HCISec Bibliography

The purpose of this web page is to provide a central resource list of published work on human factors in computer security.  If you know of any papers that should be added to this list, please let us know. Note that publications of the ACM are also available from the ACM Digital Library.

Usability of Computer Security: A Bibliography contains some overlap. It is arranged by categories and includes some abstracts. It seems to have last been updated in 2000.

Updated (added 15 items) 23 July, 2008 by Ponnurangam K.


A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A

Mark S. Ackerman, Lorrie Faith Cranor and Joseph Reagle, Privacy in e-commerce:  examining user scenarios and privacy preferences.  Proceedings of the 1st ACM Conference on Electronic Commerce, 1999, Denver, Colorado. Author's web page
Mark S. Ackerman, The Intellectual Challenge of CSCW:  The Gap Between Social Requirements and Technical Feasibility. Author's web page
Anne Adams, Users' perception of privacy in multimedia communication. Unpublished Ph.D. Thesis, School of Psychology, University College London, UK, 2001. GetRealSecurity group publications page.
Anne Adams and Ann Blandford Security and Online Learning: To Protect or Prohibit. in Ghaoui, C. (eds.) Usability Evaluation of Online Learning Programs, Idea Publishing. Chapter 18. pp. 331 - 359. Author's web site.
Anne Adams and Ann Blandford Bridging the Gap between Organizational and User Perspectives of Security in the Clinical Domain. International Journal of Human-Computer Studies. 63. pp.175 - 202. Author's web site.
Anne Adams and Martina Angela Sasse, Privacy in Multimedia Communications:  Protecting Users, Not Just Data. In A. Blandford, J. Vanderdonkt and P. Gray [Eds.]: People & Computers XV - Interaction Without Frontiers, Joint Proceedings of HCI 2001 and ICM 2001, Lille, France, September 2001, pp. 49-64, Springer. GetRealSecurity group publications page.
Anne Adams, The Implications of Users' Privacy Perceptions on Communication and Information Privacy Policies. In Proceedings of Telecommunications Policy Research Conference, Washington, DC 1999. Author's web page.
Anne Adams, Multimedia information changes the whole privacy ballgame. In Proceedings of the Conference on Computers, Freedom and Privacy 2000, ACM Press. Author's web page.
Anne Adams and Martina Angela Sasse, Privacy issues in ubiquitous multimedia environments:  Wake sleeping dogs, or let them lie? In Proceedings of INTERACT '99, Edinburgh, pp. 214-221. Author's web page.
Anne Adams and Martina Angela Sasse, Taming the wolf in sheep's clothing:  privacy in multimedia communications. In Proceedings of ACM Multimedia '99, Orlando, pp. 101-107. GetRealSecurity group publications page.
Anne Adams and Martina Angela Sasse, Users are not the enemy:  Why users compromise security mechanisms and how to take remedial measures. Communications of the ACM, 42(12), pp. 40-46, December 1999. GetRealSecurity group publications page.
Anne Adams, Martina Angela Sasse, and Peter Lunt, Making Passwords Secure and Usable. In H. Thimbleby, B. O'Conaill and P. Thomas [Eds.]:  People & Computers XII, Proceedings of HCI '97, Bristol, UK, August 12-15, p. 1-19, Springer. Author's web page.
Kenneth Allendoerfer, Shantanu Pai, Human factors considerations for passwords and other user identification techniques part 1: Field study, results and analysis (DOT/FAA/CT-05/20). Atlantic City International Airport, NJ: Federal Aviation Administration William J. Hughes Technical Center. Author's web page .
Kenneth Allendoerfer, Shantanu Pai, Human factors considerations for passwords and other user identification techniques part 2: Field study, results and analysis (DOT/FAA/TC-06/09). Atlantic City International Airport, NJ: Federal Aviation Administration William J. Hughes Technical Center. Author's web page .
Elske Ammenwerth, Anke Buchauer, Hans-Bernd Bludau, Alexander Roßnagel, Simulation Studies for the Evaluation of Security Technology. Multilateral Security in Communications, Volume 3 - Technology, Infrastructure, Economy.  Guenter Mueller and Kai Rannenberg [Eds.], Addison Wesley, 1999.  
De Angeli, A., Coventry, L., Johnson, G., Renaud, K., Is a picture really worth a thousand words? On the feasibility of graphical authentication systems.International Journal of Human-Computer Studies, special issue: HCI research on Privacy and Security. Volume 63, Issue 1-2 (July 2005). Pages: 128 - 152.  

B

Dirk Balfanz, Usable Access Control for the World Wide Web. In Proceedings of 19th Annual Computer Security Applications conference, December 8 - 12, 2003. ACSAC web site
Dirk Balfanz, Durfee, G. and Smetters, D. K. Making the Impossible Easy: Usable PKI.. In Security and Usability: Designing Secure Systems that People Can Use, Cranor, L. F. and Garfinkel, S., eds., pp. 319-334. O'Reilly, Sebastopol, CA.
Dirk Balfanz, Durfee, G., Grinter, R. E. and Smetters, D. K. In Search of Usable Security -- Five Lessons from the Field.. IEEE Journal on Security and Privacy. 2(5) 2004. PARC web site
Dirk Balfanz, Durfee, G., Grinter, R. E. and Smetters, D. K. In Search of Usable Security -- Five Lessons from the Field.. IEEE Journal on Security and Privacy. 2(5) 2004. PARC web site
Dirk Balfanz, Durfee, G., Grinter, R. E., Smetters, D. K. and Stewart, P. Network-in-a-Box: How to Set Up a Secure Wireless Network in Under a Minute.. 13th Usenix Security Symposium, August, 2004, San Diego, CA. PARC web site
Dirk Balfanz, Smetters, D. K., Stewart, P. and Wong, H. C. Talking to strangers: authentication in ad-hoc wireless networks.. Network and Distributed System Security Symposium. Internet Society. February 6-8, 2002, San Diego, CA. PARC web site
Lujo Bauer, Lorrie Faith Cranor, Rob Reeder, Michael K. Reiter and Kami Vaniea. A User Study of Policy Creation in a Flexible Access-Control System. ACM SIGCHI Conference on Human Factors in Computing Systems (CHI '08). 2008. Lab's web page
Lujo Bauer, Lorrie Faith Cranor, Michael K. Reiter and Kami Vaniea. Lessons Learned From the Deployment of a Smartphone-Based Access-Control System. Symposium On Usable Privacy and Security (SOUPS). 2007. Conference web page
Denis Besnard and Budi Arief, Computer security impaired by legitimate users. Computers & Security, 23 (3), pp. 253-264, May 2004. Author's web page.
Nathaniel S. Borenstein, Computational Mail as Network Infrastructure for Computer-Supported Cooperative Work Innovations in E-Mail. Proceedings of ACM CSCW'92 Conference on Computer-Supported Cooperative Work 1992 p.67-74. ACM Digital Library
David Botta, Rodrigo Werlinger, André Gagné, Konstantin Beznosov, Lee Iverson, Sidney Fels and Brian Fisher. Towards Understanding IT Security Professionals and Their Tools.Symposium On Usable Privacy and Security (SOUPS). 2007. Conference web page
Christina Braz and Esma Aïmeur. ASEMC: Authentication for a SEcure M-Commerce.RFID Journal. June 2005. Paper
Christina Braz and Esma Aïmeur. AuthenLink: A User-Centred Authentication System for a Secure Mobile Commerce.3rd International Workshop on Wireless Information Systems (WIS-2004), Porto, Portugal, April 2004. Paper
Christina Braz and Jean-Marc Robert. Security and usability: the case of the user authentication methods.IHM '06: Proceedings of the 18th International Conferenceof the Association Francophone d'Interaction Homme-Machine. 2006. ACM Digital Library
Christina Braz, Ahmed Seffah and David M’Raihi. Designing a Trade-Off Between Usability and Security: A Metrics Based-Model.Human-Computer Interaction – INTERACT 2007. Lecture Notes in Computer Science, Volume 4663/2007. LNCS web site
Carolyn Brodie, Clare-Marie Karat, John Karat and Jinjuan Feng, Usable Security and Privacy: A Case Study of Developing Privacy Management Tools. Symposium On Usable Privacy and Security (SOUPS), 2005. ACM Digital Library
Sacha Brostoff and Martina Angela Sasse, "Ten strikes and you're out": Increasing the number of login attempts can improve password usability. CHI 2003 Workshop on Human-Computer Interaction and Security Systems, Ft. Lauderdale, Florida. HCISec mailing list file page and at the workshop web page.
Sacha Brostoff and Martina Angela Sasse, Safe and Sound:  a safety-critical design approach to security. Proceedings of the New Security Paradigms Workshop 2001 (September 10-13, New Mexico), pp. 41-50, ACM Press. GetRealSecurity group publications page.
Sacha Brostoff and Martina Angela Sasse, Are Passfaces More Usable Than Passwords? In S. McDonald, Y. Waern & G. Cockton [Eds.]: People and Computers XIV - Usability or Else! Proceedings of HCI 2000 (September 5-8, Sunderland, UK), pp. 405-424, Springer. GetRealSecurity group publications page.
Ian Brown and Richard Snow, A proxy approach to e-mail security. Software - Practice and Experience, 29(12), 1049-1060, October 1999. Author's web page
Jose Carlos Brustoloni and Ricardo Villamarin-Salomon, Improving Security Decisions with Polymorphic and Audited Dialogs. Proceedings of the 3rd Symposium on Usable Privacy and Security (SOUPS'2007), ACM, Pittsburgh, PA, July 2007, pp. 76-87. Author's web page
Jose Brustoloni, Ricardo Villamarin-Salomon, Peter Djalaliev and David Kyle. Evaluating the Usability of Usage Controls in Electronic Collaboration. Symposium On Usable Privacy and Security (SOUPS). 2008. Conference web page

