Rich Shay

Publications

Conference Papers

Diversify to Survive: Making Passwords Stronger with Adaptive Policies. USENIX 2017. (Sean M. Segreti, William Melicher, Saranga Komanduri, Darya Melicher, Richard Shay, Blase Ur, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, and Michelle L. Mazurek)

SoK: Cryptographically Protected Database Search. Oakland 2017. (Benjamin Fuller, Mayank Varia, Arkady Yerukhimovich, Emily Shen, Ariel Hamlin, Vijay Gadepally, Richard Shay, John Darby Mitchell, and Robert Cunningham)

SoK: Privacy on Mobile Devices – It’s Complicated. PETS 2016. (Chad Spensky, Jeffrey Stewart, Arkady Yerukhimovich, Richard Shay, Ari Trachtenberg, Rick Housley, Robert K. Cunningham)

Usability and Security of Text Passwords on Mobile Devices . CHI 2016. (William Melicher, Darya Kurilova, Sean M. Segreti, Pranshu Kalvani, Richard Shay, Blase Ur, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Michelle L. Mazurek)

Measuring Real-World Accuracies and Biases in Modeling Password Guessability. USENIX Security 2015. (Blase Ur, Sean M. Segreti, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Saranga Komanduri, Darya Kurilova, Michelle L. Mazurek, William Melicher, Richard Shay)

"I Added '!' at the End to Make It Secure": Observing Password Creation in the Lab. SOUPS 2015. (Blase Ur, Fumiko Noma, Jonathan Bees, Sean M. Segreti, Richard Shay, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor)

A Spoonful of Sugar? The Impact of Guidance and Feedback on Password-Creation Behavior. CHI 2015. (Richard Shay, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Alain Forget, Saranga Komanduri, Michelle L. Mazurek, William Melicher, Sean M. Segreti, Blase Ur)

Telepathwords: Preventing Weak Passwords by Reading Users' Minds. USENIX 2014. (Saranga Komanduri, Richard Shay, Lorrie Faith Cranor, Cormac Herley, and Stuart Schechter)

Can Long Passwords be Secure and Usable?. CHI 2014. (Richard Shay, Saranga Komanduri, Adam L. Durity, Phillip (Seyoung) Huh, Michelle L Mazurek, Sean M. Segreti, Blase Ur, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor)

My Religious Aunt Asked Why I Was Trying to Sell Her Viagra: Experiences with Account Hijacking. CHI 2014. (Richard Shay, Iulia Ion, Robert W. Reeder, Sunny Consolvo)

Measuring Password Guessability for an Entire University. CCS 2013. (Michelle Mazurek, Saranga Komanduri, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Patrick Gage Kelley, Richard Shay, Blase Ur)

What Matters to Users? Factors that Affect Users' Willingness to Share Information with Online Advertisers. SOUPS 2013. (Pedro G. Leon, Blase Ur, Yang Wang, Manya Sleeper, Rebecca Balebako, Richard Shay, Lujo Bauer, Mihai Christodorescu, Lorrie Faith Cranor)

The Impact of Length and Mathematical Operators on the Usability and Security of System-Assigned One-Time PINs. USEC 2013. (Patrick Gage Kelley, Saranga Komanduri, Michelle L. Mazurek, Richard Shay, Tim Vidas, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor)

How does your password measure up? The effect of strength meters on password creation. USENIX 2012. (Blase Ur, Patrick Gage Kelley, Saranga Komanduri, Joel Lee, Michael Maass, Michelle Mazurek, Timothy Passaro, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor)

Guess Again (and again and again): Measuring password strength by simulating password-cracking algorithms. Oakland 2012. (Patrick Gage Kelley, Saranga Komanduri, Michelle L. Mazurek, Richard Shay, Tim Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, and Julio Lopez)

Correct horse battery staple: Exploring the usability of system-assigned passphrases. SOUPS 2012. (Richard Shay, Patrick Gage Kelley, Saranga Komanduri, Michelle Mazurek, Blase Ur, Timothy Vidas, Lujo Bauer, Nicholas Christin, Lorrie Faith Cranor)

