Passwords

Diversify to Survive: Making Passwords Stronger with Adaptive Policies.
Sean M. Segreti, William Melicher, Saranga Komanduri, Darya Melicher, Richard Shay, Blase Ur, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, and Michelle L. Mazurek. 2017. In Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017), USENIX Association, Santa Clara, CA, 1–12.
pdf link citations

Fast, lean and accurate: Modeling password guessability using neural networks.
William Melicher, Blase Ur, Sean M. Segreti, Saranga Komanduri, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2016. In Proceedings of the 25th USENIX conference on Security symposium (USENIX Security ’16), USENIX Association, Austin, TX, 175–191.
Acceptance rate: 15.4% (72⁄468)
Best Paper Award
pdf link citations

Designing Password Policies for Strength and Usability.
Richard Shay, Saranga Komanduri, Adam L. Durity, Phillip Seyoung Huh, Michelle L. Mazurek, Sean M. Segreti, Blase Ur, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2016. ACM Trans. Inf. Syst. Secur. 18, 4 (May 2016), 13:1-13:34.
ACM Computing Reviews Best of Computing
pdf link citations

Modeling the adversary to evaluate password strength with limited samples.
Saranga Komanduri. 2016. Carnegie Mellon University.
pdf link citations

Measuring Real-World Accuracies and Biases in Modeling Password Guessability.
Blase Ur, Sean M. Segreti, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Saranga Komanduri, Darya Kurilova, Michelle L. Mazurek, William Melicher, and Richard Shay. 2015. In Proceedings of the 24th USENIX conference on Security symposium (USENIX Security ’15), USENIX Association, Washington, D.C., 463–481.
Acceptance rate: 15.7% (67⁄426)
pdf link citations

Spaced Repetition and Mnemonics Enable Recall of Multiple Strong Passwords.
Jeremiah Blocki, Saranga Komanduri, Lorrie Faith Cranor, and Anupam Datta. 2015. In Proceedings of the 22nd Network and Distributed Systems Security Symposium (NDSS ’15), Internet Society, San Diego, California, USA.
Acceptance rate: 16.9% (51⁄302)
pdf link citations

A Spoonful of Sugar?: The Impact of Guidance and Feedback on Password-Creation Behavior.
Richard Shay, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Alain Forget, Saranga Komanduri, Michelle L. Mazurek, William Melicher, Sean M. Segreti, and Blase Ur. 2015. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (CHI ’15), ACM, Seoul, Republic of Korea, 2903–2912.
Acceptance rate: 22.9% (486⁄2120)
pdf link citations

Telepathwords: preventing weak passwords by reading users’ minds.
Saranga Komanduri, Richard Shay, Lorrie Faith Cranor, Cormac Herley, and Stuart Schechter. 2014. In Proceedings of the 23rd USENIX conference on Security symposium (USENIX Security ’14), USENIX Association.
Acceptance rate: 19.1% (67⁄350)
Presenter
pdf link citations

Can Long Passwords Be Secure and Usable?.
Richard Shay, Saranga Komanduri, Adam L. Durity, Phillip Seyoung Huh, Michelle L. Mazurek, Sean M. Segreti, Blase Ur, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2014. In Proceedings of the 2014 Annual ACM Conference on Human Factors in Computing Systems (CHI ’14), ACM, Toronto, Ontario, Canada, 2927–2936.
Acceptance rate: 26.7% (382⁄1433)
pdf link citations

Optimizing password composition policies.
Jeremiah Blocki, Saranga Komanduri, Ariel Procaccia, and Or Sheffet. 2013. In Proceedings of the fourteenth ACM conference on Electronic commerce (EC ’13), ACM, Philadelphia, Pennsylvania, USA, 105–122.
Acceptance rate: 30.9% (72⁄233)
pdf link citations

The Impact of Length and Mathematical Operators on the Usability and Security of System-Assigned One-Time PINs.
Patrick Gage Kelley, Saranga Komanduri, Michelle L. Mazurek, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2013. In Financial Cryptography and Data Security – FC 2013 Workshops (USEC 2013), Springer Berlin Heidelberg, 34–51.
pdf link citations