C

L. Jean Camp. Mental models of security. IEEE Technology and Society, 2006. SSRN web page
L. Jean Camp. Reliable Usable Signaling to Defeat Masquerade Attacks. WEIS 2006 (Cambridge, MA) 26-28 June 2006. Also published as Net Trust: Signaling Malicious Web Sites at I/S A Journal of Law and Policy in the Information Society, Winter 2007. Workshop version
L. Jean Camp, Cathleen McGrath and Alla Genkina. Security and Morality: A Tale of User Deceit. Models of Trust for the Web MTW'06, (Edinburgh, Scotland) 22 May 2006. Author's web page
Xiang Cao, and Lee Iverson. Intentional Access Management: Making Access Control Usable For End-Users. In Proceedings of the 2006 Symposium On Usable Privacy and Security, 12-14 July 2006, Pittsburgh, PA. Symposium web page
Srdjan Capkun, Levente Buttyan and Jean-Pierre Hubaux, Small worlds in security systems: an analysis of the PGP certificate graph. In proceedings of New Security Paradigms Workshop 2002.  
Sonia Chiasson, Robert Biddle and P.C. van Oorschot. A Second Look at the Usability of Click-Based Graphical Passwords. Symposium On Usable Privacy and Security (SOUPS). 2007. Conference web page
S. Chiasson, P.C. van Oorschot, R. Biddle. A Usability Study and Critique of Two Password Managers. USENIX Security Symposium. August 2006, Vancouver, Canada. Author's web page
Sonia Chiasson, Jayakumar Srinivasan and P.C. van Oorschot. Centered Discretization with Application to Graphical Passwords. In Usability, Psychology, and Security. 2008. Conference web page
Jeremy Clark, P.C. van Oorschot and Carlisle Adams. Usability of Anonymous Web Browsing: An Examination of Tor Interfaces and Deployability. Symposium On Usable Privacy and Security (SOUPS). 2007. Conference web page
Gregory Conti, Mustaque Ahamad, and John Stasko Attacking Information Visualization System Usability Overloading and Deceiving the Human. Symposium On Usable Privacy and Security (SOUPS), 2005. ACM Digital Library
Gregory Conti and Edward Sobiesk. An Honest Man Has Nothing to Fear: User Perceptions on Web-based Information Disclosure. Symposium On Usable Privacy and Security (SOUPS). 2007. Cofnerence web page
Jason Cornwell, Ian Fette, Gary Hsieh, Madhu Prabaker, Jinghai Rao, Karen Tang, Kami Vaniea, Lujo Bauer, Lorrie Cranor, Jason Hong, Bruce McLaren, Mike Reiter, Norman Sadeh. User-Controllable Security and Privacy for Pervasive Computing. Proceedings of the 8th IEEE Workshop on Mobile Computing Systems and Applications, HotMobile 2007. 2007. Lab's web page
Lynne Coventry, Antonella De Angeli and Graham Johnson, Honest it's me!  Self-service verification.  CHI 2003 Workshop on Human-Computer Interaction and Security Systems, Ft. Lauderdale, Florida. HCISec mailing list file page and at the workshop web page.
Lorrie Faith Cranor. A framework for reasoning about the human in the loop. In Usability, Psychology, and Security. 2008. Conference Web page
Lorrie Faith Cranor. Designing a Privacy Preference Specification Interface:  A Case Study.  CHI 2003 Workshop on Human-Computer Interaction and Security Systems, Ft. Lauderdale, Florida. HCISec mailing list file page and at the workshop web page.
Lorrie Faith Cranor, What do they "indicate?": evaluating security and privacy indicators ACM: Interactions 13, 3 (May. 2006), 45-47. ACM Digital Library.
Lorrie Faith Cranor, Manjula Arjula and Praveen Guduru, Use of a P3P User Agent by Early Adopters. In Proceedings of the ACM Workshop on Privacy in the Electronic Society, November 21, 2002. Author's web page.
Lorrie Faith Cranor and Joel R. Reidenberg, Can user agents accurately represent privacy notices? The 30th Research Conference on Communication, Information and Internet Policy, September 2002, Alexandria, VA. Author's web page.
Lorrie Faith Cranor, Joseph Reagle and Mark S. Ackerman, Beyond Concern:  Understanding Net Users' Attitudes About Online Privacy.  Author's web page.
Lorrie Faith Cranor, Agents of Choice:  Tools that Facilitate Notice and Choice about Web Site Data Practices. Proceedings of the 21st International Conference on Privacy and Personal Data Protection, 13-15 September 1999, Hong Kong SAR, China. Author's web page.
Lorrie Faith Cranor and Mark S. Ackerman, Privacy Critics: UI Components to Safeguard Users' Privacy.  Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI '99), short papers (v.2), Author's web page.
Lorrie Faith Cranor and Simson L. Garfinkel, Security and Usability: Designing Secure Systems that People Can Use. O'Reilly publication. About the book.

