| 2009 | 1 + 1 = you: measuring the comprehensibility of metaphors for configuring backup authentication. Stuart E. Schechter, Robert W. Reeder |
| 2009 | A "nutrition label" for privacy. Patrick Gage Kelley, Joanna Bresee, Lorrie Faith Cranor, Robert W. Reeder |
| 2009 | A comparative study of online privacy policies and formats. Aleecia M. McDonald, Robert W. Reeder, Patrick Gage Kelley, Lorrie Faith Cranor |
| 2009 | A multi-method approach for user-centered design of identity management systems. Pooya Jaferian, David Botta, Kirstie Hawkey, Konstantin Beznosov |
| 2009 | A new graphical password scheme against spyware by using CAPTCHA. Haichang Gao, Xiyang Liu |
| 2009 | A user study of the expandable grid applied to P3P privacy policy visualization. Robert W. Reeder, Patrick Gage Kelley, Aleecia M. McDonald, Lorrie Faith Cranor |
| 2009 | Analyzing use of privacy policy attributes in a location sharing application. Eran Toch, Ramprasad Ravichandran, Lorrie Faith Cranor, Paul Hankes Drielsma, Jason I. Hong, Patrick Gage Kelley, Norman M. Sadeh, Janice Y. Tsai |
| 2009 | Balancing usability and security in a video CAPTCHA. Kurt Alfred Kluever, Richard Zanibbi |
| 2009 | BayeShield: conversational anti-phishing user interface. Peter Likarish, Donald E. Dunbar, Juan Pablo Hourcade, Eunjin Jung |
| 2009 | Capturing social networking privacy preferences: can default policies help alleviate tradeoffs between expressiveness and user burden? Ramprasad Ravichandran, Michael Benisch, Patrick Gage Kelley, Norman M. Sadeh |
| 2009 | Challenges in supporting end-user privacy and security management with social navigation. Jeremy Goecks, W. Keith Edwards, Elizabeth D. Mynatt |
| 2009 | Conditioned-safe ceremonies and a user study of an application to web authentication. Chris Karlof, J. D. Tygar, David A. Wagner |
| 2009 | Designing and evaluating usable security and privacy technology. Martina Angela Sasse, Clare-Marie Karat, Roy A. Maxion |
| 2009 | Designing for different levels of social inference risk. Sara Motahari, Sotirios G. Ziavras, Quentin Jones |
| 2009 | Ecological validity in studies of security and human behaviour. Andrew Patrick |
| 2009 | Educated guess on graphical authentication schemes: vulnerabilities and countermeasures. Eiji Hayashi, Jason I. Hong, Nicolas Christin |
| 2009 | Escape from the matrix: lessons from a case-study in access-control requirements. Kathi Fisler, Shriram Krishnamurthi |
| 2009 | Games for extracting randomness. Ran Halprin, Moni Naor |
| 2009 | Graphical passwords as browser extension: implementation and usability study. Kemal Bicakci, Mustafa Yuceel, Burak Erdeniz, Hakan Gurbaslar, Nart Bedin Atalay |
| 2009 | How does the emergence of reputation mechanisms affect the overall trust formation mechanisms, implicit and explicit, in the online environment? Kristiina Karvonen |
| 2009 | How users use access control. Diana K. Smetters, Nathan Good |
| 2009 | Integrating usability and accessibility in information assurance education. Azene Zenebe, Claude Tuner, Jinjuan Feng, Jonathan Lazar, Mike O'Leary |
| 2009 | Invisible HCI-SEC: ways of re-architecting the operating system to increase usability and security. Simson L. Garfinkel |
| 2009 | It's no secret: measuring the security and reliability of authentication via 'secret' questions. Stuart E. Schechter, A. J. Bernheim Brush, Serge Egelman |
| 2009 | It's not what you know, but who you know: a social approach to last-resort authentication. Stuart E. Schechter, Serge Egelman, Robert W. Reeder |
| 2009 | Look into my eyes!: can you guess my password? Alexander De Luca, Martin Denzel, Heinrich Hussmann |
| 2009 | Machine learning attacks against the Asirra CAPTCHA. Philippe Golle |
