About Contact Help us

Join us ! Publish !

Interaction Design Foundation

Free educational materials - made by the world's technology elite

About sponsorships

References

Saranga Komanduri

iPad and tablet version

Publication statistics

Pub. period:2008-2012
Pub. count:5
Number of co-authors:14

Co-authors

Number of publications with 3 favourite co-authors:

Lorrie Faith Cranor:4
Lujo Bauer:3
Michelle L. Mazurek:3

Productive colleagues

Saranga Komanduri's 3 most productive colleagues in number of publications:

Lorrie Faith Crano..:44
Yang Wang:14
Serge Egelman:13

Calendar

May 27

13th Intl. Conf. on New Interfaces for Musical Expression

May 28

Graphics Interface 2013

May 29

Intl. Workshop on Design and Spontaneity in Computer-Supported Collaborative Learning (DS-CSCL 2013)

May 22

“ User error: replace user and press any key to continue. ”

-- Popular computer one-liner

Share this quote on...
Get more quotes via RSS or by joining our Usability Quote of the Day Facebook Page

Featured chapter

Read the fascinating history of Wearable Computing, told by its father, Steve Mann

Read Steve's chapter !

Help us help you!

Spread the word:
Donate
Other ways to help

Saranga Komanduri

Add description

← Button will not work: You have not enabled Javascript. How do I enable it?

Rename / change spelling

Add publication

← Button will not work: You have not enabled Javascript. How do I enable it?

Publications by Saranga Komanduri (bibliography)

2012

Edit | Del

Shay, Richard, Kelley, Patrick Gage, Komanduri, Saranga, Mazurek, Michelle L., Ur, Blase, Vidas, Timothy, Bauer, Lujo, Christin, Nicolas and Cranor, Lorrie Faith (2012): Correct horse battery staple: exploring the usability of system-assigned passphrases. In: Proceedings of the 2012 Symposium on Usable Privacy and Security 2012. p. 7.

“Users tend to create passwords that are easy to guess, while system-assigned passwords tend to be hard to remember. Passphrases, space-delimited sets of natural language words, have been suggested as both secure and usable for decades. In a 1,476-participant online study, we explored the usability of 3- and 4-word system-assigned passphrases in comparison to system-assigned passwords composed of 5 to 6 random characters, and 8-character system-assigned pronounceable passwords. Contrary to expectations, system-assigned passphrases performed similarly to system-assigned passwords of similar entropy across the usability metrics we examined. Passphrases and passwords were forgotten at similar rates, led to similar levels of user difficulty and annoyance, and were both written down by a majority of participants. However, passphrases took significantly longer for participants to enter, and appear to require error-correction to counteract entry mistakes. Passphrase usability did not seem to increase when we shrunk the dictionary from which words were chosen, reduced the number of words in a passphrase, or allowed users to change the order of words.”

2011

Edit | Del

Komanduri, Saranga, Shay, Richard, Kelley, Patrick Gage, Mazurek, Michelle L., Bauer, Lujo, Christin, Nicolas, Cranor, Lorrie Faith and Egelman, Serge (2011): Of passwords and people: measuring the effect of password-composition policies. In: Proceedings of ACM CHI 2011 Conference on Human Factors in Computing Systems 2011. pp. 2595-2604.

“Text-based passwords are the most common mechanism for authenticating humans to computer systems. To prevent users from picking passwords that are too easy for an adversary to guess, system administrators adopt password-composition policies (e.g., requiring passwords to contain symbols and numbers). Unfortunately, little is known about the relationship between password-composition policies and the strength of the resulting passwords, or about the behavior of users (e.g., writing down passwords) in response to different policies. We present a large-scale study that investigates password strength, user behavior, and user sentiment across four password-composition policies. We characterize the predictability of passwords by calculating their entropy, and find that a number of commonly held beliefs about password composition and strength are inaccurate. We correlate our results with user behavior and sentiment to produce several recommendations for password-composition policies that result in strong passwords without unduly burdening users.”

Edit | Del

Wang, Yang, Norcie, Gregory, Komanduri, Saranga, Acquisti, Alessandro, Leon, Pedro Giovanni and Cranor, Lorrie Faith (2011): "I regretted the minute I pressed share": a qualitative study of regrets on Facebook. In: Proceedings of the 2011 Symposium on Usable Privacy and Security 2011. p. 10.

“We investigate regrets associated with users' posts on a popular social networking site. Our findings are based on a series of interviews, user diaries, and online surveys involving 569 American Facebook users. Their regrets revolved around sensitive topics, content with strong sentiment, lies, and secrets. Our research reveals several possible causes of why users make posts that they later regret: (1) they want to be perceived in favorable ways, (2) they do not think about their reason for posting or the consequences of their posts, (3) they misjudge the culture and norms within their social circles, (4) they are in a "hot" state of high emotion when posting, or under the influence of drugs or alcohol, (5) their postings are seen by an unintended audience, (6) they do not foresee how their posts could be perceived by people within their intended audience, and (7) they misunderstand or misuse the Facebook platform. Some reported incidents had serious repercussions, such as breaking up relationships or job losses. We discuss methodological considerations in studying negative experiences associated with social networking posts, as well as ways of helping users of social networking sites avoid such regrets.”

2010

Edit | Del

Shay, Richard, Komanduri, Saranga, Kelley, Patrick Gage, Leon, Pedro Giovanni, Mazurek, Michelle L., Bauer, Lujo, Christin, Nicolas and Cranor, Lorrie Faith (2010): Encountering stronger password requirements: user attitudes and behaviors. In: Proceedings of the 2010 Symposium on Usable Privacy and Security 2010. p. 2.

“Text-based passwords are still the most commonly used authentication mechanism in information systems. We took advantage of a unique opportunity presented by a significant change in the Carnegie Mellon University (CMU) computing services password policy that required users to change their passwords. Through our survey of 470 CMU computer users, we collected data about behaviors and practices related to the use and creation of passwords. We also captured users' opinions about the new, stronger policy requirements. Our analysis shows that, although most of the users were annoyed by the need to create a complex password, they believe that they are now more secure. Furthermore, we perform an entropy analysis and discuss how our findings relate to NIST recommendations for creating a password policy. We also examine how users answer specific questions related to their passwords. Our results can be helpful in designing better password policies that consider not only technical aspects of specific policy rules, but also users' behavior in response to those rules.”

2008

Edit | Del

Komanduri, Saranga and Hutchings, Dugald R. (2008): Order and Entropy in Picture Passwords. In: Proceedings of the 2008 Conference on Graphics Interface May 28-30, 2008, Windsor, Ontario, Canada. pp. 115-122.

“Previous efforts involving picture-based passwords have not focused on maintaining a measurably high level of entropy. Since password systems usually allow user selection of passwords, their true entropy remains unknown. A 23-participant study was performed in which picture and character-based passwords of equal strength were randomly assigned. Memorability was tested with up to one week between sessions. The study found that both character and picture passwords of very high entropy were easily forgotten. However, when password inputs were analyzed to determine the source of input errors, serial ordering was found to be the main cause of failure. This supports a hypothesis stating that picture-password systems which do not require ordered input may produce memorable, high-entropy passwords. Input analysis produced another interesting result, that incorrect inputs by users are often duplicated. This reduces the number of distinct guesses users can make when authentication systems lock out users after a number of failed logins. A protocol for ignoring duplicate inputs is presented here. A shoulder-surfing resistant input method was also evaluated, with six out of 15 users performing an insecure behavior.”

Add publication