D

Herbert Damker, Ulrich Pordesch and Martin Reichenbach, Personal Reachability and Security Management - Negotiation of Multilateral Security. Multilateral Security in Communications, Volume 3 - Technology, Infrastructure, Economy.  Guenter Mueller and Kai Rannenberg [Eds.], Addison Wesley, 1999.  
Don Davis, Compliance Defects in Public-Key Cryptography. Proceedings of the 6th USENIX Security Symposium, 1996. Author's web page.
Alex J. DeWitt and Jasna Kuljis. Aligning Usability And Security-A Usability Study Of Polaris. In Proceedings of the 2006 Symposium On Usable Privacy and Security, 12-14 July 2006, Pittsburgh, PA. Symposium web page.
Alex J. DeWitt and Jasna Kuljis. Is usable security an oxymoron? interactions. Vol. 13, Issue 3. Pages: 41-44. ACM Press. May 2006. ACM Digital Library.
Rachna Dhamija, Hash Visualization in User Authentication In CHI 2000 Extended Abstracts, April 2000, The Hague, Netherlands. Author's web page.
Rachna Dhamija and Adrian Perrig, Deja Vu:  A User Study.  Using Images for Authentication. In Proceedings of the 9th USENIX Security Symposium, August 2000, Denver, Colorado. Author's web page.
Rachna Dhamija and J.D. Tygar, Phish and HIPs: Human Interactive Proofs to Detect Phishing Attacks In Human Interactive Proofs: Second International Workshop (HIP 2005), eds. H. Baird and D. Lopresti, Springer, May 2005, pp 127-141. Author's web page.
Rachna Dhamija and J.D. Tygar, The Battle Against Phishing: Dynamic Security Skins. Symposium On Usable Privacy and Security (SOUPS), 2005. ACM Digital Library .
Rachna Dhamija and J.D. Tygar, and Marti Hearst Why Phishing Works. To appear in the Proceedings of the Conference on Human Factors in Computing Systems (CHI2006), 2006. Author's web page.
Ahmet Emir Dirik, Nasir Memon and Jean-Camille Birget. Modeling User Choice in the PassPoints Graphical Password Scheme. Symposium On Usable Privacy and Security (SOUPS). 2007. Conference web page
Paul DiGioia and Paul Dourish Social Navigation as a Model for Usable Security. Symposium On Usable Privacy and Security (SOUPS), 2005. ACM Digital Library
Julie S. Downs, Mandy Holbrook, and Lorrie Faith Cranor. Decision Strategies And Susceptibility To Phishing. In Proceedings of the 2006 Symposium On Usable Privacy and Security, 12-14 July 2006, Pittsburgh, PA. Symposium web page.
Paul Dourish, Jessica Delgado de la Flor and Melissa Joseph, Security as a Practical Problem:  Some Preliminary Observations of Everyday Mental Models. CHI 2003 Workshop on Human-Computer Interaction and Security Systems, Ft. Lauderdale, Florida. HCISec mailing list file page and at the workshop web page.
Paul Dourish and David Redmiles, An Approach to Usable Security Based on Event Monitoring and Visualization. New Security Paradigms Workshop, 2002.  
Cornelius C. Dufft, Juergen Espey, Hartmut Neuf, Georg Rudinger and Kurt Stapf, Usability and Security. Multilateral Security in Communications, Volume 3 - Technology, Infrastructure, Economy. Guenter Mueller and Kai Rannenberg [Eds.], Addison Wesley, 1999.  
Paul Dunphy, James Nicholson and Patrick Olivier. Securing Passfaces for Description. Symposium On Usable Privacy and Security (SOUPS). 2008. Conference webpage
Scott Dynes, Hans Brechbuhl and Eric Johnson. Information Security in the Extended Enterprise: Some Initial Results From a Field Study of an Industrial Firm. Symposium On Usable Privacy and Security (SOUPS), 2005. WEIS website

E

W. Keith Edwards, Mark W. Newman, Jana Z. Sedivy and Trevor F. Smith, Dirk Balfanz, D. K. Smetters, H. Chi Wong, Shahram Izadi. Using Speakeasy for Ad Hoc Peer-to-Peer Collaboration. Proceedings of ACM 2002 Conference on Computer Supported Cooperative Work (CSCW 2002), 2002, November, New Orleans, LA. PARC's web page.
Serge Egelman, Lorrie Cranor, and Abdur Chowdhury. An Analysis of P3P-Enabled Web Sites among Top-20 Search Results. . Proceedings of the Eighth International Conference on Electronic Commerce August 14-16, 2006, Fredericton, New Brunswick, Canada Author's web page.
Serge Egelman, Lorrie Cranor, and Jason Hong. You've been warned: an empirical study of the effectiveness of web browser phishing warnings. CHI '08: Proceeding of the twenty-sixth annual SIGCHI conference on Human factors in computing systems. ACM Webpage.
Serge Egelman and Ponnurangam Kumaraguru. Report on DIMACS Workshop and Working Group Meeting on Usable Privacy and Security Software.. May 3, 2005. Rutgers University, New Burnswick, NJ. Workshop web page.
Serge Egelman, Janice Tsai, Lorrie Cranor, and Alessandro Acquisti. Studying the Impact of Privacy Information on Online Purchase Decisions. . Workshop on Privacy and HCI: Methodologies for Studying Privacy Issues at CHI 06, April, 2006. Author's web page.
Carl Ellison, Chris Hall, Randy Milbert and Bruce Schneier, Protecting Secret Keys with Personal Entropy. Future Generation Computer Systems, Volume 16, pp. 311-318, 2000. Author's web page.

F

Laura Falk, Atul Prakash and Kevin Borders. Analyzing Websites for User-Visible Security Design Flaws.Symposium On Usable Privacy and Security (SOUPS). 2008. Conference webpage
Ivan Flechais and Martina Angela Sasse, Developing Secure and Usable Software.  OT2003.  Author's web page.
Ivan Flechais, Martina Angela Sasse and Stephen M. V. Hailes, Bringing Security Home: A process for developing secure and usable systems. New Security Paradigms Workshop, 2003. Author's web page.
Scott Flinn and Joanna Lumsden, User Perceptions of Privacy and Security on the Web. Third Annual Conference on Privacy, Security and Trust, October 12-14, 2005. Conference web page
Alain Forget, Sonia Chiasson, P.C. van Oorschot and Robert Biddle. Improving Text Passwords Through Persuasion. Symposium On Usable Privacy and Security (SOUPS). 2008. Conference web page
Batya Friedman, Helen Nissenbaum, David Hurley, Daniel C. Howe and Edward Felten, Users' Conceptions of Risks and Harms on the Web:  A Comparative Study. CHI 2002 Extended Abstracts of the Conference on Human Factors in Computing Systems, pp. 614-615. Network Browser Security & Human Values project publications web page.
Batya Friedman, David Hurley, Daniel C. Howe, Edward Felten and Helen Nissenbaum, Users' Conceptions of Web Security:  A Comparative Study. CHI 2002 Extended Abstracts of the Conference on Human Factors in Computing Systems, pp. 746-767. Network Browser Security & Human Values project publications web page.
Batya Friedman, Daniel C. Howe and Edward Felten, Informed Consent in the Mozilla Browser:  Implementing Value-Sensitive Design. Proceedings of the Thirty-fifth Annual Hawai'i International Conference on System Sciences. Network Browser Security & Human Values project publications web page.
Batya Friedman, Peter H. Kahn, Jr.,and Daniel C. Howe, Trust Online. Communications of the ACM, 43(12), 34-40. Network Browser Security & Human Values project publications web page.
Niklas Frykholm and Ari Juels, Error-Tolerant Password Recovery. In P. Samarati, ed., Eighth ACM Conference on Computer and Communications Security, pp. 1-8. ACM Press. 2001. Author's publications page at RSA Laboratories.
Steven M. Furnell Using security: easier said than done. In P. Computer Fraud & Security. Vol. 2004, Issue 4. Pages: 6-10. Elsevier Science B.V. April 2004.
Steven M. Furnell Why users cannot use security. Computers & Security. Vol. 24, Issue 4. Pages: 274-279. Elsevier Science B.V. June 2005.
Steven M. Furnell, Adila Jusoh, Dimitris Katsabas. The challenges of understanding and using security: A survey of end users . Computers & Security. Vol. 25. Pages: 27-35. Elsevier Science B.V. 2006.
Steven M. Furnell and Bogdan Ghita Usability pitfalls in Wireless LAN security . Network Security. Pages: 4-8. Elsevier Science B.V. March 2006.
Steven M. Furnell and Stamatis Bolakis Helping us to help ourselves: Assessing administrators' use of security analysis tools . Network Security. Vol. 2004, Issue 2. Pages: 7-12. Elsevier Science B.V. February 2004.

