I'm currently a postdoc at Brown University, working with Shriram Krishnamurthi on creating usable access control mechanisms. Specifically, we are conducting ethnographic studies of workplace computer users to see how they currently share work-related files, what access control mechanisms they frequently encounter, and what types of policy errors occur. We are also designing a new privacy settings interface for social networking websites that will help users correct ambiguities in their policies. In addition to access control, I am in the process of designing several studies to examine how people make online security decisions from a behavioral economics perspective. Previously, I was a graduate student at Carnegie Mellon University advised by Lorrie Cranor, and was a member of the CUPS Lab.

I am primarily interested in helping people make better computer security decisions. This involves designing and conducting human subjects experiments to gain a better understanding of how people currently make poor security decisions, designing new software and user interfaces that attempt to minimize human error, and then conducting iterative testing through usability studies.

• S. Egelman, D. Molnar, N. Christin, A. Acquisti, C. Herley, and S. Krishnamurthi. Please Continue to Hold: An empirical study on user tolerance of security delays. Under review.


• J. Sunshine, S. Egelman, H. Almuhimedi, N. Atri, and L. Cranor. Crying Wolf: An Empirical Study of SSL Warning Effectiveness. The 18th USENIX Security Symposium. 2009.


• S. Schechter, A. J. Brush, and S. Egelman. It's No Secret: Measuring the reliability of authentication via 'secret' questions. The 2009 IEEE Symposium on Security and Privacy.


• S. Schechter, S. Egelman, and R. Reeder. It's Not What You Know, But Who You Know: A social approach to last-resort authentication. CHI '09: Proceedings of the SIGCHI conference on Human Factors in Computing Systems. 2009.


• S. Egelman, J. Tsai, L. Cranor, and A. Acquisti. Timing Is Everything? The Effects of Timing and Placement of Online Privacy Indicators. CHI '09: Proceedings of the SIGCHI conference on Human Factors in Computing Systems. 2009.


• S. Egelman, L. Cranor, and J. Hong. You've Been Warned: An Empirical Study on the Effectiveness of Web Browser Phishing Warnings. CHI '08: Proceedings of the SIGCHI conference on Human Factors in Computing Systems (Best Paper Nominee). 2008.


• S. Egelman, A.J. Brush, K. Inkpen. Family Accounts: A new paradigm for user accounts within the home environment. CSCW '08: Proceedings of the 2008 conference on Computer Supported Cooperative Work.


• J. Tsai, S. Egelman, L. Cranor, and A. Acquisti. The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study. Workshop on the Economics of Information Security (WEIS). 2007.

• Pop-Up Insecurity, CMU Press Release, 7 August 2009.
• Crying Wolf: Do Security Warnings Help? Study: Internet Users Immune to Pop-Up Security Warnings by Ki Mae Heussner, ABC News.com, 30 July 2009.
• Browser SSL Warnings Shown to be Ineffective by Angela Moscaritolo, SC Magazine, 28 July 2009.
• Research: Security Certificate Warnings Are Not Working by Steve Ragan, The Tech Herald, 28 July 2009.
• Web Users Ignoring Security Certificate Warnings by Tom Espiner, CNET News, 28 July 2009.
• Benign Security Warnings Have Trained Users to Ignore Them by Jacqui Cheng, Ars Technica, 27 July 2009.
• Security Certificate Warnings Don't Work, Researchers Say by Robert McMillan, Computer World, 24 July 2009.
• Personal Questions Undermine Webmail Security by Matthew Sparkes, PC Pro, 24 June 2009.
• Open Secrets about The Email 'Secret' Question, CyberMedia News, 23 June 2009.
• Study: Secret Questions Don't Safeguard Passwords, by Jeremy Kirk, PC World, 19 May 2009.
• Enhanced Privacy Measures Might Produce Bigger Profits by Robert Gellman, DMNews, 10 August 2007.
• Better Privacy Policies Can Make Money, Finds P3P Study, The Register, 12 June 2007.
• Online Shoppers Will Pay for Security by Teresa F. Lindeman, Pittsburgh Post-Gazette, 8 June 2007.
• Good Privacy Pays for Web Stores, BBC News, 7 June 2007.
• Americans Willing to Pay (A Little) More for Privacy by Nate Anderson, Ars Technica, 7 June 2007.
• Study: Shoppers Will Pay for Privacy by Candace Lombardi, CNET News, 7 June 2007.
• Privacy Premium Doesn't Faze Buyers by Tim Wilson, DarkReading, 7 June 2007.
• Online Shoppers Will Pay Extra To Protect Privacy, Carnegie Mellon Study Shows by Byron Spice, CMU Press Release, 7 June 2007.
• Shoppers Willing to Pay Extra for Privacy Confidence, Study Finds by Jon Brodkin, Network World, 6 June 2007.
• 10 Anti-Phishing Toolbars Evaluated by Mark Joseph Edwards, Windows IT Pro, 15 December 2006.
• Study Blasts Failing Phishing Toolbars by Shaun Nichols, Information World Review, 22 November 2006.
• AOL Is Caught in Its Own Long Tail by Richard W. Wiggins, Information Today, 14 August 2006.