I received my doctorate from the School of Computer Science at Carnegie Mellon University advised by Lorrie Cranor and working in CyLab. My specialization was usable security, a human-centric approach to the design of secure systems. The work of our group effected the revision of NIST's guidelines for secure passwords, as reported in the Washington Post.
My dissertation focused on estimating password strength using a linguistic, machine-learning framework. From a training corpus of passwords, the framework I developed learns a stochastic grammar and generates the most likely password guesses. I used the framework to evaluate passwords against sophisticated adversaries that can make hundreds of trillions of guesses. I also used it to evaluate the passwords of over 25,000 students, faculty, and staff at Carnegie Mellon University.
I have published and presented full-length papers at CHI, Oakland, CCS, USENIX Security, ICWSM, SOUPS, and many other conferences. Projects that I have worked on have also been featured on a number of websites such as Ars Technica and MIT Technology Review.
Telepathwords is a project I worked on with Stuart Schechter at Microsoft Research. The official press release is here and our USENIX Security paper is here. It was also been picked up by several news sites, including Digital Trends, Geek, Gizmodo, Inc., and TIME.