G

Simson L. Garfinkel, Adopting Fair Information Practices to Low Cost RFID Systems. paper presented at Privacy in Ubicomp'2002 workshop, Gotenborg, Sweden, September 29th, 2002. Author's version
Simson L. Garfinkel, Design Principles and Patterns for Computer Systems that are Simultaneously Secure and Usable. PhD Dissertation, 2005. Dissertation
Simson L. Garfinkel, Enabling Email Confidentiality through the use of Opportunistic Encryption. presented at the 2003 National Conference on Digital Government Research, May 2003, Boston, MA. Author's slides
Simson L. Garfinkel and Ivan Krstic, The One Laptop Per Child Security Model. Symposium On Usable Privacy and Security (SOUPS). 2007. Conference web page
Simson L. Garfinkel and Robert C. Miller, Johnny 2: A User Test of Key Continuity Management with S/MIME and Outlook Express. Symposium On Usable Privacy and Security (SOUPS), 2005. ACM Digital Library
Simson L. Garfinkel, Schiller, J., Nordlander, E., Margrave, D., and Miller, R., How To Make Secure Email Easier To Use. CHI 2005: Technology, Safety, Community, Portland, Oregon, April 2-7, 2005. Author's web page
Simson L. Garfinkel, Schiller, J., Nordlander, E., Margrave, D., and Miller, R., Views, Reactions and Impact of Digitally-Signed Mail in e-Commerce. Financial Cryptography and Data Security Ninth International Confernece, February 28-March 3, 2005, Roseau, The Commonwealth of Dominica. Conference web page
Carrie Gates and Jacob Slonim, Owner-Controlled Information, New Security Paradigms Workshop, 2003.  
Carrie Gates and Tara Whalen, Profiling the Defenders. New Security Paradigms Workshop, 2004. Author's web page.
Shirley Gaw and Edward W. Felten. Password Management Strategies For Online Accounts. In Proceedings of the 2006 Symposium On Usable Privacy and Security, 12-14 July 2006, Pittsburgh, PA. Symposium web page.
Weiwei Geng, Scott Flinn and John DeDourek. Usable Firewall Configuration. Proceedings of the 3rd Annual Conference on Privacy, Security and Trust (PST`05). October 2005. Conference web page.
Julia Gideon, Serge Egelman, Lorrie Cranor, and Alessandro Acquisti. Power Strips, Prophylactics, and Privacy, Oh My! In Proceedings of the 2006 Symposium On Usable Privacy and Security, 12-14 July 2006, Pittsburgh, PA. Symposium web page.
Nathaniel S. Good and Aaron Krekelberg, Usability and Privacy:  A Study of Kazaa P2P File-Sharing. In Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI 2003), Ft. Lauderdale, Florida. Author's web page. (HP Labs tech report)
Nathaniel S. Good and Rachna Dhamija, Jens Grossklags, David Thaw, Steven Aronowitz, Deirdre Mulligan, and Joseph Konstan, Stopping Spyware at the Gate: A User Study of Privacy, Notice and Spyware. Symposium On Usable Privacy and Security (SOUPS), 2005. ACM Digital Library .
Rebecca E. Grinter and D.K. Smetters, Three Challenges for Embedding Security into Applications. CHI 2003 Workshop on Human-Computer Interaction and Security Systems, Ft. Lauderdale, Florida. HCISec mailing list file page and at the workshop web page.
Joshua B. Gross and Mary Beth Rosson. Looking for trouble: understanding end-user security management. CHIMIT '07: Proceedings of the 2007 symposium on Computer human interaction for the management of information technology. 2007. ACM Digitial Library
Jens Grossklags, Nicolas Christin, and John Chuang. Predicted and Observed User Behavior in the Weakest-Link Security Game. In Proceedings of the 2008 USENIX Workshop on Usability, Psychology, and Security (UPSEC'08). San Francisco, CA. 2008. Conference web site
Jens Grossklags and Nathan Good. Empirical Studies on Software Notices to Inform Policy Makers and Usability Designers. In Usable Security (USEC’07). 2007. Conference web site
Peter Gutmann, Plug-and-Play PKI: A PKI Your Mother Can Use. In Proceedings of 12th USENIX Security Symposium. Usenix web site.
Peter Gutmann, PKI Technology Survey and Blueprint. author's web page.
Peter Gutmann and Ian Grigg. Security Usability. IEEE Security and Privacy. Pages: 56-58. IEEE. July 2005.

H

Jeffrey T. Hancock, Jennifer Thom-Santelli and Thompson Ritchie, Deception and Design: The Impact of Communication Technology on Lying Behavior. In Proceedings of CHI 2004.  
Katie Hafner and John Markoff, Cyberpunk: Outlaws and Hackers on the Computer Frontier. 1991, Simon & Schuster. Part One: Kevin: The Dark Side Hacker may include the earliest published references to social engineering.  
Jefferson B. Hardee, Ryan West, Christopher B. Mayhorn. To download or not to download: an examination of computer security decision making . Interactions. Vol. 13, Issue 3. Pages: 32-37. ACM Press. May 2006. ACM Digital Library.
Jefferson B. Hardee, Christopher B. Mayhorn and Ryan West You downloaded WHAT?: Computer-based security decisions. . 50th Annual Meeting of the Human Factors and Ergonomics Society. Santa Monica, CA: HFES. San Francisco, CA, September 2006.
James Haskett, Pass-algorithms: A User Validation Scheme Based on Knowledge of Secret Algorithms. Communications of the ACM, 27(8), pp. 777-781, August 1984. ACM Digital Library.
Eiji Hayashi, Nicolas Christin, Rachna Dhamija and Adrian Perrig. Use Your Illusion: Secure Authentication Usable Anywhere. Symposium On Usable Privacy and Security (SOUPS). 2008. Conference webpage.
Juho Heikkilä, Do I Know You?  User Recognition Without Identification. Proceedings of NordSec 2000, October 12-13, Reykjavik, Iceland. TeSSA project publications web page.
Morten Hertzum Minimal-feedback hints for remembering passwords. ACM: Interaction 13, 3 (May. 2006), 38-40. ACM Ditital Library
Almut Herzog and Nahid Shahmehri A Usability Study of Security Policy Management. Proceedings of the IFIP TC-11 21st International Information Security Conference. Security and Privacy in Dynamic environments. S. Fischer-Huebner, K. Rannenberg, L. Yngstroem, S. Lindskog (eds.). Pages: 296-306. Springer. 2006.  
Almut Herzog and Nahid Shahmehri . CHIMIT '07: Proceedings of the 2007 symposium on Computer human interaction for the management of information technology. 2007. ACM Digital Library
Sebastian Höhn. Bringing the User Back into Control: A New Paradigm for Usability in Highly Dynamic Systems . In Lecture Notes in Computer Science, Trust and Privacy in Digital Business, DOI 10.1007/11824633. 2006. pp. 114 - 122. Abstract
Ursula Holmstrmö, User-centered design of security software. Human Factors in Telecommunications, May 1999, Copenhagen, Denmark. TeSSA project publications web page.

