symposium. Online, August 2020.
[ Paper | Appendix ]
WAY
2020
A Framework For Evaluating the Usability and Security of Smartphones as FIDO2 Roaming Authenticators
Kentrell Owens, Blase Ur, Olabode Anise.
Proceedings of the Who Are You?! Adventures in Authentication 2020 Workshop (WAY). Online, August 2020.
[ Paper ]
ConPro
2020
Designing Visualization and Exploration Tools for Data Access Under GDPR/CCPA
Sophie Veys, Madison Stamos, Nathan Reitinger, Michelle L. Mazurek, Blase Ur.
Proceedings of the 4th Workshop on Technology and Consumer Protection (ConPro). Online, May 2020.
[ Paper ]
CHI
2020

Honorable
Mention
Award
Taking Data Out of Context to Hyper-Personalize Ads: Crowdworkers' Privacy Perceptions and Decisions to Disclose Private Information
Julia Hanson, Miranda Wei, Sophie Veys, Matthew Kugler, Lior Strahilevitz, Blase Ur.
Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI). Online, April 2020.
[ Paper ]
(Poster)
CHI
2020
LBW
Visualizing Differences to Improve End-User Understanding of Trigger-Action Programs
Valerie Zhao, Lefan Zhang, Bo Wang, Shan Lu, Blase Ur.
Extended Abstracts of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI LBW). Online, April 2020.
[ Extended Abstract ]
FAT*
2020
An Empirical Study on the Perceived Fairness of Realistic, Imperfect Machine Learning Models
Galen Harrison, Julia Hanson, Christine Jacinto, Julio Ramirez, Blase Ur.
Proceedings of the 2020 Conference on Fairness, Accountability, and Transparency (FAT*). Barcelona, Spain, January 2020.
[ Paper ]
CCS
2019
Oh, the Places You've Been! User Reactions to Longitudinal Transparency About Third-Party Web Tracking and Inferencing
Ben Weinshel, Miranda Wei, Mainack Mondal, Euirim Choi, Shawn Shan, Claire Dolin, Michelle L. Mazurek, Blase Ur.
Proceedings of the 26th ACM Conference on Computer and Communications Security (CCS). London, UK, November 2019.
[ Paper | Code ]
CCS
2019
Moving Beyond Set-It-And-Forget-It Privacy Settings on Social Media
Mainack Mondal, Günce Su Yılmaz, Noah Hirsch, Mohammad Taha Khan, Michael Tang, Christopher Tran, Chris Kanich, Blase Ur, Elena Zheleva.
Proceedings of the 26th ACM Conference on Computer and Communications Security (CCS). London, UK, November 2019.
[ Paper ]
INTERACT
2019
Evidence Humans Provide When Explaining Data-Labeling Decisions
Judah Newman, Bowen Wang, Valerie Zhao, Amy Zeng, Michael L. Littman, Blase Ur.
Proceedings of the 17th IFIP TC.13 International Conference on Human-Computer Interaction (INTERACT). Paphos, Cyprus, September 2019.
[ Paper ]
IEEE S&P
2019
Reasoning Analytically About Password-Cracking Software
Enze Liu, Amanda Nakanishi, Maximilian Golla, David Cash, Blase Ur.
Proceedings of the 40th IEEE Symposium on Security and Privacy (S&P / "Oakland"). San Francisco, CA, May 2019.
[ Paper | Video preview | Code ]
SafeThings
2019
When Smart Devices Are Stupid: Negative Experiences Using Home Smart Devices
Weijia He, Jesse Martinez, Roshni Padhi, Lefan Zhang, Blase Ur.
Proceedings of the IEEE Workshop on the Internet of Safe Things (SafeThings). San Francisco, CA, May 2019.
[ Paper ]
ConPro
2019
Towards Considering and Documenting Algorithmic Fairness in the Data Science Workflow
Galen Harrison, Julia Hanson, Blase Ur.
Proceedings of the 3rd Workshop on Technology and Consumer Protection (ConPro). San Francisco, CA, May 2019.
[ Paper ]
CHI
2019
How Users Interpret Bugs in Trigger-Action Programming
Will Brackenbury, Abhimanyu Deora, Jillian Ritchey, Jason Vallee, Weijia He, Guan Wang, Michael L. Littman, Blase Ur.
Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI). Glasgow, UK, May 2019.
[ Paper | Appendix (regression tables, survey instrument) ]
ICSE
2019
AutoTap: Synthesizing and Repairing Trigger-Action Programs Using LTL Properties
Lefan Zhang, Weijia He, Jesse Martinez, Noah Brackenbury, Shan Lu, Blase Ur.
Proceedings of the 41st ACM/IEEE International Conference on Software Engineering (ICSE). Montreal, QC, Canada, May 2019.
[ Paper ]
CCS
2018
"What was that site doing with my Facebook password?" Designing Password-Reuse Notifications
Maximilian Golla, Miranda Wei, Juliette Hainline, Lydia Filipe, Markus Dürmuth, Elissa M. Redmiles, Blase Ur.
Proceedings of the 25th ACM Conference on Computer and Communications Security (CCS). Toronto, ON, Canada, October 2018.
[ Paper ]
USENIX
Security
2018
Rethinking Access Control and Authentication for the Home Internet of Things (IoT)
Weijia He, Maximilian Golla, Roshni Padhi, Jordan Ofek, Markus Dürmuth, Earlence Fernandes, Blase Ur.
Proceedings of the 27th USENIX Security Symposium. Baltimore, MD, August 2018.
[ Paper | Press ]
WAY
2018
The Password Doesn't Fall Far: How Service Influences Password Choice
Miranda Wei, Maximilian Golla, Blase Ur.
Proceedings of the Who Are You?! Adventures in Authentication 2018 Workshop (WAY). Baltimore, MD, August 2018.
[ Paper ]
FOCI
2018
Exploring User Mental Models of End-to-End Encrypted Communication Tools
Ruba Abu-Salma, Elissa M. Redmiles, Blase Ur, Miranda Wei.
Proceedings of the 8th USENIX Workshop on Free and Open Communications on the Internet (FOCI). Baltimore, MD, August 2018.
[ Paper | Press ]
WSSP
2018
Clap On, Clap Off: Usability of Authentication Methods in the Smart Home
Weijia He, Juliette Hainline, Roshni Padhi, Blase Ur.
Proceedings of the Interactive Workshop on the Human Aspect of Smarthome Security and Privacy (WSSP). Baltimore, MD, August 2018.
[ Paper ]
(Poster)
SOUPS
2018
Poster: Making Retrospective Data Management Usable
Noah Hirsch, Chris Kanich, Mohammad Taha Khan, Xuefeng Liu, Mainack Mondal, Michael Tang, Christopher Tran, Blase Ur, William Wang, Günce Su Yilmaz, Elena Zheleva.
Proceedings of the Fourteenth Symposium On Usable Privacy and Security (SOUPS). Baltimore, MD, August 2018.
[ Extended Abstract | Poster ]
HILDA
2018
Draining the Data Swamp: A Similarity-based Approach
Will Brackenbury, Rui Liu, Mainack Mondal, Aaron Elmore, Blase Ur, Kyle Chard, Michael J. Franklin.
Proceedings of the Workshop on Human-In-the-Loop Data Analytics (HILDA). Houston, TX, June 2018.
[ Paper ]
CHI
2018
Unpacking Perceptions of Data-Driven Inferences Underlying Online Targeting and Personalization
Claire Dolin, Ben Weinshel, Shawn Shan, Chang Min Hahn, Euirim Choi, Michelle L. Mazurek, Blase Ur.
Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI). Montreal, QC, Canada, April 2018.
[ Paper | Slides | Video preview ]
CHI
2018
Forgotten But Not Gone: Identifying the Need for Longitudinal Data Management in Cloud Storage
Mohammad Taha Khan, Maria Hyun, Chris Kanich, Blase Ur.
Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI). Montreal, QC, Canada, April 2018.
[ Paper ]
WWW
2018
Your Secrets Are Safe: How Browsers' Explanations Impact Misconceptions About Private Browsing Mode
Yuxi Wu, Panya Gupta, Miranda Wei, Yasemin Acar, Sascha Fahl, Blase Ur.
Proceedings of the Web Conference (WWW). Lyon, France, April 2018.
[ Paper | Slides | Press ]
USENIX
;login:
Magazine
2017
Better Passwords Through Science (And Neural Networks)
William Melicher, Blase Ur, Sean M. Segreti, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor.
