{"675405":{"#nid":"675405","#data":{"type":"event","title":"PhD Defense by Suood AlRoomi","body":[{"value":"\u003Cp\u003E\u003Cstrong\u003ETitle:\u0026nbsp;\u003C\/strong\u003EEmpirical Measurements of the Security, Privacy, and Usability of Website Password Authentication Workflows\u003C\/p\u003E\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\u003Cp\u003E\u003Cstrong\u003EDate:\u003C\/strong\u003E Tuesday, July 23, 2024.\u003C\/p\u003E\u003Cp\u003E\u003Cstrong\u003ETime:\u0026nbsp;\u003C\/strong\u003E\u0026nbsp;12pm \u2013 2pm EST.\u003C\/p\u003E\u003Cp\u003E\u003Cstrong\u003ELocation:\u003C\/strong\u003E Coda C1115 Druid Hills and \u003Ca href=\u0022https:\/\/gatech.zoom.us\/j\/98654414573?pwd=lZ2gIYn63tkt41MCmuQNu2jK0ffEaN.1\u0022\u003EZoom\u003C\/a\u003E meeting (ID: 986 5441 4573\u0026nbsp;\u0026nbsp; Passcode: 841338)\u003C\/p\u003E\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\u003Cp\u003E\u003Cstrong\u003ESuood AlRoomi\u003C\/strong\u003E\u003C\/p\u003E\u003Cp\u003EPh.D. Candidate in Computer Science\u003C\/p\u003E\u003Cp\u003ESchool of Cybersecurity and Privacy\u003C\/p\u003E\u003Cp\u003EGeorgia Institute of Technology\u003C\/p\u003E\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\u003Cp\u003E\u003Cstrong\u003ECommittee:\u003C\/strong\u003E\u003C\/p\u003E\u003Cp\u003EDr. Frank Li (Advisor), School of Cybersecurity and Privacy, Georgia Institute of Technology\u003C\/p\u003E\u003Cp\u003EDr. Paul Pearce, School of Cybersecurity and Privacy, Georgia Institute of Technology\u003C\/p\u003E\u003Cp\u003EDr. Mustaque Ahamad, School of Cybersecurity and Privacy, Georgia Institute of Technology\u003C\/p\u003E\u003Cp\u003EDr. Cecilia Testart, School of Cybersecurity and Privacy, Georgia Institute of Technology\u003C\/p\u003E\u003Cp\u003EDr. Douglas Blough, School of Electrical and Computer Engineering, Georgia Institute of Technology\u003C\/p\u003E\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\u003Cp\u003E\u003Cstrong\u003EAbstract:\u003C\/strong\u003E\u003C\/p\u003E\u003Cp\u003EIn an era where digital interactions are integral to daily life, the security and privacy of online authentication mechanisms are crucial for protecting user data and maintaining trust in web services. Passwords, though decades old, remain the most common form of authentication and are likely to stay ubiquitous. Therefore, the web ecosystem\u2019s security depends on how users and websites handle passwords and manage authentication. Researchers have extensively explored user behavior with passwords, offering insights into how websites should handle authentication and leading to significant updates in modern guidelines.\u0026nbsp;\u003C\/p\u003E\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\u003Cp\u003EA significant gap remains in understanding how websites handle authentication and whether they adhere to best practices. This dissertation aims to bridge that gap through large-scale empirical measurements of website authentication practices. I develop measurement techniques to systematically evaluate websites\u2019 authentication policies and implementation decisions and apply them at scale to assess their authentication workflows.\u0026nbsp;\u003C\/p\u003E\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\u003Cp\u003EI reveal the disparity between modern recommendations and real-world implementations. My studies show that while guidelines inform policy decisions, barriers prevent adopting recent recommendations, highlighting the need for education and outreach efforts. Further, I found poor policy decisions aligning with the default configurations of web software, which often compromise security, privacy, or usability. Updating these defaults to match modern guidelines could significantly reduce vulnerabilities and promote best practices. Moreover, incorporating security features such as blocking common passwords and rate limiting could significantly enhance the security of websites, as many are found lacking these defenses. I also identify concerning practices in authentication workflows, such as insecure communication, misconfigured HTTPS deployments, and mixed content vulnerabilities. While TLS deployment has improved, work remains to migrate all sensitive resources to HTTPS. Standardized authentication workflows with centralized security controls and outreach efforts can further mitigate inconsistencies and improve authentication security.\u0026nbsp;\u003C\/p\u003E\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E","summary":"","format":"limited_html"}],"field_subtitle":"","field_summary":[{"value":"\u003Cp\u003EEmpirical Measurements of the Security, Privacy, and Usability of Website Password Authentication Workflows\u003C\/p\u003E","format":"limited_html"}],"field_summary_sentence":[{"value":"Empirical Measurements of the Security, Privacy, and Usability of Website Password Authentication Workflows"}],"uid":"27707","created_gmt":"2024-07-09 15:42:10","changed_gmt":"2024-07-09 15:42:42","author":"Tatianna Richardson","boilerplate_text":"","field_publication":"","field_article_url":"","field_event_time":{"event_time_start":"2024-07-23T12:00:00-04:00","event_time_end":"2024-07-23T14:00:00-04:00","event_time_end_last":"2024-07-23T14:00:00-04:00","gmt_time_start":"2024-07-23 16:00:00","gmt_time_end":"2024-07-23 18:00:00","gmt_time_end_last":"2024-07-23 18:00:00","rrule":null,"timezone":"America\/New_York"},"location":"Coda C1115 Druid Hills and Zoom meeting ","extras":[],"groups":[{"id":"221981","name":"Graduate Studies"}],"categories":[],"keywords":[{"id":"100811","name":"Phd Defense"}],"core_research_areas":[],"news_room_topics":[],"event_categories":[{"id":"1788","name":"Other\/Miscellaneous"}],"invited_audience":[{"id":"78771","name":"Public"}],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[],"email":[],"slides":[],"orientation":[],"userdata":""}}}