Cormac Herley

<!--[if !supportLists]-->Cormac Herley       <!--[endif]-->D. Florencio, C. Herley and P.C. van Oorschot, "An Administrator's Guide to Internet Password Research", Proc. Usenix LISA, 2014

<!--[if !supportLists]-->·       <!--[endif]-->D. Florencio, C. Herley and P.C. van Oorschot, "Password Portfolios and the Finite-Effort User: Sustainably Managing Large Numbers of Accounts", Proc. Usenix Security, 2014

<!--[if !supportLists]-->·        <!--[endif]-->S. Komanduri, R. Shay, L. Cranor, C. Herley and S. Schechter, "Telepathwords: preventing weak passwords by reading users' minds", Proc. Usenix Security 2014

<!--[if !supportLists]-->·       <!--[endif]-->S. Egelman, A. Sotirakopoulos, I. Muslukhov, K. Beznosov and C. Herley, "Does My Password Go up to Eleven? The Impact of Password Meters on Password Selection" Proc. ACM CHI 2013

<!--[if !supportLists]-->·       <!--[endif]-->J. Bonneau, C. Herley, P.C. van Oorschot and F. Stajano, “The quest to replace passwords: a framework for comparative evaluation of web authentication schemes,” IEEE Symposium on Security and Privacy 2012.

<!--[if !supportLists]-->·       <!--[endif]-->D. Florencio and C. Herley, "Where Do Security Policies Come From?" Symp. On Usable Privacy and Security, 2010.

<!--[if !supportLists]-->·       <!--[endif]-->S. Schechter, C. Herley and M. Mitzenmacher, "Popularity is Everything: a new approach to protecting passwords from statistical-guessing attacks," Proc. HotSEC 2010

<!--[if !supportLists]-->·       <!--[endif]-->D. Florencio and C. Herley, "Where Do Security Policies Come From?", SOUPS 2010 [Best paper award at SOUPS]

<!--[if !supportLists]-->·       <!--[endif]-->C. Herley, P.C. van Oorschot and A.S. Patrick, "Passwords: If We're So Smart Why Are We Still Using Them?" Financial Crypto 2009

<!--[if !supportLists]-->·       <!--[endif]-->C. Herley, "So Long, and No Thanks for the Externalities: the Rational Rejection of Security Advice by Users," New Security Paradigms Workshop 2009, Oxford.

<!--[if !supportLists]-->·       <!--[endif]-->D. Florencio and C. Herley, “A Large Scale Study of Web Password Habits,” WWW 2007, Banff.

<!--[if !supportLists]-->·       <!--[endif]-->Bharambe, C. Herley and V. Padmanabhan,“Analyzing and Improving a BitTorrent Network's Performance Mechanisms,” Proc. IEEE InfoCom 2006.

<!--[if !supportLists]-->·       <!--[endif]-->D. Florencio and C. Herley,“KLASSP: Entering Passwords on a Spyware Infected Machine Using a Shared-Secret Proxy,” Proc. ACSAC 2006.

<!--[if !supportLists]-->·       <!--[endif]-->D. Florencio and C. Herley, “Password Rescue: A New Approach to Phishing Prevention,” Usenix HotSEC ’06, Vancouver

<!--[if !supportLists]-->·       <!--[endif]-->C. Herley and D. Florencio, “How to Login from an Internet Cafe Without Worrying about Keyloggers,” Symp. On Usable Privacy and Security ‘06

<!--[if !supportLists]-->·       <!--[endif]-->D. Florencio and C. Herley,“Analysis and Improvement of Anti-Phishing Schemes,” Proc. SEC 2006. 


I work on data analysis and security problems. My interests include machine learning and data-mining for fraud and abuse, authentication, safety and data-driven security. I work mostly on large-scale phenomena. I received the PhD from Columbia University, the MSEE from Georgia Tech and the BE from University College Cork, Ireland.

Not all of my work makes it into papers, but some of my published work explains why Nigerian scammers say they’re from Nigeria, why those scary numbers you hear about billions lost to cybercrime are junk, why you’re right to suspect that most security advice is a waste of time, and why security can seem more religion than science.

Here’s a short profile of me done by MSR. Some media coverage of my work: All Things Considered (NPR), the Boston Globe, the NY TimesWiredArs TechnicatheAtlanticBloomberg TVThe Economist, the Wall St Journal. An OpEd I wrote for the NY Times.

Email: firstname at lastname dot org

Twitter: @cormacherley