Measuring Password Guessability for an Entire University.
Michelle L. Mazurek, Saranga Komanduri, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Patrick Gage Kelley, Richard Shay, and Blase Ur. 2013. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (CCS ’13), ACM, Berlin, Germany, 173–186.
Acceptance rate: 19.8% (105⁄530)
pdf link citations

Guess Again (and Again and Again): Measuring Password Strength by Simulating Password-Cracking Algorithms.
Patrick Gage Kelley, Saranga Komanduri, Michelle L. Mazurek, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, and Julio Lopez. 2012. In Proceedings of the 2012 IEEE Symposium on Security and Privacy (Oakland ’12), IEEE Computer Society, Washington, DC, USA, 523–537.
Acceptance rate: 13.0% (40⁄307)
Presenter
pdf link citations

Correct horse battery staple: exploring the usability of system-assigned passphrases.
Richard Shay, Patrick Gage Kelley, Saranga Komanduri, Michelle L. Mazurek, Blase Ur, Timothy Vidas, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2012. In Proceedings of the Eighth Symposium on Usable Privacy and Security (SOUPS ’12), ACM, Washington, D.C., 7:1-7:20.
Acceptance rate: 20.9% (14⁄67)
pdf link citations

How does your password measure up? The effect of strength meters on password creation.
Blase Ur, Patrick Gage Kelley, Saranga Komanduri, Joel Lee, Michael Maass, Michelle L. Mazurek, Timothy Passaro, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2012. In Proceedings of the 21st USENIX conference on Security symposium (USENIX Security ’12), USENIX Association, Bellevue, WA, 5–5.
Acceptance rate: 19.4% (43⁄222)
pdf link citations

Helping Users Create Better Passwords.
Blase Ur, Patrick Gage Kelley, Saranga Komanduri, Joel Lee, Michael Maass, Michelle L. Mazurek, Timothy Passaro, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, and Julio Lopez. 2012. Usenix Login 37, 51–57.
pdf link citations

Of passwords and people: measuring the effect of password-composition policies.
Saranga Komanduri, Richard Shay, Patrick Gage Kelley, Michelle L. Mazurek, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, and Serge Egelman. 2011. In Proceedings of the 2011 Annual ACM Conference on Human Factors in Computing Systems (CHI ’11), ACM, Vancouver, BC, Canada, 2595–2604.
Acceptance rate: 26.8% (410⁄1532)
Presenter
Honorable Mention
pdf link citations

Encountering stronger password requirements: user attitudes and behaviors.
Richard Shay, Saranga Komanduri, Patrick Gage Kelley, Pedro Giovanni Leon, Michelle L. Mazurek, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2010. In Proceedings of the Sixth Symposium on Usable Privacy and Security (SOUPS ’10), ACM, Redmond, Washington, 2:1-2:20.
Acceptance rate: 24.6% (16⁄65)
Presenter
pdf link citations

Order and entropy in picture passwords.
Saranga Komanduri and Dugald R. Hutchings. 2008. In Proceedings of graphics interface 2008 (GI ’08), Canadian Information Processing Society, Windsor, Ontario, Canada, 115–122.
Acceptance rate: 40.0% (34⁄85)
Presenter
pdf link citations

Improving Password Usability with Visual Techniques.
Saranga Komanduri. 2007. Bowling Green State University.
pdf link citations

Computer Security Warnings

Harder to Ignore? Revisiting Pop-Up Fatigue and Approaches to Prevent It.
Cristian Bravo-Lillo, Lorrie Faith Cranor, Saranga Komanduri, Stuart Schechter, and Manya Sleeper. 2014. In Proceedings of the Tenth Symposium on Usable Privacy and Security (SOUPS ’14), USENIX Association, Menlo Park, CA, 105–111.
Acceptance rate: 26.6% (21⁄79)
Presenter
pdf link citations

