I cringe when I hear self-proclaimed experts implore everyone to “use a password manager for all your passwords” and “turn on two-factor authentication for every site that offers it.” As most of us who perform user research in security quickly learn, advice that may protect one individual may harm another…


Many online accounts allow you to supplement your password with a second form of identification, which can prevent some prevalent attacks. The second factors you can use to identify yourself include authenticator apps on your phone, which generate codes that change every 30 seconds, and security keys, small pieces of…


Using TypeScript for both client and server code should make APIs easier to write correctly. TypeScript can ensure that the API’s implementation, and the clients that call the API, agree on the types of the parameters that should be passed and the value that should be returned— but TypeScript can…


Conference and journals have a unique opportunity to influence research ethics, as researchers’ careers depend on their ability to understand and meet the requirements for having their research accepted for publication. In the past few years, a number of Computer Science conferences have added research ethics policies to their calls…


Publicity is justly commended as a remedy for social and industrial diseases.
Sunlight is said to be the best of disinfectants;
electric light the most efficient policeman.

Louis D. Brandeis,
United States Supreme Court Associate Justice from 1916 to 1939, in
“Other People’s Money and How the Bankers Use It” (1914), Chapter…

Stuart Schechter

I work on DiceKeys. Formerly researching human factors of security at Microsoft Research, MIT, and Harvard. @UppaJung on Twitter

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store