USENIX ;login: magazine. 42(4). Winter 2017.
[ Article ]
USENIX
Security
2017
SmartAuth: User-Centered Authorization for the Internet of Things
Yuan Tian, Nan Zhang, Yueh-Hsun Lin, Xiaofeng Wang, Blase Ur, Xianzheng Guo, Patrick Tague.
Proceedings of the 26th USENIX Security Symposium. Vancouver, BC, Canada, August 2017.
[ Paper ]
SOUPS
2017
Diversify to Survive: Making Passwords Stronger with Adaptive Policies
Sean M. Segreti, William Melicher, Saranga Komanduri, Darya Melicher, Richard Shay, Blase Ur, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Michelle L. Mazurek.
Proceedings of the Thirteenth Symposium On Usable Privacy and Security (SOUPS). Santa Clara, CA, July 2017.
[ Paper ]
(Poster)
SOUPS
2017

Distinguished
Poster
Award
Poster: Data-Driven Transparency About Online Tracking
Euirim Choi, Claire Dolin, Aaron Goldman, Chang Min Hahn, Shawn Shan, Ben Weinshel, Michelle L. Mazurek, Blase Ur.
Proceedings of the Thirteenth Symposium On Usable Privacy and Security (SOUPS). Santa Clara, CA, July 2017.
[ Extended Abstract | Poster ]
(Poster)
SOUPS
2017
Poster: Poking at the Cloud: Identifying Factors Behind Selective Cloud Uploading
Amanda Aizuss, Max Chen, Galen Harrison, Sotiri Komissopoulos, Blase Ur.
Proceedings of the Thirteenth Symposium On Usable Privacy and Security (SOUPS). Santa Clara, CA, July 2017.
[ Extended Abstract | Poster ]
CHI
2017

Best Paper
Award
Design and Evaluation of a Data-Driven Password Meter
Blase Ur, Felicia Alfieri, Maung Aung, Lujo Bauer, Nicolas Christin, Jessica Colnago, Lorrie Faith Cranor, Henry Dixon, Pardis Emami Naeini, Hana Habib, Noah Johnson, William Melicher.
Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI). Denver, CO, May 2017.
[ Paper | Supplementary Material | Demo | Slides | Video preview | Code | Press ]
CHI
2017
Can Unicorns Help Users Compare Crypto Key Fingerprints?
Joshua Tan, Lujo Bauer, Joseph Bonneau, Lorrie Faith Cranor, Jeremy Thomas, Blase Ur.
Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI). Denver, CO, May 2017.
[ Paper | Video preview | The CryptoCorn on Twitter ]
USEC
2017
Password Creation in the Presence of Blacklists
Hana Habib, Jessica Colnago, William Melicher, Blase Ur, Sean Segreti, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor.
Proceedings of the NDSS Workshop on Usable Security 2017 (USEC). San Diego, CA, February 2017.
[ Paper ]
PhD
Thesis
Supporting Password-Security Decisions with Data
Blase Ur.
Carnegie Mellon University PhD Thesis. Pittsburgh, Pennsylvania, September 2016.
[ Paper ]
USENIX
Security
2016

Best Paper
Award
Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks
William Melicher, Blase Ur, Sean M. Segreti, Saranga Komanduri, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor.
Proceedings of the 25th USENIX Security Symposium. Austin, TX, August 2016.
[ Paper | Video preview | Code ]
CHI
2016
Honorable
Mention
Award
Do Users' Perceptions of Password Security Match Reality?
Blase Ur, Jonathan Bees, Sean M. Segreti, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor.
Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI). San Jose, CA, May 2016.
[ Paper | Slides | Video preview | Press ]
CHI
2016
Trigger-Action Programming in the Wild: An Analysis of 200,000 IFTTT Recipes
Blase Ur, Melwyn Pak Yong Ho, Stephen Brawner, Jiyun Lee, Sarah Mennicken, Noah Picard, Diane Schulze, Michael L. Littman.
Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI). San Jose, CA, May 2016.
[ Paper | Slides | Video preview ]
CHI
2016
Usability and Security of Text Passwords on Mobile Devices
William Melicher, Darya Kurilova, Sean M. Segreti, Pranshu Kalvani, Richard Shay, Blase Ur, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Michelle L. Mazurek.
Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI). San Jose, CA, May 2016.
[ Paper ]
TWEB
2016
A Large-Scale Evaluation of U.S. Financial Institutions' Standardized Privacy Notices
Lorrie Faith Cranor, Pedro Giovanni Leon, Blase Ur.
ACM Transactions on the Web (TWEB) 10(3):17. 2016.
[ Paper ]
TISSEC
2016
Designing Password Policies for Strength and Usability
Richard Shay, Saranga Komanduri, Adam L. Durity, Philip (Seyoung) Huh, Michelle L. Mazurek, Sean M. Segreti, Blase Ur, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor.
ACM Transactions on Information and System Security (TISSEC) 18(4):13. 2016.
[ Paper ]
USEC
2016
Watching Them Watching Me: Browser Extensions' Impact on User Privacy Awareness and Concern
Florian Schaub, Aditya Marella, Pranshu Kalvani, Blase Ur, Chao Pan, Emily Forney, Lorrie Faith Cranor.
Proceedings of the NDSS Workshop on Usable Security 2016 (USEC). San Diego, California, February 2016.
[ Paper ]
SPSM
2015
Supporting Privacy-Conscious App Update Decisions with User Reviews
Yuan Tian, Bin Liu, Weisi Dai, Blase Ur, Patrick Tague, and Lorrie Faith Cranor.
Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices. Denver, CO, October 2015.
[ Paper ]
USENIX
Security
2015
Measuring Real-World Accuracies and Biases in Modeling Password Guessability
Blase Ur, Sean M. Segreti, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Saranga Komanduri, Darya Kurilova, Michelle L. Mazurek, William Melicher, Richard Shay.
Proceedings of the 24th USENIX Security Symposium. Washington, DC, August 2015.
[ Paper | Slides | Video preview | Password Guessability Service ]
SOUPS
2015
"I Added '!' at the End to Make It Secure": Observing Password Creation in the Lab
Blase Ur, Fumiko Noma, Jonathan Bees, Sean M. Segreti, Richard Shay, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor.
Proceedings of the Eleventh Symposium On Usable Privacy and Security (SOUPS). Ottawa, Canada, July 2015.
[ Paper | Slides ]
CHI
2015
A Spoonful of Sugar? The Impact of Guidance and Feedback on Password-Creation Behavior
Richard Shay, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Alain Forget, Saranga Komanduri, Michelle L. Mazurek, William Melicher, Sean M. Segreti, Blase Ur.
Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI). Seoul, South Korea, April 2015.
[ Paper | Slides | Press ]
USEC
2015
Biometric Authentication on iPhone and Android: Usability, Perceptions, and Influences on Adoption
Chandrasekhar Bhagavatula, Blase Ur, Kevin Iacovino, Su Mon Kywe, Lorrie Faith Cranor, Marios Savvides.
Proceedings of the NDSS Workshop on Usable Security 2015 (USEC). San Diego, California, February 2015.
[ Paper | Slides ]
UbiComp
2014

Best Paper
Award
Intruders Versus Intrusiveness: Teens' and Parents' Perspectives on Home-Entryway Surveillance
Blase Ur, Jaeyeon Jung, Stuart Schechter.
Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp). Seattle, Washington, September 2014.
[ Paper | Slides ]
SOUPS
2014
Parents' and Teens' Perspectives on Privacy In a Technology-Filled World
Lorrie Faith Cranor, Adam L. Durity, Abigail Marsh, Blase Ur.
Proceedings of the Tenth Symposium On Usable Privacy and Security (SOUPS). Mountain View, California, July 2014.
[ Paper ]
CHI
2014
Practical Trigger-Action Programming in the Smart Home
Blase Ur, Elyse McManus, Melwyn Pak Yong Ho, Michael L. Littman.
Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI). Toronto, ON, Canada, April 2014.
[ Paper | Slides | Video preview | Press ]
CHI
2014
Can long passwords be secure and usable?
Richard Shay, Saranga Komanduri, Adam L. Durity, Philip (Seyoung) Huh, Michelle L. Mazurek, Sean M. Segreti, Blase Ur, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor.
Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI). Toronto, ON, Canada, April 2014.
[ Paper ]
Book
Chapter
(2014)
Chapter 5: Tracking and Surveillance
Lorrie Faith Cranor, Manya Sleeper, Blase Ur.
Introduction to IT Privacy: A Handbook for Technologists. (Travis Breaux, Executive Editor.) IAPP, 2014.
[ Unedited first draft ]
CCS
2013
Measuring Password Guessability for an Entire University
Michelle Mazurek, Saranga Komanduri, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Patrick Gage Kelley, Richard Shay, Blase Ur.
Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS). Berlin, Germany, November 2013.
[ Paper | Press ]
WPES
2013
The Post Anachronism: The Temporal Dimension of Facebook Privacy
Lujo Bauer, Lorrie Faith Cranor, Saranga Komanduri, Michelle L. Mazurek, Michael K. Reiter, Manya Sleeper, Blase Ur.
Proceedings of the 12th Workshop on Privacy in the Electronic Society. Berlin, Germany, November 2013.
[ Paper | Slides ]
I/S
Journal
2013
{Privacy, Privacidad, Приватност} Policies in Social Media: Providing Translated Privacy Notice
Blase Ur, Manya Sleeper, Lorrie Faith Cranor.
I/S: A Journal of Law and Policy for the Information Society. 9(2): 201--243. Summer 2013
[ Paper | Link | How to cite in bibtex ]
SOUPS
2013
What Matters to Users? Factors that Affect Users’ Willingness to Share Information with Online Advertisers
Pedro G. Leon, Blase Ur, Yang Wang, Manya Sleeper, Rebecca Balebako, Richard Shay, Lujo Bauer, Mihai Christodorescu, Lorrie Faith Cranor.
Proceedings of the Ninth Symposium On Usable Privacy and Security (SOUPS). Newcastle, UK, July 2013.
[ Paper ]
HUPS
2013
The Current State of Access Control for Smart Devices in Homes
Blase Ur, Jaeyeon Jung, Stuart Schechter.
Workshop on Home Usable Privacy and Security (HUPS). Newcastle, UK, July 2013.
[ Paper | Slides | Press ]
WEIS
2013
Are They Actually Any Different? Comparing Thousands of Financial Institutions' Privacy Practices
Lorrie Faith Cranor, Kelly Idouchi, Pedro Giovanni Leon, Manya Sleeper, Blase Ur.
Workshop on the Economics of Information Security (WEIS). Washington, DC, June 2013.
[ Paper | Slides | Press]
(Poster)
IEEE S&P
2013
Poster: The Art of Password Creation
Blase Ur, Saranga Komanduri, Richard Shay, Stephanos Matsumoto, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Patrick Gage Kelley, Michelle L. Mazurek, Timothy Vidas.
IEEE Symposium on Security and Privacy (Oakland). San Francisco, California, May 2013.
[ Extended Abstract | Poster ]
CHI
2013
"I read my Twitter the next morning and was astonished": A Conversational Perspective on Twitter Regrets
Manya Sleeper, Justin Cranshaw, Patrick Gage Kelley, Blase Ur, Alessandro Acquisti, Lorrie Faith Cranor, Norman Sadeh.
Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI). Paris, France, May 2013.
[ Paper ]
PSOSM
2013
A Cross-Cultural Framework for Protecting User Privacy in Online Social Media
Blase Ur and Yang Wang.
WWW Workshop on Privacy and Security in Online Social Media (PSOSM). Rio de Janeiro, Brazil. May 2013.
[ Paper | Slides ]
USENIX
;login:
Magazine
2012
Helping Users Create Better Passwords
Blase Ur, Patrick Gage Kelley, Saranga Komanduri, Joel Lee, Michael Maass, Michelle L. Mazurek, Timothy Passaro, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, Julio López.
USENIX ;login: magazine. 37(6): 51--57. December 2012.
[ Article ]
WPES
2012
What Do Online Behavioral Advertising Disclosures Communicate to Users?
Pedro G. Leon, Justin Cranshaw, Lorrie Faith Cranor, Jim Graves, Manoj Hastak, Blase Ur, Guzi Xu.
Proceedings of the 11th Workshop on Privacy in the Electronic Society. Raleigh, North Carolina. October 2012.
[ Paper | Pre-print Tech Report ]
USENIX
Security
2012
How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation
Blase Ur, Patrick Gage Kelley, Saranga Komanduri, Joel Lee, Michael Maass, Michelle Mazurek, Timothy Passaro, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor.