| 2009 | New directions in multisensory authentication. Madoka Hasegawa, Nicolas Christin, Eiji Hayashi |
| 2009 | Not one click for security? Alan H. Karp, Marc Stiegler, Tyler Close |
| 2009 | Personal choice and challenge questions: a security and usability assessment. Mike Just, David Aspinall |
| 2009 | Privacy stories: confidence in privacy behaviors through end user programming. Luke Church, Jonathan Anderson, Joseph Bonneau, Frank Stajano |
| 2009 | Privacy suites: shared privacy for social networks. Joseph Bonneau, Jonathan Anderson, Luke Church |
| 2009 | Proceedings of the 5th Symposium on Usable Privacy and Security, SOUPS 2009, Mountain View, California, USA, July 15-17, 2009 Lorrie Faith Cranor |
| 2009 | Recall-a-story, a story-telling graphical password system. Yves Maetz, Stéphane Onno, Olivier Heen |
| 2009 | Redirects to login pages are bad, or are they? Eric Sachs |
| 2009 | Revealing hidden context: improving mental models of personal firewall users. Fahimeh Raja, Kirstie Hawkey, Konstantin Beznosov |
| 2009 | Sanitization's slippery slope: the design and study of a text revision assistant. Richard Chow, Ian Oberst, Jessica Staddon |
| 2009 | School of phish: a real-word evaluation of anti-phishing training. Ponnurangam Kumaraguru, Justin Cranshaw, Alessandro Acquisti, Lorrie Faith Cranor, Jason I. Hong, Mary Ann Blair, Theodore Pham |
| 2009 | Serial hook-ups: a comparative usability study of secure device pairing methods. Alfred Kobsa, Rahim Sonawalla, Gene Tsudik, Ersin Uzun, Yang Wang |
| 2009 | Short and long term research suggestions for NSF and NIST. Nancy Gillis |
| 2009 | Social applications: exploring a more secure framework. Andrew Besmer, Heather Richter Lipford, Mohamed Shehab, Gorrell P. Cheek |
| 2009 | Studying location privacy in mobile applications: 'predator vs. prey' probes. Keerthi Thomas, Clara Mancini, Lukasz Jedrzejczyk, Arosha K. Bandara, Adam N. Joinson, Blaine A. Price, Yvonne Rogers, Bashar Nuseibeh |
| 2009 | Technology transfer of successful usable security research into product. Mary Ellen Zurko |
| 2009 | Textured agreements: re-envisioning electronic consent. Matthew Kay, Michael A. Terry |
| 2009 | The family and communication technologies. Linda Little |
| 2009 | The impact of expressiveness on the effectiveness of privacy mechanisms for location-sharing. Michael Benisch, Patrick Gage Kelley, Norman M. Sadeh, Tuomas Sandholm, Janice Y. Tsai, Lorrie Faith Cranor, Paul Hankes Drielsma |
| 2009 | The impact of privacy indicators on search engine browsing patterns. Janice Y. Tsai, Serge Egelman, Lorrie Faith Cranor, Alessandro Acquisti |
| 2009 | Think Evil (tm). Nicholas Weaver |
| 2009 | Threshold things that think: usable authorization for resharing. Roel Peeters, Markulf Kohlweiss, Bart Preneel, Nicky Sulmon |
| 2009 | Treat 'em like other devices: user authentication of multiple personal RFID tags. Nitesh Saxena, Md. Borhan Uddin, Jonathan Voris |
| 2009 | Ubiquitous systems and the family: thoughts about the networked home. Linda Little, Elizabeth Sillence, Pamela Briggs |
| 2009 | Usability and security of out-of-band channels in secure device pairing protocols. Ronald Kainda, Ivan Flechais, A. W. Roscoe |
| 2009 | Usable deidentification of sensitive patient care data. Michael McQuaid, Kai Zheng, Nigel P. Melville, Lee Green |
| 2009 | Who's viewed you?: the impact of feedback in a mobile location-sharing application. Janice Y. Tsai, Patrick Gage Kelley, Paul Hankes Drielsma, Lorrie Faith Cranor, Jason I. Hong, Norman M. Sadeh |
| 2009 | flyByNight: mitigating the privacy risks of social networking. Matthew M. Lucas, Nikita Borisov |