A record of my academic addiction and occasional relapses
David Ng, Jacky Ho, Christian Hercules, Cristian Bravo-Lillo, and Stuart Schechter. Do Password Managers Improve Password Hygiene?, Harvard University Tech Report, 2022
Stuart Schechter and Cormac Herley, The Binomial Ladder Frequency Filter and its Application to Shared Secrets., 2018
Yuan Tian, Cormac Herley, and Stuart Schechter, Using Guessed Passwords to Thwart Online Password Guessing in 2019 IEEE European Symposium on Security and Privacy.
Cormac Herley and Stuart Schechter, Distinguishing Attacks from Legitimate Authentication Traffic at Scale in 2019 Network and Distributed Systems Security (NDSS) Symposium.
Henry Corrigan-Gibbs, Dan Boneh, and Stuart Schechter, Balloon Hashing: A Memory-Hard Function Providing Provable Protection Against Sequential Attacks in AsiaCrypt 2016, December 2016.
Sauvik Das, Jason Hong, and Stuart Schechter, Testing Computer-Aided Mnemonics and Feedback for Fast Memorization of High-Value Secrets in 2016 Usable Security (USEC) Workshop, 21 February 2016.
Stuart Schechter and Joseph Bonneau, Learning Assigned Secrets for Unlocking Mobile Devices in Symposium On Usable Privacy and Security, USENIX – Advanced Computing Systems Association, 22 July 2015.
Blase Ur, Jaeyeon Jung, and Stuart Schechter, Intruders Versus Intrusiveness: Teens’ and Parents’ Perspectives on Home-Entryway Surveillance in 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp 2014), 15 September 2014
Joseph Bonneau and Stuart Schechter, Towards reliable storage of 56-bit secrets in human memory in Proceedings of the 23rd USENIX Security Symposium, USENIX, 20 August 2014
Saranga Komanduri, Rich Shay, Lorrie Cranor, Cormac Herley, and Stuart Schechter, Telepathwords: preventing weak passwords by reading users’ minds in Proceedings of the 23rd USENIX Security Symposium, USENIX, 20 August 2014
Stuart Schechter and Cristian Bravo-Lillo, Using Ethical-Response Surveys to Identify Sources of Disapproval and Concern with Facebook’s Emotional Contagion Experiment and Other Controversial Studies, 10 July 2024
Cristian Bravo-Lillo, Lorrie Cranor, Saranga Komanduri, Stuart Schechter, and Manya Sleeper, Harder to Ignore? Revisiting Pop-Up Fatigue and Approaches to Prevent It in Symposium On Usable Privacy and Security, USENIX, 9 July 2014
Blase Ur, Jaeyeon Jung, and Stuart Schechter, The Current State of Access Control for Smart Devices in Homes in Workshop on Home Usable Privacy and Security (HUPS), July 2014
Stuart Schechter, The User IS the Enemy, and (S)he Keeps Reaching for that Bright Shiny Power Button! in Proceedings of the Workshop on Home Usable Privacy and Security (HUPS), 24 July 2013
Cristian Bravo-Lillo, Lorrie Cranor, Julie Downs, Saranga Komanduri, Robert Reeder, Stuart Schechter, and Manya Sleeper, Your Attention Please: Designing Security-Decision UIs to Make Genuine Risks Harder to Ignore in Symposium On Usable Privacy and Security, , 24 July 2013
Cormac Herley and Stuart Schechter, Breaking Our Password Hash Habit: Why the sharing of users’ password choices for defensive analysis is an underprovisioned social good, and what we can do to encourage it in Workshop on the Economics of Information Security, 11 June 2013
Cristian Bravo-Lillo, Serge Egelman, Cormac Herley, Stuart Schechter, and Janice Tsai, You Needn’t Build That: Reusable Ethics-Compliance Infrastructure for Human Subjects Research in Cyber-security Research Ethics Dialog & Strategy Workshop (CREDS 2013), Microsoft Research, 23 May 2013
Cristian Bravo-Lillo, Lorrie Cranor, Julie Downs, Saranga Komanduri, Stuart Schechter, and Manya Sleeper, Operating system framed in case of mistaken identity: Measuring the success of web-based spoofing attacks on OS password-entry dialogs in Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS), ACM, 18 October 2012
Lin-Shung Huang, Alex Moshchuk, Helen J. Wang, Stuart Schechter, and Collin Jackson, Clickjacking: Attacks and Defenses in Proceedings of the 21st USENIX Security Symposium, USENIX, August 2012
Eiji Hayashi, Oriana Riva, Karin Strauss, AJ Brush, and Stuart Schechter, Goldilocks and the Two Mobile Devices: Going Beyond All-Or-Nothing Access to a Device’s Applications in Symposium On Usable Privacy and Security, ACM, 12 July 2012
Peter Hornyack, Seungyeop Han, Jaeyeon Jung, Stuart Schechter, and David Wetherall, These Aren’t the Droids You’re Looking For: Retrofitting Android to Protect Data from Imperious Applications in Proceedings of the 18th ACM Conference on Computer and Communications Security (ACM CCS), ACM, 17 October 2011
David Wetherall, David Choffnes, Seungyeop Han, Peter Hornyack, Jaeyeon Jung, Stuart Schechter, and Xiao Wang, Privacy Revelations for Web and Mobile Apps in Proceedings of Hot Topics in Operating Systems (HotOS), USENIX, 10 May 2011
Robert W. Reeder and Stuart Schechter, When the Password Doesn’t Work: Secondary Authentication for Websites in IEEE Security and Privacy, vol. 9, no. 2, pp. 43–49, IEEE, March 2011
Stuart Schechter, Cormac Herley, and Michael Mitzenmacher. Popularity is Everything: A new approach to protecting passwords from statistical-guessing attacks The 5th USENIX Workshop on Hot Topics in Security (HotSec ‘10), Washington, DC. 10 August 2010.
Stuart Schechter. Security that is Meant to be Skin Deep: Using Ultraviolet Micropigmentation to Store Emergency-Access Keys for Implantable Medical Devices USENIX HealthSec 2010, Washington, DC. 10 August 2010.
Stuart Schechter, Gabriel Loh, Karin Strauss, and Doug Burger. Use ECP, not ECC, for Hard Failures in Resistive Memories Proceedings of the 37th International Symposium on Computer Architecture, St. Malo, France. 21 June 2010.
David Molnar and Stuart Schechter, Self Hosting vs. Cloud Hosting: Accounting for the security impact of hosting in the cloud Proceedings of the Ninth Workshop on the Economics of Information Security (WEIS 2010), Cambridge, MA. 8 June 2010.
Jon Howell and Stuart Schechter. What You See is What They Get: Protecting users from unwanted use of microphones, cameras, and other sensors Web 2.0 Security and Privacy, Berkeley, CA. 20 May 2010.
Maritza Johnson, Steven M. Bellovin, Robert W. Reeder, and Stuart Schechter. Laissez-faire file sharing: Access control designed for individuals at the endpoints New Security Paradigms Workshop, Oxford, UK. September 2009.
Stuart Schechter and Robert W. Reeder. 1 + 1 = You: Measuring the comprehensibility of metaphors for configuring backup authentication The 2009 Symposium on Usable Privacy and Security (SOUPS), Mountain View, CA. July 2009.
Stuart Schechter, A. J. Bernheim Brush, and Serge Egelman. It’s no secret: Measuring the security and reliability of authentication via ‘secret’ questions, The 2009 IEEE Symposium on Security and Privacy, Berkeley, CA. May 2009.
Stuart Schechter, Serge Egelman, and Robert W. Reeder. [It’s Not What You Know, But Who You Know: A social approach to last-resort authentication] (https://research.microsoft.com/pubs/79349/paper1459-schechter.pdf), The twenty-seventh annual SIGCHI conference on Human factors in computing systems, Boston, MA. April 2009.
Amy K. Karlson, A.J. Bernheim Brush, and Stuart Schechter. Can I Borrow Your Phone? Understanding Concerns When Sharing Mobile Phones, The twenty-seventh annual SIGCHI conference on Human factors in computing systems, Boston, MA. April 2009.
Stuart E. Schechter, Rachna Dhamija, Andy Ozment, and Ian Fischer. The Emporer’s New Security Indicators: An evaluation of website authentication and the effect of role playing on usability studies IEEE Symposium on Security and Privacy, Oakland, California. May 20–23, 2007.
Andy Ozment and Stuart E. Schechter. Milk or Wine: Does Software Security Improve with Age? The 15th USENIX Security Symposium, Vancouver, BC. July 31–August 4, 2006.
Andy Ozment and Stuart E. Schechter. Bootstrapping the Adoption of Internet Security Protocols, The Fifth Annual Workshop on the Economics of Information Security, Cambridge, UK. June 26–28, 2006.
Andy Ozment, Stuart E. Schechter, and Rachna Dhamija. Web Sites Should Not Need to Rely on Users to Secure Communications, W3C Workshop on Transparency and Usability of Web Authentication, New York, NY. March 15–16, 2006.
Stuart E. Schechter, Jaeyeon Jung, Will Stockwell, and Cynthia McLain. Inoculating SSH Against Address-Harvesting, The 13th Annual Network and Distributed System Security Symposium (NDSS'06), San Diego, CA. February 2006.
Stuart E. Schechter. Toward Econometric Models of the Security Risk from Remote Attack, IEEE Security & Privacy Magazine, pages 40–44, January-February 2005 (Vol. 3, No .1).
Stuart E. Schechter, Jaeyeon Jung, and Arthur W. Berger. Fast Detection of Scanning Worm Infections, The Seventh International Symposium on Recent Advances in Intrusion Detection (RAID 2004), Sophia Antipolis, French Riviera, France. September~15–17, 2004.
Stuart E. Schechter. Toward Econometric Models of the Security Risk from Remote Attacks, The Third Annual Workshop on Economics and Information Security, Minneapolis, Minnesota, May 2004.
Stuart E. Schechter and Michael D. Smith. Access for Sale: A New Class of Worm, The ACM CCS Workshop on Rapid Malcode (WORM 2003), Washington, DC, October 2003.
Stuart E. Schechter, Rachel A. Greenstadt, and Michael D. Smith. Trusted Computing, Peer-to-Peer Distribution, and the Economics of Pirated Entertainment, The Second Annual Workshop on Economics and Information Security, College Park, Maryland, May 2003.
Stuart~E. Schechter and Michael~D. Smith. How Much Security is Enough to Stop a Thief? The Economics of Outsider Theft via Computer Systems and Networks, In Rebecca~N. Wright, editor, Lecture Notes in Computer Science: Proceedings of the Seventh Financial Cryptography Conference, volume 2742, pages 122–137. Springer-Verlag, Gosier, Guadeloupe, January~27–30, 2003.
Stuart E. Schechter. How to Buy Better Testing: Using Competition to Get the Most Security and Robustness for Your Dollar, In Owen~Rees, George~Davida, and Yair~Frankel, editors, Lecture Notes in Computer Science: Proceedings of the Infrastructure Security International Conference (InfraSec 2002), volume 2437, pages 73–87. Springer-Verlag, Bristol, UK, October~1–3, 2002.
Stuart E. Schechter. Quantitatively Differentiating System Security, The First Annual Workshop on Economics and Information Security, Berkeley, California, May 2002.
Stuart E. Schechter, Todd Parnell, and Alexander Hartemink. Anonymous Authentication of Membership in Dynamic Groups, In Matt Franklin, editor, Lecture Notes in Computer Science: The Third International Conference on Financial Cryptography, volume 1648, Springer-Verlag, Anguilla, BWI, January 1999.
Stuart E. Schechter, Murali Krishnan, and Michael D. Smith. Using Path Profiles to Predict HTTP Requests, Proceedings of the Seventh World Wide Web Conference (WWW7), Brisbane, Australia, April 1998.
Stuart Schechter Computer Security Strength & Risk: A Quantitative Approach, Harvard University Doctoral Thesis, 2004.