Smart, Useful, Scary, Creepy: Perceptions of Online Bebahavioral Advertising. SOUPS 2012. (Blase Ur, Pedro G. Leon, Lorrie Faith Cranor, Richard Shay, Yang Wang)

Why Johnny Can't Opt Out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising. CHI 2012. (Pedro Leon, Blase Ur, Rebecca Balebako, Lorrie Faith Cranor, Richard Shay, and Yang Wang)

Exploring Reactive Access Control. CHI 2011. (Michelle Mazurek, Peter Klemperer, Richard Shay, Hassan Takabi, Lujo Bauer, and Lorrie Faith Cranor)

Of Passwords and People: Measuring the Effect of Password-Composition Policies. CHI 2011. (Saranga Komanduri, Richard Shay, Patrick Gage Kelley, Michelle Mazurek, Lujo Bauer, Nicholas Christin, Lorrie Faith Cranor, and Serge Egelman)

Encountering Stronger Password Requirements: User Attitudes and Behaviors. SOUPS 2010. (Richard Shay, Saranga Komanduri, Patrick Gage Kelley, Pedro Leon, Michelle Mazurek, Lujo Bauer, Nicholas Christin, and Lorrie Faith Cranor)

Access Control for Home Data Sharing: Attitudes, Needs and Practices. CHI 2010. (Michelle Mazurek, J.P. Arsenault, Joanna Bresee, Nitin Gupta, Iulia Ion, Christina Johns, Daniel Lee, Yuan Liang, Jenny Olsen, Brandon Salmon, Richard Shay, Kami Vaniea, Lujo Bauer, Lorrie Faith Cranor, Gregory R. Ganger, and Michael K. Reiter)

Journal Papers

Don’t Even Ask: Database Access Control through Query Control. SIGMOD Record 2019. (Richard Shay, Uri Blumenthal, Vijay Gadepally, Ariel Hamlin, John Darby Mitchell, and Robert K. Cunningham)

Designing Password Policies for Strength and Usability. TISSEC 2016. (Richard Shay, Saranga Komanduri, Adam L. Durity, Phillip (Seyoung) Huh, Michelle L. Mazurek, Sean M. Segreti, Blase Ur, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor)

AdChoices? Compliance with Online Behavioral Advertising Notice and Choice Requirements. I/S: A Journal of Law and Policy for the Information Society 2012. (Saranga Komanduri, Richard Shay, Greg Norcie, Blase Ur, and Lorrie Faith Cranor)

A Comprehensive Simulation Tool for the Analysis of Password Policies. International Journal of Information Security 2009. (Richard Shay and Elisa Bertino)

Doctoral Thesis

Creating Usable Policies for Stronger Passwords with MTurk. PhD Thesis 2015. (Richard Shay)

Workshop Papers

Measuring the Effectiveness of Privacy Tools for Limiting Behavioral Advertising. W2SP 2012. (Rebecca Balebako, Pedro Leon, Richard Shay, Blase Ur, and Lorrie Faith Cranor)

Password Policy Simulation and Analysis. DIM 2007. (Richard Shay, Abhilasha Bhargav-Spantzel, and Elisa Bertio)

Magazine Articles

Lessons Learned From Designing a Security Architecture for Real-World Government Agencies. IEEE Security and Privacy 2021. (Amy Dettmer, Hamed Okhravi, Kevin Perry, Nabil Schear, Richard Shay, Mary Ellen Zurko, Paula Donovan)

CyLab Usable Privacy and Security Laboratory. ACM XRDS Magazine 2013. (Rich Shay)

Helping Users Create Better Passwords . USENIX ;login: Magazine 2012. (Blase Ur, Patrick Gage Kelley, Saranga Komanduri, Joel Lee, Michael Maass, Michelle L. Mazurek, Timothy Passaro, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, Julio López)

Posters

The Art of Password Creation. Oakland 2013. (Blase Ur, Saranga Komanduri, Richard Shay, Stephanos Matsumoto, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Patrick Gage Kelley, Michelle L. Mazurek, Timothy Vidas)

Exploring Reactive Access Control. CHI 2010. (Richard Shay, Michelle Mazurek, Peter Klemperer, and Hassan Takabi)

Undergraduate Thesis

Jesus and Hierarchy. Brown University Senior Thesis 2003. (Richard Shay)