I cringe when I hear self-proclaimed experts implore everyone to “use a password manager for all your passwords” and “turn on two-factor authentication for every site that offers it.” As most of us who perform user research in security quickly learn, advice that may protect one individual may harm another. Each person uses technology differently, has a unique set of skills, and faces different risks.

In case you haven’t received this advice, or didn’t understand what it was, Password managers are programs that remember passwords for you, along with the email address or other user identifier you use for each…

Many online accounts allow you to supplement your password with a second form of identification, which can prevent some prevalent attacks. The second factors you can use to identify yourself include authenticator apps on your phone, which generate codes that change every 30 seconds, and security keys, small pieces of hardware similar in size and shape to USB drives. Since innovations that can actually improve the security of your online accounts are rare, there has been a great deal of well-deserved enthusiasm for two-factor authentication (as well as for password managers, which make it easy to use a different random…

Using TypeScript for both client and server code should make APIs easier to write correctly. TypeScript can ensure that the API’s implementation, and the clients that call the API, agree on the types of the parameters that should be passed and the value that should be returned— but TypeScript can only do enforce the correct types if given correct types. …

Conference and journals have a unique opportunity to influence research ethics, as researchers’ careers depend on their ability to understand and meet the requirements for having their research accepted for publication. In the past few years, a number of Computer Science conferences have added research ethics policies to their calls for papers. Good reasons for creating such a policy may include the desire to

  • educate authors unaware of institutional review requirements or of resources that may help them perform research more ethically,
  • ensure compliance with institutional review requirements by requiring authors to attest to knowing and following these requirements,
  • encourage…

Publicity is justly commended as a remedy for social and industrial diseases.
Sunlight is said to be the best of disinfectants;
electric light the most efficient policeman.

Louis D. Brandeis,
United States Supreme Court Associate Justice from 1916 to 1939, in
“Other People’s Money and How the Bankers Use It” (1914), Chapter 5

Two years ago I started a personal experiment in transparency; I began attaching my name to every peer review I wrote for scientific journals and conferences. A strong believer in the tenet that power is best tempered by transparency, I had become uncomfortable with exercising the power…

Stuart Schechter

I work on DiceKeys. Formerly researching human factors of security at Microsoft Research, MIT, and Harvard. @UppaJung on Twitter

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store