Cormac Herley
<!--[if !supportLists]-->Cormac HerleyV· <!--[endif]-->D. Florencio, C. Herley and P.C. van Oorschot, "An Administrator's Guide to Internet Password Research", Proc. Usenix LISA, 2014
<!--[if !supportLists]-->· <!--[endif]-->D. Florencio, C. Herley and P.C. van Oorschot, "Password Portfolios and the Finite-Effort User: Sustainably Managing Large Numbers of Accounts", Proc. Usenix Security, 2014
<!--[if !supportLists]-->· <!--[endif]-->S. Komanduri, R. Shay, L. Cranor, C. Herley and S. Schechter, "Telepathwords: preventing weak passwords by reading users' minds", Proc. Usenix Security 2014
<!--[if !supportLists]-->· <!--[endif]-->S. Egelman, A. Sotirakopoulos, I. Muslukhov, K. Beznosov and C. Herley, "Does My Password Go up to Eleven? The Impact of Password Meters on Password Selection" Proc. ACM CHI 2013
<!--[if !supportLists]-->· <!--[endif]-->J. Bonneau, C. Herley, P.C. van Oorschot and F. Stajano, “The quest to replace passwords: a framework for comparative evaluation of web authentication schemes,” IEEE Symposium on Security and Privacy 2012.
<!--[if !supportLists]-->· <!--[endif]-->D. Florencio and C. Herley, "Where Do Security Policies Come From?" Symp. On Usable Privacy and Security, 2010.
<!--[if !supportLists]-->· <!--[endif]-->S. Schechter, C. Herley and M. Mitzenmacher, "Popularity is Everything: a new approach to protecting passwords from statistical-guessing attacks," Proc. HotSEC 2010
<!--[if !supportLists]-->· <!--[endif]-->D. Florencio and C. Herley, "Where Do Security Policies Come From?", SOUPS 2010 [Best paper award at SOUPS]
<!--[if !supportLists]-->· <!--[endif]-->C. Herley, P.C. van Oorschot and A.S. Patrick, "Passwords: If We're So Smart Why Are We Still Using Them?" Financial Crypto 2009
<!--[if !supportLists]-->· <!--[endif]-->C. Herley, "So Long, and No Thanks for the Externalities: the Rational Rejection of Security Advice by Users," New Security Paradigms Workshop 2009, Oxford.
<!--[if !supportLists]-->· <!--[endif]-->D. Florencio and C. Herley, “A Large Scale Study of Web Password Habits,” WWW 2007, Banff.
<!--[if !supportLists]-->· <!--[endif]-->Bharambe, C. Herley and V. Padmanabhan,“Analyzing and Improving a BitTorrent Network's Performance Mechanisms,” Proc. IEEE InfoCom 2006.
<!--[if !supportLists]-->· <!--[endif]-->D. Florencio and C. Herley,“KLASSP: Entering Passwords on a Spyware Infected Machine Using a Shared-Secret Proxy,” Proc. ACSAC 2006.
<!--[if !supportLists]-->· <!--[endif]-->D. Florencio and C. Herley, “Password Rescue: A New Approach to Phishing Prevention,” Usenix HotSEC ’06, Vancouver
<!--[if !supportLists]-->· <!--[endif]-->C. Herley and D. Florencio, “How to Login from an Internet Cafe Without Worrying about Keyloggers,” Symp. On Usable Privacy and Security ‘06
<!--[if !supportLists]-->· <!--[endif]-->D. Florencio and C. Herley,“Analysis and Improvement of Anti-Phishing Schemes,” Proc. SEC 2006.
Can We Count on LLMs: The Fixed-effect Fallacy and GPT-4 Performance
Approximating Naive Bayes on Unlabelled Categorical Data (Trans. ML Research 2023)
Automated Detection of Automated Traffic (Usenix Security 2022)
A Large-Scale Study of Cybercrime Against Individuals (CHI 2022)
Don't feel guilty about your online security habits (Scientific American, 2020)
StopGuessing: Using Guessed Passwords to Thwart Online Guessing (IEEE Euro S&P 2019)
Distinguishing Attacks from Legitimate Authentication Traffic at Scale (NDSS 2019)
The Binomial Ladder Frequency Filter and its Application to Shared Secrets (preprint)
Response to "On the Science of Security" (IEEE S&P mag 2018)
Science of Security: Combining Theory and Measurement to reflect the Observable (IEEE S&P mag 2018)
Justifying Security Measures -- a Position Paper (Esorics 2017)
SoK: Science, Security and the Elusive Goal of Security as a Scientific Pursuit (IEEE S&P Oakland 2017)
Unfalsifiability of Security Claims (PNAS 2016)
Pushing on string: adventures in the don't care region of password strength (CACM 2016)
FUD: a plea for intolerance (CACM 2015)
Measurement and Analysis of Traffic Exchange Services (ACM IMC 2015)
Passwords and the evolution of imperfect authentication (CACM 2015)
An Administrator's Guide to Internet Password Research (Usenix LISA 2014)
Password Portfolios and the Finite-Effort User: Sustainably Managing Large Numbers of Accounts (Usenix Security 2014)
Telepathwords: preventing weak passwords by reading users' minds (Usenix Security 2014)
Does My Password Go up to Eleven? The Impact of Password Meters on Password Selection (CHI 2013)
Small World: Collisions among attackers in a finite population (WEIS 2013)
When does targeting make sense for an attacker? (IEEE S&P mag 2013)
Detecting Malicious Landing Pages in Malware Distribution Networks (IEEE DSN 2013)
Is Everything We Know About Password Stealing Wrong? (IEEE S&P mag 2012)
A Research Agenda Acknowledging the Persistence of Passwords (IEEE S&P mag 2012)
The quest to replace passwords: a framework for comparative evaluation of web authentication schemes (IEEE S&P Oakland 2012)
Why do Nigerian Scammers say they are from Nigeria? (WEIS 2012)
Where Do All the Attacks Go? (WEIS 2011)
Sex, Lies and Cyber-crime Surveys (WEIS 2011)
Painless Migration to Two-factor Authentication (WIFS 2011)
Where Do Security Policies Come From? (SOUPS 2010)
Popularity is Everything: a new approach to protecting passwords from statistical-guessing attacks (HotSec 2010)
Phishing and Money Mules (WIFS, 2010)
The Plight of the Targeted Attacker in a World of Scale (WEIS 2010)
Passwords: If We're So Smart Why Are We Still Using Them? (Financial Crypto 2009)
So Long, and No Thanks for the Externalities: the Rational Rejection of Security Advice by Users (NSPW 2009)
Nobody Sells Gold for the Price of Silver: Dishonesty, Uncertainty and the Underground Economy (WEIS 2009)
A Profitless Endeavor: Phishing as a Tragedy of the Commons (NSPW 2008)
One-time Password Access to Any Server Without Changing the Server (ISC 2008)
Can Something-You-Know be Saved? (ISC 2008)
Protecting Financial Institutions from Brute-Force Attacks (SEC 2008)
Do Strong Web Passwords Accomplish Anything? (HotSEC 2007)