The papers below have been accepted for publication at SOUPS 2022. The full program will be available soon.
Improving Password Generation Through the Design of a Password Composition Policy Description Language
Anuj Gautam, Shan Lalani, and Scott Ruoti, The University of Tennessee
Industrial practitioners' mental models of adversarial machine learning
Lukas Bieringer, QuantPi; Kathrin Grosse, University of Cagliari; Michael Backes, CISPA Helmholtz Center for Information Security; Battista Biggio, University of Cagliari; Katharina Krombholz, CISPA Helmholtz Center for Information Security
Being Hacked: Understanding Victims' Experiences of IoT Hacking
Asreen Rostami, RISE Research Institutes of Sweden & Stockholm University; Minna Vigren, Stockholm University; Shahid Raza, RISE Research Institutes of Sweden; Barry Brown, Department of Computer Science, University of Copenhagen & Stockholm University
Password policies of most top websites fail to follow best practices
Kevin Lee, Sten Sjöberg, and Arvind Narayanan, Princeton University
Aunties, Strangers, and the FBI: Online Privacy Concerns and Experiences of Muslim-American Women
Tanisha Afnan and Yixin Zou, University of Michigan; Maryam Mustafa, Lahore University of Management Sciences; Mustafa Naseem and Florian Schaub, University of Michigan
Runtime Permissions for Proactive Intelligent Assistants
Nathan Malkin and David Wagner, University of California, Berkeley; Serge Egelman, University of California, Berkeley / ICSI
If You Can’t Get Them to the Lab: Evaluating a Virtual Study Environment with Security Information Workers
Nicolas Huaman, Alexander Krause, and Dominik Wermke, CISPA Helmholtz Center for Information Security; Jan H. Klemmer and Christian Stransky, Leibniz University Hannover; Yasemin Acar, George Washington University; Sascha Fahl, CISPA Helmholtz Center for Information Security
An open door may tempt a saint: Examining situational and individual determinants of privacy-invading behavior
Markus Langer, Saarland University; Rudolf Siegel and Michael Schilling, CISPA Helmholtz Center for Information Security; Tim Hunsicker and Cornelius J. König, Saarland University
Replication: Stories as Informal Lessons about Security
Katharina Pfeffer and Alexandra Mai, SBA Research; Edgar Weippl, University of Vienna; Emilee Rader, Michigan State University; Katharina Krombholz, CISPA Helmholtz Center for Information Security
Let’s Hash: Helping Developers with Password Security
Lisa Geierhaas and Anna-Marie Ortloff, University of Bonn; Matthew Smith, University of Bonn, Fraunhofer FKIE; Alena Naiakshina, Ruhr University Bochum
Evaluating the Usability of Privacy Choice Mechanisms
Hana Habib and Lorrie Faith Cranor, Carnegie Mellon University
Normative and Non-Social Beliefs about Sensor Data: Implications for Collective Privacy Management
Emilee Rader, Michigan State University
DualCheck: Exploiting Human Verification Tasks for Opportunistic Online Safety Microlearning
Ryo Yoshikawa, Hideya Ochiai, and Koji Yatani, University of Tokyo
"As soon as it's a risk, I want to require MFA": How Administrators Configure Risk-based Authentication
Philipp Markert and Theodor Schnitzler, Ruhr University Bochum; Maximilian Golla, Max Planck Institute for Security and Privacy; Markus Dürmuth, Leibniz University Hannover
Presenting Suspicious Details in User-Facing E-mail Headers Does Not Improve Phishing Detection
Sarah Zheng and Ingolf Becker, UCL
Replication: The Effect of Differential Privacy Communication on German Users' Comprehension and Data Sharing Attitudes
Patrick Kühtreiber, Viktoriya Pak, and Delphine Reinhardt, University of Göttingen
Investigating How University Students in the United States Encounter and Deal With Misinformation in Private WhatsApp Chats During COVID-19
K. J. Kevin Feng, Princeton University; Kevin Song, Kejing Li, Oishee Chakrabarti, and Marshini Chetty, University of Chicago
Understanding Non-Experts’ Security- and Privacy-Related Questions on a Q&A Site
Ayako A. Hasegawa, NICT; Naomi Yamashita, NTT / Kyoto University; Tatsuya Mori, Waseda University / NICT / RIKEN AIP; Daisuke Inoue, NICT; Mitsuaki Akiyama, NTT
Anti-Privacy and Anti-Security Advice on TikTok: Case Studies of Technology-Enabled Surveillance and Control in Intimate Partner and Parent-Child Relationships
Miranda Wei, Unviersity of Washington; Eric Zeng, Tadayoshi Kohno, and Franziska Roesner, University of Washington