Your attention please: designing security-decision UIs to make genuine risks harder to ignore.
Cristian Bravo-Lillo, Saranga Komanduri, Lorrie Faith Cranor, Robert W. Reeder, Manya Sleeper, Julie Downs, and Stuart Schechter. 2013. In Proceedings of the Ninth Symposium on Usable Privacy and Security (SOUPS ’13), ACM, Newcastle, United Kingdom, 6:1-6:12.
Acceptance rate: 29.4% (15⁄51)
Distinguished Paper Award
pdf link citations

Operating system framed in case of mistaken identity: measuring the success of web-based spoofing attacks on OS password-entry dialogs.
Cristian Bravo-Lillo, Lorrie Cranor, Julie Downs, Saranga Komanduri, Stuart Schechter, and Manya Sleeper. 2012. In Proceedings of the 2012 ACM conference on Computer and communications security (CCS ’12), ACM, Raleigh, North Carolina, USA, 365–377.
Acceptance rate: 19.0% (81⁄426)
pdf link citations

Bridging the Gap in Computer Security Warnings: A Mental Model Approach.
Cristian Bravo-Lillo, Lorrie Faith Cranor, Julie Downs, and Saranga Komanduri. 2011. IEEE Security and Privacy 9, 18–26.
pdf link citations

Improving computer security dialogs.
Cristian Bravo-Lillo, Lorrie Faith Cranor, Julie Downs, Saranga Komanduri, and Manya Sleeper. 2011. In Proceedings of the 13th IFIP TC 13 international conference on Human-computer interaction - Volume Part IV (INTERACT ’11), Springer-Verlag, Lisbon, Portugal, 18–35.
Acceptance rate: 27.9% (112⁄402)
pdf link citations

Behavioral Advertising

AdChoices? Compliance with Online Behavioral Advertising Notice and Choice Requirements.
Saranga Komanduri, Richard Shay, Gregory Norcie, Blase Ur, and Lorrie Faith Cranor. 2011. I/S: A Journal of Law & Policy for the Information Society 7, (2011), 603–638.
pdf citations

Privacy on Social Networks

Nudges for Privacy and Security: Understanding and Assisting Users’ Choices Online.
Alessandro Acquisti, Idris Adjerid, Rebecca Balebako, Laura Brandimarte, Lorrie Faith Cranor, Saranga Komanduri, Pedro Giovanni Leon, Norman Sadeh, Florian Schaub, Manya Sleeper, Yang Wang, and Shomir Wilson. 2017. ACM Comput. Surv. 50, 3 (August 2017), 44:1-44:41.
pdf link citations

The Post Anachronism: The Temporal Dimension of Facebook Privacy.
Lujo Bauer, Lorrie Faith Cranor, Saranga Komanduri, Michelle L. Mazurek, Michael K. Reiter, Manya Sleeper, and Blase Ur. 2013. In Proceedings of the 12th ACM Workshop on Workshop on Privacy in the Electronic Society (WPES ’13), ACM, Berlin, Germany, 1–12.
Acceptance rate: 29.1% (30⁄103)
pdf link citations

“I regretted the minute I pressed share”: a qualitative study of regrets on Facebook.
Yang Wang, Gregory Norcie, Saranga Komanduri, Alessandro Acquisti, Pedro Giovanni Leon, and Lorrie Faith Cranor. 2011. In Proceedings of the Seventh Symposium on Usable Privacy and Security (SOUPS ’11), ACM, Pittsburgh, Pennsylvania, 10:1-10:16.
Acceptance rate: 33.3% (15⁄45)
pdf link citations

Around the Water Cooler: Shared Discussion Topics and Contact Closeness in Social Search.
S. Komanduri, L. Fang, D. Huffaker, and J. Staddon. 2012. In Proceedings of the Sixth International AAAI Conference on Weblogs and Social Media (ICWSM 2012).
Acceptance rate: 20.0% (counts not provided)
pdf link citations