I

Giovanni Iachello , and Jason Hong. End-User Privacy in Human-Computer Interaction. Foundations and Trends in Human-Computer Interaction. Vol. 1: No 1, pp 1-137. 2007. Publisher's webpage.
Giovanni Iachello , Kenneth Walsh, Ian Smith, Sunny Consolvo, Mike Chen, and Gregory D. Abowd. Developing Privacy Guidelines for Social Location Disclosure Applications and Services. . Symposium On Usable Privacy and Security (SOUPS), 2005. ACM Digital Library.
Philip Inglesant, M. Angela Sasse, David Chadwick and Lei Lei Shi. Expressions of Expertness: The Virtuous Circle of Natural Language for Access Control Policy Specification. . Symposium On Usable Privacy and Security (SOUPS). 2008. Conference Webpage
Blake Ives, Kenneth Walsh, and Helmut Schneider, The domino effect of password reuse. Communications of the ACM, 47(4), pp. 75-78, April 2004. ACM Digital Library.

J

Collin Jackson, Dan Simon, Desney Tan and Adam Barth. An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks.In Usable Security (USEC’07). 2007. Conference web page
Uwe Jendricke and Daniela Gerd tom Markotten, Usability Meets Security - The Identity-Manager as Your Personal Security Assistant for the Internet. In Proceedings of the 16th Annual Computer Security Applications Conference, December 2000. Author's web page.
Carlos Jensen and Colin Potts. Privacy Policies as Deicsion-Making Tools: An Evaluation of Online Privacy Notices. In Proceedings of CHI 2004.  
Carlos Jensen, Chandan Sarkar, Christian Jensen and Colin Potts. Tracking Website Data-Collection and Privacy Practices with the iWatch Web Crawler. Symposium On Usable Privacy and Security (SOUPS). 2007. Conference web page
Ian Jermyn, Alain Mayer, Fabian Monrose, Michael K. Reiter and Aviel D. Rubin, The Design and Analysis of Graphical Passwords. Proceedings of the 8th USENIX Security Symposium (Best Paper award), August 23-36, 1999, Washington, DC. Author's web page.
J. Johnston, Jan Harm Petrus Eloff, L. Labuschagne Security and human computer interfaces. Computers & Security, Vol. 22, Issue 8. Pages: 675-684. Elsevier Science B.V. December 2003.
Mike Just, Designing Secure Yet Usable Credential Recovery Systems With Challenge Questions.  CHI 2003 Workshop on Human-Computer Interaction and Security Systems, Ft. Lauderdale, Florida. HCISec mailing list file page and at the workshop web page.

K

Johannes Kaiser, Martin Reichenbach Evaluating security tools towards usable security.Proceedings of the 17th IFIP World Computer Congress (WCC`02). August 2002.  
Apu Kapadia, Tristan Henderson, Jeffrey J. Fielding, and David Kotz, Virtual Walls: Protecting Digital Privacy in Pervasive Environments .In Proceedings of The Fifth International Conference on Pervasive Computing (PERVASIVE '07), pp. 162-179, Toronto, Canada, May 13 - 16, 2007. Author's webpage
Apu Kapadia, Geetanjali Sampemane, and Roy H. Campbell, KNOW Why Your Access Was Denied: Regulating Feedback for Usable Security .In Proceedings of 11th ACM Conference on Computer and Communications Security (CCS 2004), pp. 52-61, Washington DC, October 25-29, 2004 ACM Digital Library
Claire-Marie Karat, Iterative Usability Testing of a Security Application.  Proceedings of the Human Factors Society 33rd Annual Meeting, 1989.  
Kristiina Karvonen and Jarmo Parkkinen, Signs of Trust. Proceedings of the 9th International Conference on HCI, August 5-10, 2001, New Orleans, Louisiana. TeSSA project publications web page.
Kristiina Karvonen, Lucas Cardholm and Stefan Karlsson, Designing Trust for a Universal Audience:  A Multicultural Study on the Formation of Trust in the Internet in the Nordic Countries. Proceedings of the First International Conference on Universal Access in HCI, August 5-10, 2001, New Orleans, Louisiana. TeSSA project publications web page.
Kristiina Karvonon, The Beauty of Simplicity. In Proceedings of the ACM Conference on Universal Usability, November 16-17, 2000, Washington, DC. TeSSA project publications web page.
Kristiina Karvonon and Ursula Holmström, Expressing Trust. Proceedings of NordCHI 2000 (short papers), 23-25 October 2000, Royal Institute of Technology, Stockholm, Sweden. TeSSA project publications web page.
Kristiina Karvonon, Lucas Cardholm and Stefan Karlsson, Cultures of Trust:  A Cross-Cultural Study on the Formation of Trust in an Electronic Environment. Proceedings of NordSec 2000, October 12-13, Reykjavik, Iceland. TeSSA project publications web page.
Kristiina Karvonen, Creating Trust. Proceedings of the fourth Nordic Workshop on Secure IT Systems (Nordsec '99), November 1-2, 1999, Kista, Sweden. TeSSA project publications web page.
Kristiina Karvonen, Enhancing Trust Online. Proceedings of PhDIT '99: Ethics in Information Technology Design, Second International Workshop on Philosophy of Design and Information Technology, 16-17 December 1999, Saint-Ferréol, Toulouse, France. TeSSA project publications web page.
Orin S. Kerr, Searches and Seizures in a Digital World. Telecommunication Policy Research Conference (TPRC 05), George Mason University, Washington, DC, 2005. Conference web page
Balachander Krishnamurthy, Delfina Malandrino and Craig E. Wills. Measuring Privacy Loss and the Impact of Privacy Protection in Web Browsing. Symposium On Usable Privacy and Security (SOUPS). 2007. Conference web page
Manu Kumar, Tal Garfinkel, Dan Boneh and Terry Winograd. Reducing Shoulder-surfing by Using Gaze-based Password Entry. Symposium On Usable Privacy and Security (SOUPS). 2007. Conference web page
Ponnurangam Kumaraguru and Lorrie Cranor, Privacy in India: Attitudes and Awareness. In Proceedings of the 2005 Workshop on Privacy Enhancing Technologies (PET2005), 30 May - 1 June 2005, Dubrovnik, Croatia. Author's web page.
Ponnurangam Kumaraguru, Lorrie Cranor and Elaine Newton Privacy Perceptions in India and the United States: An Interview Study. Telecommunication Policy Research Conference (TPRC 05), George Mason University, Washington, DC, 2005. Author's web page.
Ponnurangam Kumaraguru, Yong Woo Rhee, Alessandro Acquisti, Lorrie Cranor, Jason Hong and Elizabeth Nunge. Protecting People from Phishing: The Design and Evaluation of an Embedded Training Email System. Technical Report CMU-CyLab-06-017, CyLab, Carnegie Mellon University, November 2006. Organization's web page.
Cynthia Kuo, Jesse Walker and Adrian Perrig. Low-cost Manufacturing, Usability, and Security: An Analysis of Bluetooth Simple Pairing and Wi-Fi Protected Setup.In Usable Security (USEC’07). 2007. Conference web site.
Cynthia Kuo, Adrian Perrig and Jesse Walker Designing an evaluation method for security user interfaces: lessons from studying secure wireless network configuration. ACM: Interaction 13, 3 (May. 2006), 28-31. ACM Digital web page.
Cynthia Kuo, Sasha Romanosky, and Lorrie Cranor Human Selection Of Mnemonic Phrase-Based Passwords. In Proceedings of the 2006 Symposium On Usable Privacy and Security, 12-14 July 2006, Pittsburgh, PA. Symposium web page.
Stephen Kent, Security. More Than Screen Deep:  Toward Every-Citizen Interfaces to the Nation's Information Infrastructure, National Academy Press, Washington, DC, 1997. National Academy Press Reading Room.