Comparing User Perceptions of Anti-Stalkerware Apps with the Technical Reality
Matthias Fassl and Simon Anell, CISPA Helmholtz Center for Information Security; Sabine Houy, Umeå University; Martina Lindorfer, TU Wien; Katharina Krombholz, CISPA Helmholtz Center for Information Security
Is it a concern or a preference? An investigation into the ability of privacy scales to capture and distinguish granular privacy constructs
Jessica Colnago, Google; Lorrie Faith Cranor and Alessandro Acquisti, Carnegie Mellon University; Kate Jain, University of Pittsburgh
Sharing without Scaring: Enabling Smartphones to Become Aware of Temporary Sharing
Jiayi Chen and Urs Hengartner, University of Waterloo; Hassan Khan, University of Guelph
Exploring User Authentication with Windows Hello in a Small Business Environment
Florian M. Farke, Leona Lassak, and Jannis Pinter, Ruhr University Bochum; Markus Dürmuth, Leibniz University Hannover
“Fast, Easy, Convenient.” Studying Adoption and Perception of Digital Covid Certificates
Franziska Herbert, Marvin Kowalewski, Theodor Schnitzler, and Leona Lassak, Ruhr University Bochum; Markus Dürmuth, Leibniz University Hannover
Increasing security without decreasing usability: Comparison of various verifiable voting systems
Melanie Volkamer, Karlsruhe Institute of Technology; Oksana Kulyk, ITU Copenhagen; Jonas Ludwig and Niklas Fuhrberg, Karlsruhe Institute of Technology
Detecting iPhone Security Compromise in Simulated Stalking Scenarios: Strategies and Obstacles
Andrea Gallardo, Hanseul Kim, Tianying Li, Lorrie Cranor, and Lujo Bauer, Carnegie Mellon University
Usability and Security of Trusted Platform Module (TPM) Library APIs
Siddharth Prakash Rao and Gabriela Limonta, Nokia Bell Labs; Janne Lindqvist, Aalto University
Users' Perceptions of Chrome Compromised Credential Notification
Yue Huang, Borke Obada-Obieh, and Konstantin (Kosta) Beznosov, University of British Columbia
The Nerd Factor: The Potential of S&P Adepts to Serve as a Social Resource in the Users’ Quest for More Secure and Privacy-Preserving Behavior
Nina Gerber, Technical University of Darmstadt; Karola Marky, Leibniz University Hannover and University of Glasgow
On recruiting and retaining users for security-sensitive longitudinal measurement panels
Akira Yamada, KDDI Research, Inc.; Kyle Crichton, Carnegie Mellon University; Yukiko Sawaya, KDDI Research, Inc.; Jin-Dong Dong and Sarah Pearman, Carnegie Mellon University; Ayumu Kubota, KDDI Research, Inc.; Nicolas Christin, Carnegie Mellon University
"I don’t know why I check this...'' - Investigating Expert Users' Strategies to Detect Email Signature Spoofing Attacks
Peter Mayer, SECUSO, Karlsruhe Institute of Technology; Damian Poddebniak, Münster University of Applied Sciences; Konstantin Fischer and Marcus Brinkmann, Ruhr University Bochum; Juraj Somorovsky, Paderborn University; Angela Sasse, Ruhr University Bochum; Sebastian Schinzel, Münster University of Applied Sciences; Melanie Volkamer, SECUSO, Karlsruhe Institute of Technology
Exploring User-Suitable Metaphors for Differentially Private Data Analyses
Farzaneh Karegar and Ala Sarah Alaqra, Karlstad University; Simone Fischer-Hübner, Karlstad University, Chalmers University of Technology
Do Password Managers Nudge Secure (Random) Passwords?
Samira Zibaei, Dina Rinoa Malapaya, Benjamin Mercier, Amirali Salehi-Abari, and Julie Thorpe, Ontario Tech University
An Empirical Study of a Decentralized Identity Wallet: Usability, Security, and Perspectives on User Control
Maina Korir, University of Bedfordshire; Simon Parkin, TU Delft; Paul Dunphy, OneSpan
Let The Right One In: Attestation as a Usable CAPTCHA Alternative
Tara Whalen, Thibault Meunier, and Mrudula Kodali, Cloudflare Inc.; Alex Davidson, Brave; Marwan Fayed and Armando Faz-Hernández, Cloudflare Inc.; Watson Ladd, Sealance Corp; Deepak Maram, Cornell Tech; Nick Sullivan, Benedikt Christoph Wolters, Maxime Guerreiro, and Andrew Galloni, Cloudflare Inc.
Replication: How Well Do My Results Generalize Now? The External Validity of Online Privacy and Security Surveys
Jenny Tang, Wellesley College; Eleanor Birrell, Pomona College; Ada Lerner, Northeastern University
Balancing Power Dynamics in Smart Homes: Nannies' Perspectives on How Cameras Reflect and Affect Relationships
Julia Bernd, International Computer Science Institute; Ruba Abu-Salma, King’s College London; Junghyun Choy and Alisa Frik, International Computer Science Institute