Publication statistics

Pub. period:2001-2011
Pub. count:14
Number of co-authors:27



Co-authors

Number of publications with 3 favourite co-authors:

Lorrie Faith Cranor:6
Michael K. Reiter:4
Lujo Bauer:4

 

 

Productive colleagues

Robert W. Reeder's 3 most productive colleagues in number of publications:

Stuart K. Card:75
John Karat:47
Peter Pirolli:46
 
 
 

Upcoming Courses

go to course
UI Design Patterns for Successful Software
Starts the day after tomorrow !
go to course
Affordances: Designing Intuitive User Interfaces
92% booked. Starts in 3 days
 
 

Featured chapter

Marc Hassenzahl explains the fascinating concept of User Experience and Experience Design. Commentaries by Don Norman, Eric Reiss, Mark Blythe, and Whitney Hess

User Experience and Experience Design !

 
 

Our Latest Books

 
 
The Social Design of Technical Systems: Building technologies for communities. 2nd Edition
by Brian Whitworth and Adnan Ahmad
start reading
 
 
 
 
Gamification at Work: Designing Engaging Business Software
by Janaki Mythily Kumar and Mario Herger
start reading
 
 
 
 
The Social Design of Technical Systems: Building technologies for communities
by Brian Whitworth and Adnan Ahmad
start reading
 
 
 
 
The Encyclopedia of Human-Computer Interaction, 2nd Ed.
by Mads Soegaard and Rikke Friis Dam
start reading
 
 

Robert W. Reeder

 

Publications by Robert W. Reeder (bibliography)

 what's this?
2011
 
Edit | Del

Reeder, Robert W., Bauer, Lujo, Cranor, Lorrie F., Reiter, Michael K. and Vaniea, Kami (2011): More than skin deep: measuring effects of the underlying model on access-control system usability. In: Proceedings of ACM CHI 2011 Conference on Human Factors in Computing Systems 2011. pp. 2065-2074. Available online

In access-control systems, policy rules conflict when they prescribe different decisions (allow or deny) for the same access. We present the results of a user study that demonstrates the significant impact of conflict-resolution method on policy-authoring usability. In our study of 54 participants, varying the conflict-resolution method yielded statistically significant differences in accuracy in five of the six tasks we tested, including differences in accuracy

© All rights reserved Reeder et al. and/or their publisher

2010
 
Edit | Del

Lipford, Heather Richter, Watson, Jason, Whitney, Michael, Froiland, Katherine and Reeder, Robert W. (2010): Visual vs. compact: a comparison of privacy policy interfaces. In: Proceedings of ACM CHI 2010 Conference on Human Factors in Computing Systems 2010. pp. 1111-1114. Available online

In this paper, we compare the impact of two different privacy policy representations -- AudienceView and Expandable Grids -- on users modifying privacy policies for a social network site. Despite the very different interfaces, there were very few differences in user performance. However, users had clear, and different, preferences and acknowledged the tradeoffs between the two representations. Our results imply that while either interface would be a usable option for policy settings, a combination may appeal to a wider audience and offer the best of both worlds.

© All rights reserved Lipford et al. and/or their publisher

2009
 
Edit | Del

Bauer, Lujo, Cranor, Lorrie Faith, Reeder, Robert W., Reiter, Michael K. and Vaniea, Kami (2009): Real life challenges in access-control management. In: Proceedings of ACM CHI 2009 Conference on Human Factors in Computing Systems 2009. pp. 899-908. Available online

In this work we ask the question: what are the challenges of managing a physical or file system access-control policy for a large organization? To answer the question, we conducted a series of interviews with thirteen administrators who manage access-control policy for either a file system or a physical space. Based on these interviews we identified three sets of real-world requirements that are either ignored or inadequately addressed by technology: 1) policies are made/implemented by multiple people; 2) policy makers are distinct from policy implementers; and 3) access-control systems don't always have the capability to implement the desired policy. We present our interview results and propose several possible solutions to address the observed issues.

© All rights reserved Bauer et al. and/or ACM Press

 
Edit | Del

Schechter, Stuart, Egelman, Serge and Reeder, Robert W. (2009): It's not what you know, but who you know: a social approach to last-resort authentication. In: Proceedings of ACM CHI 2009 Conference on Human Factors in Computing Systems 2009. pp. 1983-1992. Available online

Backup authentication mechanisms help users who have forgotten their passwords regain access to their accounts-or at least try. Today's systems fall short in meeting both security and reliability requirements. We designed, built, and tested a new backup authentication system that employs a social-authentication mechanism. The system employs trustees previously appointed by the account holder to verify the account holder's identity. We ran three experiments to determine whether the system could (1) reliably authenticate account holders, (2) resist email attacks that target trustees by impersonating account holders, and (3) resist phone-based attacks from individuals close to account holders. Results were encouraging: seventeen of the nineteen participants who made the effort to call trustees authenticated successfully. However, we also found that users must be reminded of who their trustees are. While email-based attacks were largely unsuccessful, stronger countermeasures will be required to counter highly-personalized phone-based attacks.