L

Tessa Lau, Oren Etzioni and Daniel S. Weld, Privacy Interfaces for Information Management.; Communications of the ACM, 42(10), October 1999. Author's web page.
Markku Laukka, Criteria for Privacy Supporting System, Proceedings of the Fifth Nordic Workshop on Secure IT Systems (Nordsec 2000), October 12-13, Reykjavik, Iceland. TeSSA project publications web page
Nancy Leveson. Safeware: System Safety and Computers. Addison Wesley, 1995. Amazon
Eric Lieberman and Robert C. Miller. Facemail: Showing Faces of Recipients to Prevent Misdirected Email. Symposium On Usable Privacy and Security (SOUPS). 2007. Conference web site
Heather Richter Lipford, Andrew Besmer and Jason Watson. Understanding Privacy Settings in Facebook with an Audience View. In Usability, Psychology, and Security. 2008. Conference web site

M

Chris Masone, Kwang-Hyun Baek and Sean Smith WSKE: Web Server Key Enabled Cookies. In Usable Security (USEC’07). 2007. Conference web site
Roy A. Maxion and Robert W. Reeder, Improving user interface dependability through mitigation of human error,International journal of human-computer studies, 2005, volume 63, number 1-2, pages 25-50.  
John McHugh and Carrie Gates, Locality: A New Paradigm for Thinking About Normal Behavior and Outsider Threats, New Security Paradigms Workshop 2003.  
J. Mulligan, A. J. Elbirt. Desktop Security and Usability Trade-Offs: An Evaluation of Password Management Systems, Information Systems Security. Vol. 14, Issue 2. Pages: 10-19. Auerbach Publications. May 2005.  
Robert Morris and Ken Thompson, Password Security: A Case History. Communications of the ACM, 22(11), pp. 594-597, November 1979. ACM Digital Library.

N

Maria Nilsson, Anne Adams, Simon Herd. uilding security and trust in online banking. Proceedings of the Conference on Human Factors in Computing Systems (CHI`05). Pages: 1701-1704. ACM Press. April 2005. ACM Digital Library
Pekka Nikander and Kristiina Karvonen, Users and Trust in Cyberspace. Proceedings of Cambridge Security Protocols Workshop 2000, April 3-5, Cambridge University. TeSSA project publications web page
Yuan Niu, Francis Hsu, and Hao Chen. iPhish: Phishing Vulnerabilities on Consumer Electronics. In Usability, Psychology, and Security. 2008. Conference web page

O

A.A Ozok, and Holden, S.H, Alphanumeric and Graphical Authentication Solutions: A Comparative Evaluation.In Proceedings of HCI International 2005, Las Vegas, NV. July 22-27. CD-ROM.  

P

Leysia Palen and Paul Dourish, Unpacking "Privacy" for a Networked World. In Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI 2003), Ft. Lauderdale, Florida. Author's web page.
Jarmo Parkkinen and Kristiina Karvonen, Group Awareness in Bluetooth. Proceedings of the Third International Workshop on Network Appliances, February 28-March 2, 2001, Singapore. TeSSA project publications web page
Andrew Patrick, Building Trustworthy Software Agents. IEEE Internet Computing, 6(6), 46-53. Author's web page.
Andrew Patrick, Privacy, Trust, Agents & Users:  A Review of Human-Factors Issues Associated With Building Trustworthy Software Agents. Author's web page.
Andrew Patrick, Just-In-Time Click-Through Agreements:  Interface Widgets for Facilitating User Understanding and Confirming Informed, Unambiguous Consent. Author's web page.
Andrew Patrick and Steve Kenny, From Privacy Legislation to Interface Design:  Implementing Information Privacy in Human-Computer Interactions. Privacy Enhancing Technologies Workshop, Dresden, Germany, 26-28 March 2003. Author's web page.
Andrew Patrick, A. Chris Long and Scott Flinn, HCI and Security Systems. CHI 2003 Conference Proceedings: Extended Abstracts (Workshops), April 5-10, Ft. Lauderdale, Florida. Author's web page.
Nathanael Paul, David Evans, Aviel D. Rubin and Dan Wallach, Authentication for Remote Voting. CHI 2003 Workshop on Human-Computer Interaction and Security Systems, Ft. Lauderdale, Florida. Author's web page.
Trevor Perrin, Public Key Distribution through “cryptoIDs”, New Security Paradigms Workshop, 2003.  
Pew Internet Project, Trust & Privacy Online:  Why Americans Want to Rewrite the Rules. August 2000. Pew project web site.

Q

   

