I received my doctorate from the School of Computer Science at Carnegie Mellon University advised by Lorrie Cranor and working in CyLab. My specialization was usable security, a human-centric approach to the design of secure systems. The work of our group led to the revision of NIST's guidelines for secure passwords, reported in the Washington Post.
My dissertation research focused on estimating password strength using a linguistic, machine-learning framework. From a training corpus of passwords, the framework I developed learns a stochastic grammar and generates the most likely password guesses. Standard password cracking tools do not make guesses in order of likelihood, so this technique allows one to emulate a more sophisticated adversary than is available with current techniques. My framework has been used to evaluate passwords against sophisticated adversaries that can make hundreds of trillions of guesses. It was used to evaluate the passwords of over 25,000 students, faculty, and staff at Carnegie Mellon University.
I have published full-length papers at CHI, Oakland, CCS, USENIX Security, ICWSM, SOUPS, and many other conferences. Projects that I have worked on have also been featured on a number of websites such as Ars Technica and MIT Technology Review.
Telepathwords is a project I worked on with Stuart Schechter at Microsoft Research. The official press release is here and our USENIX Security paper is here. It was also been picked up by several news sites, including Digital Trends, Geek, Gizmodo, Inc., and TIME.