NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by:

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 51 - 75 of 106

Secure and usable enterprise authentication: Lessons from the Field

October 26, 2016
Author(s)
Mary F. Theofanos, Simson L. Garfinkel, Yee-Yin Choong
There are now more than 5.4 million Personal Identity Verification (PIV) and Common Access Card (CAC) identity cards deployed to US government employees and contractors. These cards are widely used to gain physical access to federal facilities, but their

Security Fatigue

October 1, 2016
Author(s)
Brian C. Stanton, Sandra S. Prettyman, Mary F. Theofanos, Susanne M. Furman

Framework for Cloud Usability

August 2, 2015
Author(s)
Brian C. Stanton, Mary F. Theofanos, Karun P. Joshi
Organizations are increasingly adopting cloud-based services to meet their business needs. However, due to the complexity and diversity of cloud systems it is important to evaluate the user experience using within a framework that encompasses the

Password policy languages: usable translation from the informal to the formal

July 21, 2015
Author(s)
Michelle P. Steves, Mary F. Theofanos, Celia Paulsen, Athos Ribeiro
Password policies – documents which regulate how users must create, manage, and change their passwords – can have complex and unforeseen consequences on organizational security. Since these policies regulate user behavior, users must be clear as to what is

Privacy and Security in the Brave New World: The Use of Multiple Mental Models

July 21, 2015
Author(s)
Susanne M. Furman, Mary F. Theofanos, Brian C. Stanton, Sandra S. Prettyman
We live in a world where the flow of electronic information and communication has become a ubiquitous part of our everyday life. While our lives are enhanced in many ways, we also experience a myriad of challenges especially to our priva-cy and security

A Measurement Metric for Forensic Latent Fingerprint Preprocessing

July 31, 2014
Author(s)
Haiying Guan, Andrew Dienstfrey, Mary Frances Theofanos, Brian Stanton
Although fingerprint mark-up and identification are well-studied fields, forensic fingerprint image preprocessing is still a relatively new domain in need of further scientific study and development of guidance of best practice. Latent fingerprint image

Preserving Privacy More Than Reading a Message

June 27, 2014
Author(s)
Susanne M. Furman, Mary F. Theofanos
Social media has become a mainstream activity where people share all kinds of personal and intimate details about their lives. These social networking sites (SNS) allow users to conveniently authenticate to the third party website by using their SNS

Development of a Scale to Assess the Linguistic and Phonological Difficulty of Passwords

June 22, 2014
Author(s)
Jennifer R. Bergstrom, Stefan A. Frisch, David C. Hawkins, Joy Hackenbracht, Kristen K. Greene, Mary Theofanos, Brian Griepentrog
Increasingly, institutions are requiring or recommending that their employees use secure, system-generated passwords. It is not clear how well linguistic and phonological language properties map onto complex, randomly-generated passwords. Passwords

Human Engineering Design Criteria Standards Part 3: Interim Steps

April 1, 2014
Author(s)
Susanne M. Furman, Mary Theofanos, Hannah Wald
The Department of Homeland Security (DHS) requires general human systems integration (HSI) criteria for the design and development of human-machine interfaces for the technology, systems, equipment, and facilities employed by its user population. HSI is

Report: Authentication Diary Study

February 4, 2014
Author(s)
Michelle P. Steves, Mary F. Theofanos
Users have developed various coping strategies for minimizing or avoiding the friction and burden associated with managing and using their portfolios of user IDs and passwords or personal identification numbers (PINs). Many try to use the same password (or

A New Metric for Latent Fingerprint Image Preprocessing

June 23, 2013
Author(s)
Mary Frances Theofanos, Andrew Dienstfrey, Brian Stanton, Haiying Guan
Although fingerprint recognition is a well-studied area, forensic fingerprint preprocessing based on computational theory is still a relatively new domain in need of further scientific study and development of standards of best practice. Latent fingerprint

Camera Recognition

March 26, 2013
Author(s)
Michelle P. Steves, Brian C. Stanton, Mary F. Theofanos, Dana E. Chisnell, Hannah Wald
The Department of Homeland Security’s (DHS) United States Visitor and Immigrant Status Indicator Technology (US-VISIT) program is a biometrically-enhanced identification system primarily situated at border points of entry such as airports and seaports. In

Usability of PIV Smartcards for Logical Access

June 28, 2012
Author(s)
Emile L. Morse, Mary F. Theofanos, Yee-Yin Choong, Celeste Paul, Aiping L. Zhang, Hannah Wald
This paper presents the findings of a PIV usability pilot study conducted at NIST during the summer of 2010. The study focused on factors that affected users' perceptions and adoption of PIV smartcards. Based on observation of the study participants, the

Basing Cybersecurity Training on User Perceptions

April 2, 2012
Author(s)
Susanne M. Furman, Mary F. Theofanos, Yee-Yin Choong, