Time: Tuesday, October 10th, 2017, 11:00 am-12:00 pm
Location: 4405 Siebel Center
Title: Helping Users Make Better Passwords Through Data-Driven Methods
Abstract: Despite decades of research into developing security advice and interfaces, users still struggle to make passwords. This talk will survey our work using data-driven methods to help users do better. I will first describe how we modeled password-guessing attacks and subsequently investigated whether users’ perceptions of password security match reality. Afterwards, I will present our design and evaluation of a user-centered, data-driven password meter. Using neural networks, we created a fast, compact, and accurate model of password guessing. We augmented this approach with carefully combined heuristics to construct a password meter that explains to users what is wrong with their password or how to improve it. Through a large-scale online study, we found that such a meter leads users to create much more secure passwords without significantly impacting memorability. I will conclude by describing ongoing work applying data-driven techniques more broadly in supporting security and privacy decisions.
Biography: Blase Ur is Neubauer Family Assistant Professor of Computer Science at the University of Chicago, where he and his students are the Security, Usability, and Privacy Education & Research group (SUPERgroup). His recent work focuses on data-driven methods to help users make better security and privacy decisions, in addition to improving the usability of complex computer systems. He received best paper awards at CHI 2017, USENIX Security 2016, and UbiComp 2014, as well as honorable mentions at CHI 2016 and CHI 2012. He holds a Ph.D. and an M.S. from Carnegie Mellon University, as well as an A.B. from Harvard University.