Number of co-authors:7
Number of publications with 3 favourite co-authors:Serge Egelman:3Robert W. Reeder:3A. J. Bernheim Brush:3
Stuart Schechter's 3 most productive colleagues in number of publications:A. J. Bernheim Bru..:40Robert W. Reeder:14Serge Egelman:13
A designer knows he has achieved perfection not when there is nothing left to add, but when there is nothing left to take away.
-- Antoine De Saint-Exupery
Read the fascinating history of Wearable Computing, told by its father, Steve Mann
Read Steve's chapter !
Our Latest Books
Kumar and Herger 2013: Gamification at Work: Designing Engaging Business Software...
by Janaki Mythily Kumar and Mario Herger
Whitworth and Ahmad 2013: The Social Design of Technical Systems: Building technologies for communities...
by Brian Whitworth and Adnan Ahmad
Soegaard and Dam 2013: The Encyclopedia of Human-Computer Interaction, 2nd Ed....
by Mads Soegaard and Rikke Friis Dam
Publications by Stuart Schechter (bibliography)
Hayashi, Eiji, Riva, Oriana, Strauss, Karin, Brush, A. J. Bernheim and Schechter, Stuart (2012): Goldilocks and the two mobile devices: going beyond all-or-nothing access to a device's applications. In: Proceedings of the 2012 Symposium on Usable Privacy and Security 2012. p. 2.
Most mobile phones and tablets support only two access control device states: locked and unlocked. We investigated how well all or-nothing device access control meets the need of users by interviewing 20 participants who had both a smartphone and tablet. We find all-or-nothing device access control to be a remarkably poor fit with users' preferences. On both phones and tablets, participants wanted roughly half their applications to be available even when their device was locked and half protected by authentication. We also solicited participants' interest in new access control mechanisms designed specifically to facilitate device sharing. Fourteen participants out of 20 preferred these controls to existing security locks alone. Finally, we gauged participants' interest in using face and voice biometrics to authenticate to their mobile phone and tablets; participants were surprisingly receptive to biometrics, given that they were also aware of security and reliability limitations.
© All rights reserved Hayashi et al. and/or their publisher
Karlson, Amy K., Brush, A. J. Bernheim and Schechter, Stuart (2009): Can i borrow your phone?: understanding concerns when sharing mobile phones. In: Proceedings of ACM CHI 2009 Conference on Human Factors in Computing Systems 2009. pp. 1647-1650.
Mobile phones are becoming increasingly personalized in terms of the data they store and the types of services they provide. At the same time, field studies have reported that there are a variety of situations in which it is natural for people to share their phones with others. However, most mobile phones support a binary security model that offers all-or-nothing access to the phone. We interviewed 12 smartphone users to explore how security and data privacy concerns affected their willingness to share their mobile phones. The diversity of guest user categorizations and associated security constraints expressed by the participants suggests the need for a security model richer than today's binary model.
© All rights reserved Karlson et al. and/or ACM Press
Schechter, Stuart, Egelman, Serge and Reeder, Robert W. (2009): It's not what you know, but who you know: a social approach to last-resort authentication. In: Proceedings of ACM CHI 2009 Conference on Human Factors in Computing Systems 2009. pp. 1983-1992.
Backup authentication mechanisms help users who have forgotten their passwords regain access to their accounts-or at least try. Today's systems fall short in meeting both security and reliability requirements. We designed, built, and tested a new backup authentication system that employs a social-authentication mechanism. The system employs trustees previously appointed by the account holder to verify the account holder's identity. We ran three experiments to determine whether the system could (1) reliably authenticate account holders, (2) resist email attacks that target trustees by impersonating account holders, and (3) resist phone-based attacks from individuals close to account holders. Results were encouraging: seventeen of the nineteen participants who made the effort to call trustees authenticated successfully. However, we also found that users must be reminded of who their trustees are. While email-based attacks were largely unsuccessful, stronger countermeasures will be required to counter highly-personalized phone-based attacks.
© All rights reserved Schechter et al. and/or ACM Press
Schechter, Stuart and Reeder, Robert W. (2009): 1 + 1 = you: measuring the comprehensibility of metaphors for configuring backup authentication. In: Proceedings of the 2009 Symposium on Usable Privacy and Security 2009. p. 9.
Backup authentication systems verify the identity of users who are unable to perform primary authentication usually as a result of forgetting passwords. The two most common authentication mechanisms used for backup authentication by webmail services, personal authentication questions and email-based authentication, are insufficient. Many webmail users cannot benefit from email-based authentication because their webmail account is their primary email account. Personal authentication questions are frequently forgotten and prone to security failures, as illustrated by the increased scrutiny they received following their implication in the compromise of Republican vice presidential candidate Sarah Palin's Yahoo! account. One way to address the limitations of existing backup authentication mechanisms is to add new ones. Since no mechanism is completely secure, system designers must support configurations that require multiple authentication tasks be completed to authenticate. Can users comprehend such a rich set of new options? We designed two metaphors to help users comprehend which combinations of authentication tasks would be sufficient to authenticate. We performed a usability study to measure users' comprehension of these metaphors. We find that the vast majority of users comprehend screenshots that represent authentication as an exam, in which points are awarded for the completion of individual authentication tasks and authentication succeeds when an authenticatee has accumulated enough points to achieve a passing score.
© All rights reserved Schechter and Reeder and/or ACM Press
Schechter, Stuart, Brush, A. J. Bernheim and Egelman, Serge (2009): It's no secret: measuring the security and reliability of authentication via 'secret' questions. In: Proceedings of the 2009 Symposium on Usable Privacy and Security 2009. p. 40.
Schechter, Stuart, Egelman, Serge and Reeder, Robert W. (2009): It's not what you know, but who you know: a social approach to last-resort authentication. In: Proceedings of the 2009 Symposium on Usable Privacy and Security 2009. p. 41.
Show list on your website
Join the design elite and advance:
Changes to this page (author)23 Nov 2012: Modified08 Sep 2009: Modified
08 Sep 2009: Modified
08 Sep 2009: Modified
09 May 2009: Added
09 May 2009: Modified
Page maintainer: The Editorial Team