I received my doctorate from the
School of Computer Science at
Carnegie Mellon University
advised by Lorrie Cranor and
working in CyLab.
My specialization was usable security, a human-centric approach to the design of secure systems.
My dissertation research focused on estimating password strength using a linguistic, machine-learning framework.
From a training corpus of passwords, the framework I developed learns a stochastic grammar and generates the most likely password guesses.
Standard password cracking tools do not make guesses in order of likelihood,
so this technique allows one to emulate a more sophisticated adversary than is available with current techniques.
My framework has been used to evaluate passwords against sophisticated adversaries that can make hundreds of trillions of guesses.
It was used to evaluate the passwords of over 25,000 students, faculty, and staff at Carnegie Mellon University.
My dissertation is available here and the framework I developed can be found on GitHub.
I have published full-length papers at CHI,
and many other conferences.
Projects that I have worked on have also been featured on a number of websites such as
Ars Technica and
MIT Technology Review.
Telepathwords is a
project I worked on with Stuart Schechter at Microsoft Research.
The official press release is here
and our USENIX Security paper is here.
It was also been picked up by several news sites, including
- Honorable Mention at CHI 2011 (awarded to top 5% of submissions)
- Distinguished Paper Award at SOUPS 2013 (awarded to 2/51 submissions)
All following publications are full-length, peer-reviewed conference or journal papers except where noted
with a *.
* Modeling the adversary to evaluate password strength with limited samples
S. Komanduri. Ph.D. Dissertation. Carnegie Mellon University. 2016.
[local pdf] [bib]
|CHI 2015 |A Spoonful of Sugar?: The Impact of Guidance and Feedback on Password-Creation Behavior
R. Shay, L. Bauer, N. Christin, L. F. Cranor, A. Forget, S. Komanduri, M. L. Mazurek, W. Melicher, S. M. Segreti and B. Ur. Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems
(CHI 2015). New York, NY, USA: ACM. 2015. pp. 2903-2912.
Acceptance rate: 22.9%
[local pdf] [official pdf] [cites] [doi] [bib]
|CHI 2014 |Can Long Passwords Be Secure and Usable?
R. Shay, S. Komanduri, A. L. Durity, P. S. Huh, M. L. Mazurek, S. M. Segreti, B. Ur, L. Bauer, N. Christin and L. F. Cranor. Proceedings of the 2014 Annual ACM Conference on Human Factors in Computing Systems
(CHI 2014). New York, NY, USA: ACM. pp. 2927-2936.
Acceptance rate: 26.7%
[official pdf] [cites] [doi] [bib]
|USENIX Security 2012 |How does your password measure up? The effect of strength meters on password creation
B. Ur, P. G. Kelley, S. Komanduri, J. Lee, M. Maass, M. L. Mazurek, T. Passaro, R. Shay, T. Vidas, L. Bauer, N. Christin and L. F. Cranor. Proceedings of the 21st USENIX conference on Security symposium
(USENIX Security 2012). Berkeley, CA, USA: USENIX Association. 2012. pp. 5-5.
Acceptance rate: 19.4%
[local pdf] [official pdf] [cites] [bib]
* Helping Users Create Better Passwords
B. Ur, P. G. Kelley, S. Komanduri, J. Lee, M. Maass, M. L. Mazurek, T. Passaro, R. Shay, T. Vidas, L. Bauer, N. Christin, L. F. Cranor, S. Egelman and J. Lopez. Usenix Login
. vol. 37. no. 6. 2012. pp. 51-57.
[local pdf] [bib]
Computer Security Warnings
Privacy on Social Networks
|I/S (Journal) |AdChoices? Compliance with Online Behavioral Advertising Notice and Choice Requirements
S. Komanduri, R. Shay, G. Norcie, B. Ur and L. F. Cranor. I/S: A Journal of Law & Policy for the Information Society
. vol. 7. 2011. pp. 603-638.
[local pdf] [cites] [bib]
Chicago, IllinoisCivis Analytics
2014 - presentSoftware Engineering Tech Lead
- Managed a small team of software engineers working on a data-science platform
- Collaborated frequently with internal and external stakeholders
- Areas of responsibility included: data-science integrations, security, REST API, and caching layers
- Proposed and guided changes to our backend infrastructure that greatly increased the scalability of our product
- Analyzed data on platform performance and stability to guide engineering efforts
Bowling Green, OhioBowling Green State University ITS
2006 - 2007Hardware Support Supervisor
- Managed and trained employees in troubleshooting and repair of hardware issues
- Provided hardware diagnosis and repair services for over 10,000 desktop and laptop systems on campus
- Provided installation, configuration, and support services to users with Windows-based systems and UNIX-based systems (including Linux and Mac OS X)
- Main contact for emergency repairs and customer service issues
- Specialized in hard drive data recovery and operating system repairs
Waterville, OhioOnline Brokerage Services
2005Web Developer / IT Support
- Created and rebuilt public websites with Visual Studio.NET
- Duties included PC support and server administration
Toledo, OhioLucas County Information Services
1999 - 2001Network Technician
- Personally responsible for maintenance, repair, and upgrades for approximately 150 PCs and coincident networking in various county departments
- Interacted directly with users and departments in resolving hardware and software issues
- Developed strategies for software distribution and network-wide upgrades