Cormac Herley

<!--[if !supportLists]-->Cormac Herley       <!--[endif]-->D. Florencio, C. Herley and P.C. van Oorschot, "An Administrator's Guide to Internet Password Research", Proc. Usenix LISA, 2014

<!--[if !supportLists]-->·       <!--[endif]-->D. Florencio, C. Herley and P.C. van Oorschot, "Password Portfolios and the Finite-Effort User: Sustainably Managing Large Numbers of Accounts", Proc. Usenix Security, 2014

<!--[if !supportLists]-->·        <!--[endif]-->S. Komanduri, R. Shay, L. Cranor, C. Herley and S. Schechter, "Telepathwords: preventing weak passwords by reading users' minds", Proc. Usenix Security 2014

<!--[if !supportLists]-->·       <!--[endif]-->S. Egelman, A. Sotirakopoulos, I. Muslukhov, K. Beznosov and C. Herley, "Does My Password Go up to Eleven? The Impact of Password Meters on Password Selection" Proc. ACM CHI 2013

<!--[if !supportLists]-->·       <!--[endif]-->J. Bonneau, C. Herley, P.C. van Oorschot and F. Stajano, “The quest to replace passwords: a framework for comparative evaluation of web authentication schemes,” IEEE Symposium on Security and Privacy 2012.

<!--[if !supportLists]-->·       <!--[endif]-->D. Florencio and C. Herley, "Where Do Security Policies Come From?" Symp. On Usable Privacy and Security, 2010.

<!--[if !supportLists]-->·       <!--[endif]-->S. Schechter, C. Herley and M. Mitzenmacher, "Popularity is Everything: a new approach to protecting passwords from statistical-guessing attacks," Proc. HotSEC 2010

<!--[if !supportLists]-->·       <!--[endif]-->D. Florencio and C. Herley, "Where Do Security Policies Come From?", SOUPS 2010 [Best paper award at SOUPS]

<!--[if !supportLists]-->·       <!--[endif]-->C. Herley, P.C. van Oorschot and A.S. Patrick, "Passwords: If We're So Smart Why Are We Still Using Them?" Financial Crypto 2009

<!--[if !supportLists]-->·       <!--[endif]-->C. Herley, "So Long, and No Thanks for the Externalities: the Rational Rejection of Security Advice by Users," New Security Paradigms Workshop 2009, Oxford.

<!--[if !supportLists]-->·       <!--[endif]-->D. Florencio and C. Herley, “A Large Scale Study of Web Password Habits,” WWW 2007, Banff.

<!--[if !supportLists]-->·       <!--[endif]-->Bharambe, C. Herley and V. Padmanabhan,“Analyzing and Improving a BitTorrent Network's Performance Mechanisms,” Proc. IEEE InfoCom 2006.

<!--[if !supportLists]-->·       <!--[endif]-->D. Florencio and C. Herley,“KLASSP: Entering Passwords on a Spyware Infected Machine Using a Shared-Secret Proxy,” Proc. ACSAC 2006.

<!--[if !supportLists]-->·       <!--[endif]-->D. Florencio and C. Herley, “Password Rescue: A New Approach to Phishing Prevention,” Usenix HotSEC ’06, Vancouver

<!--[if !supportLists]-->·       <!--[endif]-->C. Herley and D. Florencio, “How to Login from an Internet Cafe Without Worrying about Keyloggers,” Symp. On Usable Privacy and Security ‘06

<!--[if !supportLists]-->·       <!--[endif]-->D. Florencio and C. Herley,“Analysis and Improvement of Anti-Phishing Schemes,” Proc. SEC 2006. 

Slides and/or video of some recent talks:


  • Automated Detection of Automated Traffic [video, slides] (Usenix Security 2022)
  • Panel on ML for security MLHat20 [video]
  • Distinguishing Attacks from Legitimate Auth Traffic at Scale [video, slides](NDSS 2019)
  • Justifying Security Measures [slides] (Keynote Esorics 2017)
  • Elusive Goal of Security as a Scientific Pursuit [slides] (IEEE S&P 2017)
  • Unfalsifiability of Security Claims [video, slides] (Invited Talk Usenix Security 2016)
  • Cybercrime: if things are so bad how come they're so good? [video](Ian Dangerfield Memorial Lecture)
  • Pushing on String: the don’t care regions of password strength [video, slides] (PasswordsCon15)
  • Passwords: a Guide to the Ruins [video, slides] (CMU 2014)
  • Everything you know about password-stealing is wrong [video, slides] (Keynote WOOT 2012)