I'm a researcher at UC Berkeley working with David Wagner. I'm interested in decision-making with regard to computer security, and then creating improved interfaces that help users make better security decisions.

Previously, I was a postdoc at Brown University working with Shriram Krishnamurthi on usable access control interfaces, specifically Facebook privacy settings. Before that I was a graduate student at Carnegie Mellon University advised by Lorrie Cranor, and a member of the CUPS Lab. I've also performed research at NIST, Microsoft Research, and Xerox PARC.

• S. Egelman, A. Oates, and S. Krishnamurthi. Oops, I Did It Again: Mitigating Repeated Access Control Errors on Facebook. CHI '11: Proceedings of the SIGCHI conference on Human Factors in Computing Systems. 2011.


• N. Christin, S. Egelman, T. Vidas, and J. Grossklags. It's All About The Benjamins: An empirical study on incentivizing users to ignore security advice. Financial Cryptography & Data Security. 2011.


• D. Molnar, S. Egelman, and N. Christin. This Is Your Data on Drugs: Lessons Computer Security Can Learn from The Drug War. The 2010 New Security Paradigms Workshop (NSPW).
  
  
• J. Sunshine, S. Egelman, H. Almuhimedi, N. Atri, and L. Cranor. Crying Wolf: An Empirical Study of SSL Warning Effectiveness. The 18th USENIX Security Symposium. 2009.


• S. Schechter, A. J. Brush, and S. Egelman. It's No Secret: Measuring the reliability of authentication via 'secret' questions. The 2009 IEEE Symposium on Security and Privacy.


• S. Schechter, S. Egelman, and R. Reeder. It's Not What You Know, But Who You Know: A social approach to last-resort authentication. CHI '09: Proceedings of the SIGCHI conference on Human Factors in Computing Systems. 2009.


• S. Egelman, J. Tsai, L. Cranor, and A. Acquisti. Timing Is Everything? The Effects of Timing and Placement of Online Privacy Indicators. CHI '09: Proceedings of the SIGCHI conference on Human Factors in Computing Systems. 2009.


• S. Egelman, L. Cranor, and J. Hong. You've Been Warned: An Empirical Study on the Effectiveness of Web Browser Phishing Warnings. CHI '08: Proceedings of the SIGCHI conference on Human Factors in Computing Systems (Best Paper Nominee). 2008.

• Pop-Up Insecurity, CMU Press Release, 7 August 2009.
• Crying Wolf: Do Security Warnings Help? Study: Internet Users Immune to Pop-Up Security Warnings by Ki Mae Heussner, ABC News.com, 30 July 2009.
• Browser SSL Warnings Shown to be Ineffective by Angela Moscaritolo, SC Magazine, 28 July 2009.
• Research: Security Certificate Warnings Are Not Working by Steve Ragan, The Tech Herald, 28 July 2009.
• Web Users Ignoring Security Certificate Warnings by Tom Espiner, CNET News, 28 July 2009.
• Benign Security Warnings Have Trained Users to Ignore Them by Jacqui Cheng, Ars Technica, 27 July 2009.
• Security Certificate Warnings Don't Work, Researchers Say by Robert McMillan, Computer World, 24 July 2009.
• Personal Questions Undermine Webmail Security by Matthew Sparkes, PC Pro, 24 June 2009.
• Open Secrets about The Email 'Secret' Question, CyberMedia News, 23 June 2009.
• Study: Secret Questions Don't Safeguard Passwords, by Jeremy Kirk, PC World, 19 May 2009.
• Enhanced Privacy Measures Might Produce Bigger Profits by Robert Gellman, DMNews, 10 August 2007.
• Better Privacy Policies Can Make Money, Finds P3P Study, The Register, 12 June 2007.
• Online Shoppers Will Pay for Security by Teresa F. Lindeman, Pittsburgh Post-Gazette, 8 June 2007.
• Good Privacy Pays for Web Stores, BBC News, 7 June 2007.
• Americans Willing to Pay (A Little) More for Privacy by Nate Anderson, Ars Technica, 7 June 2007.
• Study: Shoppers Will Pay for Privacy by Candace Lombardi, CNET News, 7 June 2007.
• Privacy Premium Doesn't Faze Buyers by Tim Wilson, DarkReading, 7 June 2007.
• Online Shoppers Will Pay Extra To Protect Privacy, Carnegie Mellon Study Shows by Byron Spice, CMU Press Release, 7 June 2007.
• Shoppers Willing to Pay Extra for Privacy Confidence, Study Finds by Jon Brodkin, Network World, 6 June 2007.
• 10 Anti-Phishing Toolbars Evaluated by Mark Joseph Edwards, Windows IT Pro, 15 December 2006.
• Study Blasts Failing Phishing Toolbars by Shaun Nichols, Information World Review, 22 November 2006.
• AOL Is Caught in Its Own Long Tail by Richard W. Wiggins, Information Today, 14 August 2006.