More is not the answer

In this paper we explore why progress has been slow and examine several possible directions. First, the scale and diversity of the web makes one-size fits all approaches hard. Second, the competition for user attention is fierce: there are no pools of unexploited user...

A profitless endeavor: Phishing as tragedy of the commons

Conventional wisdom is that phishing represents easy money. In this paper we examine the economics that underlie the phenomenon, and find a very different picture. Phishing is a classic example of tragedy of the commons, where there is open access to a resource that...

A large-scale study of web password habits

We report the results of a large scale study of password use and password re-use habits. The study involved half a million users over a three month period. A client component on users’ machines recorded a variety of password strength, usage and frequency metrics. This...