Publication statistics

Pub. period:2008-2012
Pub. count:7
Number of co-authors:10


Number of publications with 3 favourite co-authors:

Oriana Riva:
Karin Strauss:
A. J. Bernheim Brush:



Productive colleagues

Eiji Hayashi's 3 most productive colleagues in number of publications:

A. J. Bernheim Bru..:40
Jason Hong:20
Nicolas Christin:9

Upcoming Courses

go to course
Psychology of Interaction Design: The Ultimate Guide
Starts tomorrow LAST CALL!
go to course
User-Centred Design - Module 3
90% booked. Starts in 5 days

Featured chapter

Marc Hassenzahl explains the fascinating concept of User Experience and Experience Design. Commentaries by Don Norman, Eric Reiss, Mark Blythe, and Whitney Hess

User Experience and Experience Design !


Our Latest Books

The Social Design of Technical Systems: Building technologies for communities. 2nd Edition
by Brian Whitworth and Adnan Ahmad
start reading
Gamification at Work: Designing Engaging Business Software
by Janaki Mythily Kumar and Mario Herger
start reading
The Social Design of Technical Systems: Building technologies for communities
by Brian Whitworth and Adnan Ahmad
start reading
The Encyclopedia of Human-Computer Interaction, 2nd Ed.
by Mads Soegaard and Rikke Friis Dam
start reading

Eiji Hayashi


Publications by Eiji Hayashi (bibliography)

 what's this?
Edit | Del

Hayashi, Eiji, Riva, Oriana, Strauss, Karin, Brush, A. J. Bernheim and Schechter, Stuart (2012): Goldilocks and the two mobile devices: going beyond all-or-nothing access to a device's applications. In: Proceedings of the 2012 Symposium on Usable Privacy and Security 2012. p. 2.

Most mobile phones and tablets support only two access control device states: locked and unlocked. We investigated how well all or-nothing device access control meets the need of users by interviewing 20 participants who had both a smartphone and tablet. We find all-or-nothing device access control to be a remarkably poor fit with users' preferences. On both phones and tablets, participants wanted roughly half their applications to be available even when their device was locked and half protected by authentication. We also solicited participants' interest in new access control mechanisms designed specifically to facilitate device sharing. Fourteen participants out of 20 preferred these controls to existing security locks alone. Finally, we gauged participants' interest in using face and voice biometrics to authenticate to their mobile phone and tablets; participants were surprisingly receptive to biometrics, given that they were also aware of security and reliability limitations.

© All rights reserved Hayashi et al. and/or their publisher

Edit | Del

Hayashi, Eiji, Hong, Jason and Christin, Nicolas (2011): Security through a different kind of obscurity: evaluating distortion in graphical authentication schemes. In: Proceedings of ACM CHI 2011 Conference on Human Factors in Computing Systems 2011. pp. 2055-2064.

While a large body of research on image-based authentication has focused on memorability, comparatively less attention has been paid to the new security challenges these schemes may introduce. Because images can convey more information than text, image-based authentication may be more vulnerable to educated guess attacks than passwords. In this paper, we evaluate the resilience of a recognition-based graphical authentication scheme using distorted images against two types of educated guess attacks through two user studies. The first study, consisting of 30 participants, investigates whether distortion prevents educated guess attacks primarily based on information about individual users. The second study, using Amazon Mechanical Turk, investigates whether distortion mitigates the risk of educated guess attacks based on collective information about users. Our results show that authentication images without distortion are vulnerable to educated guess attacks, especially when information about the target is known, and that distortion makes authentication images more resilient against educated guess attacks.

© All rights reserved Hayashi et al. and/or their publisher

Edit | Del

Hayashi, Eiji and Hong, Jason (2011): A diary study of password usage in daily life. In: Proceedings of ACM CHI 2011 Conference on Human Factors in Computing Systems 2011. pp. 2627-2630.

While past work has examined password usage on a specific computer, web site, or organization, there is little work examining overall password usage in daily life. Through a diary study, we examine all usage of passwords, and offer some new findings based on quantitative analyses regarding how often people log in, where they log in, and how frequently people use foreign computers. Our analysis also confirms or updates existing statistics about password usage patterns. We also discuss some implications for design as well as security education.

© All rights reserved Hayashi and Hong and/or their publisher

Edit | Del

Hayashi, Eiji, Hong, Jason and Christin, Nicolas (2009): Educated guess on graphical authentication schemes: vulnerabilities and countermeasures. In: Proceedings of the 2009 Symposium on Usable Privacy and Security 2009. p. 25.

Edit | Del

Hasegawa, Madoka, Christin, Nicolas and Hayashi, Eiji (2009): New directions in multisensory authentication. In: Proceedings of the 2009 Symposium on Usable Privacy and Security 2009. p. 44.

Edit | Del

Sasamoto, Hirokazu, Christin, Nicolas and Hayashi, Eiji (2008): Undercover: authentication usable in front of prying eyes. In: Proceedings of ACM CHI 2008 Conference on Human Factors in Computing Systems April 5-10, 2008. pp. 183-192.

A number of recent scams and security attacks (phishing, spyware, fake terminals, ...) hinge on a crook's ability to observe user behavior. In this paper, we describe the design, implementation, and evaluation of a novel class of user authentication systems that are resilient to observation attacks. Our proposal is the first to rely on the human ability to simultaneously process multiple sensory inputs to authenticate, and is resilient to most observation attacks. We build a prototype based on user feedback gained through low fidelity tests. We conduct a within-subjects usability study of the prototype with 38 participants, which we complement with a security analysis. Our results show that users can authenticate within times comparable to that of graphical password schemes, with relatively low error rates, while being considerably better protected against observation attacks. Our design and evaluation process allows us to outline design principles for observation-resilient authentication systems.

© All rights reserved Sasamoto et al. and/or ACM Press

Edit | Del

Hayashi, Eiji, Dhamija, Rachna, Christin, Nicolas and Perrig, Adrian (2008): Use Your Illusion: secure authentication usable anywhere. In: Proceedings of the 2008 Symposium on Usable Privacy and Security 2008. pp. 35-45.

In this paper, we propose and evaluate Use Your Illusion, a novel mechanism for user authentication that is secure and usable regardless of the size of the device on which it is used. Our system relies on the human ability to recognize a degraded version of a previously seen image. We illustrate how distorted images can be used to maintain the usability of graphical password schemes while making them more resilient to social engineering or observation attacks. Because it is difficult to mentally "revert" a degraded image, without knowledge of the original image, our scheme provides a strong line of defense against impostor access, while preserving the desirable memorability properties of graphical password schemes. Using low-fidelity tests to aid in the design, we implement prototypes of Use Your Illusion as i) an Ajax-based web service and ii) on Nokia N70 cellular phones. We conduct a between-subjects usability study of the cellular phone prototype with a total of 99 participants in two experiments. We demonstrate that, regardless of their age or gender, users are very skilled at recognizing degraded versions of self-chosen images, even on small displays and after time periods of one month. Our results indicate that graphical passwords with distorted images can achieve equivalent error rates to those using traditional images, but only when the original image is known.

© All rights reserved Hayashi et al. and/or ACM Press

Add publication
Show list on your website

Join our community and advance:




Join our community!

Page Information

Page maintainer: The Editorial Team