I am a sixth-year doctoral candidate in the
School of Computer Science at
Carnegie Mellon University
advised by Lorrie Cranor and
working in CyLab.
My specialization is usable security, a human-centric approach to the design of secure systems.
My dissertation research focuses on estimating password strength using a linguistic, machine-learning framework.
From a training corpus of passwords, the framework I developed learns a stochastic grammar and generates the most likely password guesses.
Standard password cracking tools do not make guesses in order of likelihood,
so this technique allows one to emulate a more sophisticated adversary than is available with current techniques.
My framework has been used to evaluate passwords against sophisticated adversaries that can make hundreds of trillions of guesses.
It was recently used to evaluate the passwords of over 25,000 students, faculty, and staff at Carnegie Mellon University.
I have published full-length papers at CHI,
and many other conferences.
Projects that I have worked on have also been featured on a number of websites such as
Ars Technica and
MIT Technology Review.
Telepathwords is a
project I worked on with Stuart Schechter at Microsoft Research.
The official press release is here
and our USENIX Security paper is here.
It has also been picked up by several news sites, including
- Honorable Mention at CHI 2011 (awarded to top 5% of submissions)
- Distinguished Paper Award at SOUPS 2013 (awarded to 2/51 submissions)
All following publications are full-length, peer-reviewed conference or journal papers except where noted
with a *.
|CHI 2014 |Can Long Passwords Be Secure and Usable?
R. Shay, S. Komanduri, A. L. Durity, P. S. Huh, M. L. Mazurek, S. M. Segreti, B. Ur, L. Bauer, N. Christin and L. F. Cranor. Proceedings of the 2014 Annual ACM Conference on Human Factors in Computing Systems
(CHI 2014). New York, NY, USA: ACM. pp. 2927-2936.
Acceptance rate: 26.7%
[official pdf] [cites] [doi] [bib]
* Modeling the adversary to evaluate password strength with limited samples
S. Komanduri. Ph.D. Thesis Proposal. Carnegie Mellon University. 2013.
[local pdf] [bib]
|USENIX Security 2012 |How does your password measure up? The effect of strength meters on password creation
B. Ur, P. G. Kelley, S. Komanduri, J. Lee, M. Maass, M. L. Mazurek, T. Passaro, R. Shay, T. Vidas, L. Bauer, N. Christin and L. F. Cranor. Proceedings of the 21st USENIX conference on Security symposium
(USENIX Security 2012). Berkeley, CA, USA: USENIX Association. 2012. pp. 5-5.
Acceptance rate: 19.4%
[local pdf] [official pdf] [cites] [bib]
* Helping Users Create Better Passwords
B. Ur, P. G. Kelley, S. Komanduri, J. Lee, M. Maass, M. L. Mazurek, T. Passaro, R. Shay, T. Vidas, L. Bauer, N. Christin, L. F. Cranor, S. Egelman and J. Lopez. Usenix Login
. vol. 37. no. 6. 2012. pp. 51-57.
[local pdf] [bib]
Computer Security Warnings
Privacy on Social Networks
|I/S (Journal) |AdChoices? Compliance with Online Behavioral Advertising Notice and Choice Requirements
S. Komanduri, R. Shay, G. Norcie, B. Ur and L. F. Cranor. I/S: A Journal of Law & Policy for the Information Society
. vol. 7. 2011. pp. 603-638.
[local pdf] [cites] [bib]
Bowling Green, OhioBowling Green State University ITS
2006 - 2007Hardware Support Supervisor
- Managed and trained employees in troubleshooting and repair of hardware issues
- Provided hardware diagnosis and repair services for over 10,000 desktop and laptop systems on campus
- Provided installation, configuration, and support services to users with Windows-based systems and UNIX-based systems (including Linux and Mac OS X)
- Main contact for emergency repairs and customer service issues
- Specialized in hard drive data recovery and operating system repairs
Waterville, OhioOnline Brokerage Services
2005Web Developer / IT Support
- Created and rebuilt public websites with Visual Studio.NET
- Duties included PC support and server administration
Toledo, OhioLucas County Information Services
1999 - 2001Network Technician
- Personally responsible for maintenance, repair, and upgrades for approximately 150 PCs and coincident networking in various county departments
- Interacted directly with users and departments in resolving hardware and software issues
- Developed strategies for software distribution and network-wide upgrades