Books

Usable Security

Passwords

Password Clues, The CentralNic Password Survey Report, CentralNic, 13 July 2001; www.centralnic.com/page. php?pid=73.

Password memorability and security: empirical results
Yan, J.; Blackwell, A.; Anderson, R.; Grant, A.;
Security & Privacy Magazine, IEEE
Volume 2, Issue 5, Sept.-Oct. 2004 Page(s):25 - 31

Weirich, D. and Sasse, M. A. 2001. Persuasive password security. In CHI '01 Extended Abstracts on Human Factors in Computing Systems (Seattle, Washington, March 31 - April 05, 2001). CHI '01. ACM Press, New York, NY, 139-140. DOI= http://doi.acm.org/10.1145/634067.634152

Adams, A. and Sasse, M. A. 1999. Users are not the enemy. Commun. ACM 42, 12 (Dec. 1999), 40-46. DOI= http://doi.acm.org/10.1145/322796.322806

A Convenient Method for Securely Managing Passwords
By J. Alex Halderman, Brent Waters, and Edward W. Felten
In Proceedings of the 14th International World Wide Web Conference (WWW 2005)

Sasse, M. A., Brostoff, S., and Weirich, D. 2001. Transforming the 'Weakest Link' — a Human/Computer Interaction Approach to Usable and Effective Security. BT Technology Journal 19, 3 (Jul. 2001), 122-131. DOI= http://dx.doi.org/10.1023/A:1011902718709

Sacha Brostoff and Angela Sasse. "Ten strikes and you’re out": Increasing the number of login attempts can improve password usability (revised February 18 2003). Workshop on Human-Computer Interaction and Security Systems. CHI 2003.

Qualitative

Dourish, P., Grinter, E., Delgado de la Flor, J., and Joseph, M. 2004. Security in the wild: user strategies for managing security as an everyday, practical problem. Personal Ubiquitous Comput. 8, 6 (Nov. 2004), 391-401. DOI= http://dx.doi.org/10.1007/s00779-004-0308-5

Friedman, B., Hurley, D., Howe, D. C., Nissenbaum, H., and Felten, E. 2002. Users' conceptions of risks and harms on the web: a comparative study. In CHI '02 Extended Abstracts on Human Factors in Computing Systems (Minneapolis, Minnesota, USA, April 20 - 25, 2002). CHI '02. ACM Press, New York, NY, 614-615. DOI= http://doi.acm.org/10.1145/506443.506510

Ross J. Anderson. Why cryptosystems fail. Communications of the ACM, 37(11):32--40, November 1994. http://citeseer.ist.psu.edu/anderson94why.html

Implicit Security

"Usable Access Control for the World Wide Web." Dirk Balfanz. Proceedings of the 2003 Annual Computer Security Applications Conference. Las Vegas, NV. December 2003.

"Using Speakeasy for Ad Hoc Peer-to-Peer Collaboration." W. Keith Edwards, Mark W. Newman, Jana Z. Sedivy, Trevor F Smith, Dirk Balfanz, D. K. Smetters, H. Chi Wong, and Shahram Izadi. Proceedings of ACM 2002 Conference on Computer Supported Cooperative Work (CSCW 2002). New Orleans, LA. November 2002.

Smetters, D. K. and Grinter, R. E. (2002) "Moving from the design of usable security technologies to the design of useful secure applications." New Security Paradigms Workshop. September 23-26, 2002, Virginia Beach, VA.

Interfaces

Garfinkel, S. L., Margrave, D., Schiller, J. I., Nordlander, E., and Miller, R. C. 2005. How to make secure email easier to use. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Portland, Oregon, USA, April 02 - 07, 2005). CHI '05. ACM Press, New York, NY, 701-710. DOI= http://doi.acm.org/10.1145/1054972.1055069

PERIPHERAL PRIVACY NOTIFICATIONS FOR WIRELESS NETWORKS
Braden Kowitz and Lorrie Cranor (Carnegie Mellon University)
2005 Symposium on Usable Privacy and Security (Pittsburgh, Pennsylvania, July 06 - 08, 2005).

Phishing

Dhamija, R., Tygar, J. D., and Hearst, M. 2006. Why phishing works. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Montréal, Québec, Canada, April 22 - 27, 2006). CHI '06. ACM Press, New York, NY, 581-590. DOI= http://doi.acm.org/10.1145/1124772.1124861

Wu, M., Miller, R. C., and Garfinkel, S. L. 2006. Do security toolbars actually prevent phishing attacks?. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Montréal, Québec, Canada, April 22 - 27, 2006). CHI '06. ACM Press, New York, NY, 601-610. DOI= http://doi.acm.org/10.1145/1124772.1124863

Other

Guest Editors' Introduction: Secure or Usable?
Cranor, L.F.; Garfinkel, S.;
Security & Privacy Magazine, IEEE
Volume 2, Issue 5, Sept.-Oct. 2004 Page(s):16 - 18

Scrubbing Stubborn Data: An evaluation of counter-forensic privacy tools. (draft). Cranor, L.F. and ??

Garth B. D. Shoemaker, Kori M. Inkpen. Single display privacyware: augmenting public displays with private information Proceedings of the SIGCHI conference on Human factors in computing systems, 2001

Alma Whitten and J. D. Tygar. Usability of security: A case study. Technical report, Carnegie Mellon University, December 1998.

DESIGN AND EVALUATION METHOD FOR SECURE 802.11 NETWORK CONFIGURATION
Cynthia Kuo, Vincent Goh, Adrian Tang, Adrian Perrig (Carnegie Mellon University), Jesse Walker (Intel Corporation)
2005 Symposium on Usable Privacy and Security (Pittsburgh, Pennsylvania, July 06 - 08, 2005).