Proceedings of the 21st USENIX Security Symposium. Bellevue, Washington, August 2012.
[ Paper | Slides ]
SOUPS
2012
Smart, Useful, Scary, Creepy: Perceptions of Online Behavioral Advertising
Blase Ur, Pedro G. Leon, Lorrie Faith Cranor, Richard Shay, Yang Wang.
Proceedings of the Eighth Symposium On Usable Privacy and Security (SOUPS). Washington, D.C., July 2012.
[ Paper | Slides ]
SOUPS
2012
Correct Horse Battery Staple: Exploring the Usability of System-Assigned Passphrases
Richard Shay, Patrick Gage Kelley, Saranga Komanduri, Michelle Mazurek, Blase Ur, Timothy Vidas, Lujo Bauer, Nicholas Christin, Lorrie Faith Cranor.
Proceedings of the Eighth Symposium On Usable Privacy and Security (SOUPS). Washington, D.C., July 2012.
[ Paper ]
CHI
2012
Honorable
Mention
Award
Why Johnny Can't Opt Out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising
Pedro G. Leon, Blase Ur, Rebecca Balebako, Lorrie Faith Cranor, Richard Shay, Yang Wang.
Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI). Austin, Texas, May 2012.
[ Paper | Extended Tech Report | Press]
CHI
2012
Tag, You Can See It! Using Tags for Access Control in Photo Sharing
Peter Klemperer, Yuan Liang, Michelle Mazurek, Manya Sleeper, Blase Ur, Lujo Bauer, Lorrie Faith Cranor, Nitin Gupta, Michael Reiter.
Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI). Austin, Texas, May 2012.
[ Paper ]
W2SP
2012
Measuring the Effectiveness of Privacy Tools for Limiting Behavioral Advertising
Rebecca Balebako, Pedro Leon, Richard Shay, Blase Ur, Yang Wang, Lorrie Faith Cranor.
Web 2.0 Security and Privacy Workshop (W2SP). San Francisco, California, May 2012.
[ Paper ]
PSOSM
2012
{Privacy, Privacidad, Приватност} Policies in Social Media: Providing Translated Privacy Notice
Blase Ur, Manya Sleeper, Lorrie Faith Cranor.
WWW Workshop on Privacy and Security in Online Social Media (PSOSM). Lyon, France, April 2012.
[ Paper | Slides | Press | How to cite in bibtex ]
iConference
2012
Online Social Networks in a Post-Soviet State: How Hungarians Protect and Share on Facebook
Blase Ur and Yang Wang.
Proceedings of the iConference. Toronto, Ontario, Canada, February 2012.
[ Paper | Slides ]
I/S
Journal
2011
AdChoices? Compliance with Online Behavioral Advertising Notice and Choice Requirements
Saranga Komanduri, Richard Shay, Greg Norcie, Blase Ur, Lorrie Faith Cranor.
I/S: A Journal of Law and Policy for the Information Society. 7(3): 603--638. 2011.
[ Paper | Link | Extended Tech Report ]
HCII
2011
Scratchable Devices: User-Friendly Programming for Household Appliances
Jordan Ash, Monica Babes, Gal Cohen, Sameen Jalal, Sam Lichtenberg, Michael Littman, Phillip Quiza, Blase Ur, Emily Zhang.
HCI International (HCII). Orlando, Florida, July 2011.
[ Paper ]
(Poster)
Scratch
Conference
2010
Poster: Scratchable Devices: We'd Like to Teach The World to Code
Jordan Ash, Monica Babes, Gal Cohen, Sameen Jalal, Michael Littman, Luis Piloto, Phillip Quiza, Blase Ur.
Scratch@MIT. Cambridge, Massachusetts, August 2010.
[ Poster | Press ]
W2SP
2009
Evaluating Attack Amplification in Online Social Networks
Blase Ur and Vinod Ganapathy.
Web 2.0 Security and Privacy Workshop (W2SP). Oakland, California, May 2009.
[ Paper | Slides ]
Undergrad
Thesis
Privacy In Social Networking: A Usability Study
Blase Ur.
Harvard University Undergraduate Thesis. Cambridge, Massachusetts, April 2007.
[ Paper ]