© All rights reserved Schechter et al. and/or ACM Press

 
Edit | Del

Kelley, Patrick Gage, Bresee, Joanna, Cranor, Lorrie Faith and Reeder, Robert W. (2009): A "nutrition label" for privacy. In: Proceedings of the 2009 Symposium on Usable Privacy and Security 2009. p. 4. Available online

We used an iterative design process to develop a privacy label that presents to consumers the ways organizations collect, use, and share personal information. Many surveys have shown that consumers are concerned about online privacy, yet current mechanisms to present website privacy policies have not been successful. This research addresses the present gap in the communication and understanding of privacy policies, by creating an information design that improves the visual presentation and comprehensibility of privacy policies. Drawing from nutrition, warning, and energy labeling, as well as from the effort towards creating a standardized banking privacy notification, we present our process for constructing and refining a label tuned to privacy. This paper describes our design methodology; findings from two focus groups; and accuracy, timing, and likeability results from a laboratory study with 24 participants. Our study results demonstrate that compared to existing natural language privacy policies, the proposed privacy label allows participants to find information more quickly and accurately, and provides a more enjoyable information seeking experience.

© All rights reserved Kelley et al. and/or ACM Press

 
Edit | Del

Schechter, Stuart and Reeder, Robert W. (2009): 1 + 1 = you: measuring the comprehensibility of metaphors for configuring backup authentication. In: Proceedings of the 2009 Symposium on Usable Privacy and Security 2009. p. 9. Available online

Backup authentication systems verify the identity of users who are unable to perform primary authentication usually as a result of forgetting passwords. The two most common authentication mechanisms used for backup authentication by webmail services, personal authentication questions and email-based authentication, are insufficient. Many webmail users cannot benefit from email-based authentication because their webmail account is their primary email account. Personal authentication questions are frequently forgotten and prone to security failures, as illustrated by the increased scrutiny they received following their implication in the compromise of Republican vice presidential candidate Sarah Palin's Yahoo! account. One way to address the limitations of existing backup authentication mechanisms is to add new ones. Since no mechanism is completely secure, system designers must support configurations that require multiple authentication tasks be completed to authenticate. Can users comprehend such a rich set of new options? We designed two metaphors to help users comprehend which combinations of authentication tasks would be sufficient to authenticate. We performed a usability study to measure users' comprehension of these metaphors. We find that the vast majority of users comprehend screenshots that represent authentication as an exam, in which points are awarded for the completion of individual authentication tasks and authentication succeeds when an authenticatee has accumulated enough points to achieve a passing score.

© All rights reserved Schechter and Reeder and/or ACM Press

 
Edit | Del

Schechter, Stuart, Egelman, Serge and Reeder, Robert W. (2009): It's not what you know, but who you know: a social approach to last-resort authentication. In: Proceedings of the 2009 Symposium on Usable Privacy and Security 2009. p. 41. Available online

 
Edit | Del

Reeder, Robert W., Kelley, Patrick Gage, McDonald, Aleecia M. and Cranor, Lorrie Faith (2009): A user study of the expandable grid applied to P3P privacy policy visualization. In: Proceedings of the 2009 Symposium on Usable Privacy and Security 2009. p. 42. Available online

 
Edit | Del

McDonald, Aleecia M., Reeder, Robert W., Kelley, Patrick Gage and Cranor, Lorrie Faith (2009): A comparative study of online privacy policies and formats. In: Proceedings of the 2009 Symposium on Usable Privacy and Security 2009. p. 46. Available online

2008
 
Edit | Del

Bauer, Lujo, Cranor, Lorrie Faith, Reeder, Robert W., Reiter, Michael K. and Vaniea, Kami (2008): A user study of policy creation in a flexible access-control system. In: Proceedings of ACM CHI 2008 Conference on Human Factors in Computing Systems April 5-10, 2008. pp. 543-552. Available online

Significant effort has been invested in developing expressive and flexible access-control languages and systems. However, little has been done to evaluate these systems in practical situations with real users, and few attempts have been made to discover and analyze the access-control policies that users actually want to implement. We report on a user study in which we derive the ideal access policies desired by a group of users for physical security in an office environment. We compare these ideal policies to the policies the users actually implemented with keys and with a smartphone-based distributed access-control system. We develop a methodology that allows us to show quantitatively that the smartphone system allowed our users to implement their ideal policies more accurately and securely than they could with keys, and we describe where each system fell short.