R

Ariel Rabkin. Personal knowledge questions for fallback authentication. Symposium On Usable Privacy and Security (SOUPS). 2008. Conference webpage
M. N. Razavi and L. Iverson A framework for privacy support in group information management systems.Group '07 Doctoral Consortium papers. 2007. ACM Digital Library
M. N. Razavi and L. Iverson Designing for Privacy in Personal Learning Spaces.In New Review of Hypermedia and Multimedia, Special Issue on Studying the Users of Digital Education Technologies: Theories, Methods, and Analytical Approaches, Vol. 13, No. 2, pp: 163-185. December 2007. Author's web site
R. W. Reeder, L. Bauer, L.F. Cranor, M.K. Reiter, K. Bacon, K. How, and H. Strong. Expandable Grids for Visualizing and Authoring Computer Security Policies.ACM SIGCHI Conference on Human Factors in Computing Systems (CHI '08). 2008. Lab's web page
Robert W. Reeder, Roy A. Maxion User Interface Dependability through Goal-Error Prevention, International Conference on Dependable Systems & Networks, Yokohama, Japan, 28 June - 01 July 2005 Author's web site
Karen Renaud, A Process for Supporting Risk-Aware Web Authentication Mechanism Choice Reliability Engineering and System Safety, Special Edition. 92 (9), pp. 1204-1217.  
Karen Renaud, Quantifying the Quality of Web Authentication Mechanisms. A Usability Perspective, Journal of Web Engineering. 3(2) 2004 p95-123.  
Karen Renaud, Visuo-Biometric Authentication Mechanism for Older Users, Proc British HCI. September 2005. Edinburgh, Scotland. p167-182.  
Karen Renaud, Antonella De Angeli My password is here! An investigation into Visuo-Spatial Authentication Mechanisms, Interacting with Computers. 16(6):1017-1041. 2004.  
Karen Renaud, Elin Olsen, DynaHand: Observation-Resistant Recognition-Based Web Authentication, IEEE Technology and Society. Special Issue on Usable Security and Privacy. 26(2):22-31 (2007).  
Karen Renaud, J Ramsay, Now what was that password again? A More Flexible Way of Identifying and Authenticating our senior, Behaviour and Information Technology Special Issue: Designing Computer Systems for and with Older Users. To appear.  
Eric Rescorla, Security Holes … Who Cares? In Proceedings of 12th USENIX Security Symposium. Usenix web site.
Jens Riegelsberger, Martina Angela Sasse and John D. McCarthy, Trust at First Sight?  A Test of Users' Ability to Identify Trustworthy e-Commerce Sites. Proceedings of HCI 2003, 8-12 September 2003, Bath, UK.  
Jens Riegelsberger, Martina Angela Sasse and John D. McCarthy, The Researcher's Dilemma:  Evaluating Trust in Computer Mediated Communications.  International Journal of Human Computer Studies, Special Issue on Trust, 2003. Author's web page.
Jens Riegelsberger and Martina Angela Sasse, Designing e-Commerce Applications for Consumer Trust. In O. Petrovic [Ed.], Trust in the Network Economy. Wien, New York: Springer.  
Jens Riegelsberger, Martina Angela Sasse and John D. McCarthy, Shiny Happy Building Trust? Photos on e-Commerce Websites and Consumer Trust. Proceedings of CHI 2003, April 5-10, Ft. Lauderdale, Florida. Author's web page.
Jens Riegelsberger, Interpersonal Cues and Consumer Trust in e-Commerce. CHI 2003 Extended Abstracts, April 5-10, Ft. Lauderdale, Florida. Author's web page.
Jens Riegelsberger, The Effect of Facial Cues on Trust in e-Commerce Systems. Proceedings of HCI 2002, Vol. II, Sept. 2-6, London, UK. GetRealSecurity group publications page.
Jens Riegelsberger, Martina Angela Sasse and J.D. McCarthy, Eye-Catcher or Blind Spot? 2nd IFIP Conference on e-Commerce, e-Business, e-Government (i3e), 7-9 October 2002, Lisbon, Portugal. GetRealSecurity group publications page.
Jens Riegelsberger and Martina Angela Sasse, Face It - Photos Don't Make a Web Site Trustworthy.  CHI 2002 Extended Abstracts, April 20-25, Minneapolis, MN, pp. 742-743. GetRealSecurity group publications page.
Jens Riegelsberger and Martina Angela Sasse, Trustbuilders and trustbusters:  The role of trust cues in interfaces to e-commerce applications.  1st IFIP Conference on e-Commerce, e-Business, e-Government (i3e), 3-5 Oct 2001, Zurich, pp. 17-30. GetRealSecurity group publications page.
Jennifer Rode, Carolina Johansson, Paul DiGioia, Roberto Silva Filho, Kari Nies, David Nguyen, Jie Ren, Paul Dourish, and David Redmiles. Seeing Further: Extending Visualization As A Basis For Usable Security. In Proceedings of the 2006 Symposium On Usable Privacy and Security, 12-14 July 2006, Pittsburgh, PA. Symposium web page
JVolker Roth, Tobias Straub, Kai Richter. Security and usability engineering with particular attention to electronic mail . International Journal of Human-Computer Studies. Vol. 63, Issue 1--2. Pages: 51-73. Elsevier Science B.V. July 2005. Author's web page

S

N. Sadeh, J. Hong, L. Cranor, I. Fette, P. Kelley, M. Prabaker, and J. Rao. Understanding and Capturing People's Privacy Policies in a Mobile Social Networking Application. Journal of Personal and Ubiquitous Computing. Accepted for publication. 2008. Leb's web page
Geentanjali Sampemane, Prasad Naldurg and Roy H. Campbell, Access Control for Access Spaces. In proceedings of 18th Annual Computer Security Applications Conference, December 9 - 13, 2002. ACSAC web site.
Hirokazu Sasamoto, Nicolas Christin, and Eiji Hayashi. Undercover: Authentication Usable in Front of Prying Eyes. In Proceedings of the 2008 ACM Conference on Human Factors in Computing Systems (CHI 2008), pages 183-192. Florence, Italy. April 2008. ACM web page.
Martina Angela Sasse, Computer Security:  Anatomy of a Usability Disaster, and a Plan for Recovery. CHI 2003 Workshop on Human-Computer Interaction and Security Systems, Ft. Lauderdale, Florida. HCISec mailing list file page and at the workshop web page.
Martina Angela Sasse, Sacha Brostoff and Dirk Weirich, Transforming the "weakest link":  a human-computer interaction approach to usable and effective security. BT Technical Journal, Vol. 19(3), July 2001, pp. 122-131. GetRealSecurity group publications page.
Nitesh Saxena, Md. Borhan Uddin and Jonathan Voris. Universal Device Pairing using an Auxiliary Device.Symposium On Usable Privacy and Security (SOUPS). 2008. Conference Webpage
Bruce Schneier, Secrets and Lies:  Digital Security in a Networked World.  (Chapter 17 addresses human factors.)   Wiley & Sons, 2000.  
Eugene E. Schultz, Robert W. Proctor, Mei-Ching Lien, Gavriel Salvendy. Usability and Security - An Appraisal of Usability Issues in Information Security Methods Computers & Security. Vol. 20, Issue 7. Pages: 620-634. Elsevier Science B.V. October 2001.  
Umesh Shankar and Chris Karlof, Doppelganger: Better Browser Privacy Without the Bother. Thirteenth ACM Conference on Computer and Communications Security (CCS 2006). Author's web page.
Hong-Hai Shen and Prasun Dewan, Access Control for Collaborative Environments. Proceedings of CSCW '92. Author's web page.
Steve Sheng, Bryant Magnien, Ponnurangam Kumaraguru, Alessandro Acquisti, Lorrie Faith Cranor, Jason Hong and Elizabeth Nunge, Anti-Phishing Phil: The Design and Evaluation of a Game That Teaches People Not to Fall for Phish. Symposium On Usable Privacy and Security (SOUPS). 2007. Conference web page.
Elizabeth Sillence, Pam Briggs, Lesley Fishwick and Peter Harris, Trust and Mistrust of Online Health Sites. Proceedings of CHI2004.  
David A. Siegel, Bill Reid and Susan M. Dray. IT security: protecting organizations in spite of themselves. ACM: Interaction 13, 3 (May. 2006), 20-27. ACM Digital Library.
D.K. Smetters (PARC, US); Dirk Balfanz (PARC, US); Glenn Durfee (PARC, US); Trevor Smith (PARC, US); KyungHee Lee (Samsung, SK) Instant Matchmaking: Simple, Secure Virtual Extensions to Ubiquitous Computing Environments. Ubicomp, Sept, 2006, Irvine, CA.  
D. K. Smetters and R. E. Grinter, Moving from the Design of Usable Security Technologies to the Design of Useful Secure Applications. New Security Paradigms Workshop, 2002.  
Sean Smith, Effective PKI Requires Effective HCI. CHI 2003 Workshop on Human-Computer Interaction and Security Systems, Ft. Lauderdale, Florida. Dartmouth PKI Lab web page.
Sean Smith, Humans in the Loop: Human-Computer Interaction and Security. IEEE Security and Privacy. Pages: 75-79. IEEE. May 2003. Author's web page.
Eugene Spafford, Observing Reusable Password Choices. In 3rd Usenix UNIX Security Symposium, Usenix Association, pp. 299-312, 14-16, September 1992. CERIAS FTP site
Ryan Stedman, Kayo Yoshida and Ian Goldberg. A User Study of Off-the-Record Messaging. Symposium On Usable Privacy and Security (SOUPS). 2008. Cofnerence webpage
Tobias Straub, Harald Baier. A Framework for Evaluating the Usability and the Utility of PKI-enabled Applications . Proceedings of the European PKI Workshop: Research and Applications (EuroPKI`04). Vol. 3093. Pages: 112-125. Springer-Verlag. June 2004. Paper