© All rights reserved Bauer et al. and/or ACM Press

 
Edit | Del

Reeder, Robert W., Bauer, Lujo, Cranor, Lorrie Faith, Reiter, Michael K., Bacon, Kelli, How, Keisha and Strong, Heather (2008): Expandable grids for visualizing and authoring computer security policies. In: Proceedings of ACM CHI 2008 Conference on Human Factors in Computing Systems April 5-10, 2008. pp. 1473-1482. Available online

We introduce the Expandable Grid, a novel interaction technique for creating, editing, and viewing many types of security policies. Security policies, such as file permissions policies, have traditionally been displayed and edited in user interfaces based on a list of rules, each of which can only be viewed or edited in isolation. These list-of-rules interfaces cause problems for users when multiple rules interact, because the interfaces have no means of conveying the interactions amongst rules to users. Instead, users are left to figure out these rule interactions themselves. An Expandable Grid is an interactive matrix visualization designed to address the problems that list-of-rules interfaces have in conveying policies to users. This paper describes the Expandable Grid concept, shows a system using an Expandable Grid for setting file permissions in the Microsoft Windows XP operating system, and gives results of a user study involving 36 participants in which the Expandable Grid approach vastly outperformed the native Windows XP file-permissions interface on a broad range of policy-authoring tasks.

© All rights reserved Reeder et al. and/or ACM Press

2007
 
Edit | Del

Reeder, Robert W., Karat, Clare-Marie, Karat, John and Brodie, Carolyn (2007): Usability Challenges in Security and Privacy Policy-Authoring Interfaces. In: Baranauskas, Maria Ceclia Calani, Palanque, Philippe A., Abascal, Julio and Barbosa, Simone Diniz Junqueira (eds.) DEGAS 2007 - Proceedings of the 1st International Workshop on Design and Evaluation of e-Government Applications and Services September 11th, 2007, Rio de Janeiro, Brazil. pp. 141-155. Available online

2005
 
Edit | Del

Maxion, Roy A. and Reeder, Robert W. (2005): Improving user-interface dependability through mitigation of human error. In International Journal of Human-Computer Studies, 63 (1) pp. 25-50. Available online

Security may be compromised when humans make mistakes at the user interface. Cleartext is mistakenly sent to correspondents, sensitive files are left unprotected, and erroneously configured systems are left vulnerable to attackers. Such mistakes may be blamed on human error, but the regularity of human error suggests that mistakes may be preventable through better interface design. Certain user-interface constructs drive users toward error, while others facilitate success. Two security-sensitive user interfaces were evaluated in a laboratory user study: the Windows XP file-permissions interface and an alternative interface, called Salmon, designed in accordance with an error-avoiding principle to counteract the misleading constructs in the XP interface. The alternative interface was found to be more dependable; it

© All rights reserved Maxion and Reeder and/or Academic Press

2001
 
Edit | Del

Card, Stuart K., Pirolli, Peter, Wege, Mija M. Van Der, Morrison, Julie B., Reeder, Robert W., Schraedley, Pamela and Boshart, Jenea (2001): Information Scent as a Driver of Web Behavior Graphs: Results of a Protocol Analysis Method for Web Usability. In: Beaudouin-Lafon, Michel and Jacob, Robert J. K. (eds.) Proceedings of the ACM CHI 2001 Human Factors in Computing Systems Conference March 31 - April 5, 2001, Seattle, Washington, USA. pp. 498-505. Available online

The purpose of this paper is to introduce a replicable WWW protocol analysis methodology illustrated by application to data collected in the laboratory. The methodology uses instrumentation to obtain detailed recordings of user actions with a browser, caches Web pages encountered, and videotapes talk-aloud protocols. We apply the current form of the method to the analysis of eight Web protocols, visualizing the structure of the interaction and showing the strong effect of information scent in determining the path followed.

© All rights reserved Card et al. and/or ACM Press

 
Add publication
Show list on your website
 
 

Join our community and advance:

Your
Skills

Your
Network

Your
Career

 
Join our community!
 
 
 

Page Information

Page maintainer: The Editorial Team
URL: http://www.interaction-design.org/references/authors/robert_w__reeder.html