T

Furkan Tari, A. Ant Ozok, and Stephen H. Holden. A Comparison Of Perceived And Real Shoulder-Surfing Risks Between Alphanumeric And Graphical Passwords. In Proceedings of the 2006 Symposium On Usable Privacy and Security, 12-14 July 2006, Pittsburgh, PA. Symposium web page
Carl W. Turner. How do consumers form their judgements of the security of e-commerce web sites? CHI 2003 Workshop on Human-Computer Interaction and Security Systems, Ft. Lauderdale, Florida. Author's webpage
Carl W. Turner. Investigating consumers' perceptions of security and privacy of e-commerce web sites. Proceedings of the Usability Professionals Association Conference, 2002. Orlando, FL, USA.
Carl W. Turner. The online experience and consumers' perceptions of e-commerce security. Proceedings of the Human Factors and Ergonomics Society 46th Annual Meeting, 2002, pp. 1246-1250. Baltimore, MD, USA. Author's webpage
Carl W. Turner, Zavod, M., and Yurcik, W. Factors that affect the perception of security and privacy of e-commerce web sites. In B. Gavish (Ed.), Proceedings of the Fourth International Conference on Electronic Commerce Research Vol. 2, 2001, pp. 628-636. Dallas, TX, USA. Author's webpage

U

Ersin Uzun, Kristiina Karvonen and N. Asokan Usability Analysis of Secure Pairing Methods. In Usable Security (USEC’07). 2007. Conference web site

V

Kami Vaniea, Clare-Marie Karat, Joshua B. Gross, John Karat and Carolyn Brodie. Evaluating Assistance of Natural Language Policy Authoring. Symposium On Usable Privacy and Security (SOUPS). 2008. Conference Webpage

W

Dirk Weirich and Martina Angela Sasse, Pretty Good Persuasion: A first step toward effective password security for the Real World. Proceedings of the New Security Paradigms Workshop 2001 (September 10-13, New Mexico), pp. 41-50, ACM Press. GetRealSecurity group publications page
Rodrigo Werlinger, Kirstie Hawkey, Kasia Muldner, Pooya Jaferian and Konstantin Beznosov. The Challenges of Using an Intrusion Detection System: Is It Worth the Effort? Symposium On Usable Privacy and Security (SOUPS). 2008. Conference webpage
Rayan West, West, R. 2006. HCI and security. ACM: Interaction 13, 3 (May. 2006), 18-19. ACM Digital Library
Alma Whitten and J.D. Tygar, Safe Security Staging. CHI 2003 Workshop on Human-Computer Interaction and Security Systems, Ft. Lauderdale, Florida. HCISec mailing list file page and at the workshop web page
Alma Whitten and J.D. Tygar, Why Johnny Can't Encrypt: A Usability Case Study of PGP 5.0. Proceedings of the 8th USENIX Security Symposium, August 1999. Author's web page.
Alma Whitten and J.D. Tygar, Usability of Security:  A Case Study. Technical Report CMU-CS-98-155, Carnegie Mellon University School of Computer Science, December 1998. Author's web page.
Dave Wilson and Mary Ellen Zurko, Lotus Notes and Domino Contribution to the HCI and Security Systems Workshop. CHI 2003 Workshop on Human-Computer Interaction and Security Systems, Ft. Lauderdale, Florida. HCISec mailing list file page.
Gritta Wolf and Andreas Pfitzmann, Empowering Users to Set Their Protection Goals. Multilateral Security in Communications, Volume 3 - Technology, Infrastructure, Economy. Guenter Mueller and Kai Rannenberg [Eds.], Addison Wesley, 1999.  
Avishai Wool . The use and usability of direction-based filtering in firewalls. Computers & Security. Vol. 23, Issue 6. Pages: 459-468. Elsevier Science B.V. September 2004. Author's web page
Wu, M. Fighting Phishing at the User Interface. PhD Thesis proposal, December 2004. Author's group version
Wu, M. , Garfinkel, S., Miller, R., Secure Web Authentication with Mobile Phones. DIMACS Workshop on Usable Privacy and Security Software, July 7 - 8, 2004. DIMACS Center, CoRE Building, Rutgers University, Piscataway, NJ. Conference website
Wu, M. , Robert C. Miller and Simson L. Garfinkel. Do Security Toolbars Actually Prevent Phishing Attacks? In M. Jakobsson and S. Myers, eds, Phishing and Counter-measures: Understanding the increasing problem of electronic identity theft. Wiley, 2006, to appear. Information on the book
Wu, M. , Robert C. Miller and Simson L. Garfinkel. Do Security Toolbars Actually Prevent Phishing Attacks? in submission to Conference on Human Factors in Computing Systems (CHI 2006). Author's group version
Wu, M. , Robert C. Miller and Greg Little. Web Wallet: Preventing Phishing Attacks by Revealing User Intentions In Proceedings of the 2006 Symposium On Usable Privacy and Security, 12-14 July 2006, Pittsburgh, PA. Symposium web page
Thomas Wu, A Real-World Analysis of Kerberos Password Security. Proceedings of the 1999 Network and Distributed System Security Symposium, February 3-5, 1999. NDSS Symposium site.

X

Haidong Xia, Jose Carlos Brustoloni, Hardening Web Browsers Against Man-in-the-Middle and Eavesdropping Attacks . Proceedings of the 14th International World Wide Web Conference (WWW2005), ACM, Chiba, Japan, May 2005, pp. 489-497. Author's web page.

Y

Jeff Yan and Ahmad El Ahmad. Usability of CAPTCHAs Or "usability issues in CAPTCHA design". Symposium On Usable Privacy and Security (SOUPS). 2008. Conference web page.
Jianxin (Jeff) Yan, Alan Blackwell, Ross Anderson, and Alasdair Grant, The Memorability and Security of Passwords — Some Empirical Results. Technical Report No. 500, Computer Laboratory, University of Cambridge, 2000. Author's web page.
Jeff Yan, A Note on Proactive Password Checking. Proceedings of the 2001 ACM New Security Paradigms Workshop, September 2001. Author's web page.
Zishuang (Eileen) Ye and Sean Smith, Trusted Paths for Browsers Proceedings of the 11th USENIX Security Symposium, August 2002. Dartmouth PKI Lab web page.
Ka-Ping Yee, Secure Interaction Design and the Principle of Least Authority. CHI 2003 Workshop on Human-Computer Interaction and Security Systems, Ft. Lauderdale, Florida. Author's web page.
Ka-Ping Yee, User Interaction Design for Secure Systems. In Proceedings of the International Conference on Information and Communications Security, 2002.  
Ka-Ping Yee and Kragen Sitaker. Passpet: Convenient Password Management And Phishing Protection. I In Proceedings of the 2006 Symposium On Usable Privacy and Security, 12-14 July 2006, Pittsburgh, PA. Symposium web page
William Yurcik, James Barlow, Kiran Lakkaraju and Mike Haberman, Two Visual Computer Security Network Monitoring Tools Incorporating Operator Interface Requirements. CHI 2003 Workshop on Human-Computer Interaction and Security Systems, Ft. Lauderdale, Florida. HCISec mailing list file page and workshop web page.

Z

Mary Ellen Zurko and Richard T. Simon, User-Centered Security. New Security Paradigms Workshop, 1996.  
Mary Ellen Zurko, Richard T. Simon, and Tom Sanfilippo, A User-Centered, Modular Authorization Service Built on an RBAC Foundation. Proceedings of IEEE Security and Privacy, 1999.  
Mary Ellen Zurko, Charlie Kaufman, Katherine Spanbauer and Chuck Bassett, Did You Ever Have To Make Up Your Mind? What Notes Users Do When Faced With A Security Decision. Proceedings of 18th Annual Computer Security Applications Conference, December 9 - 13, 2002. ACSAC web site.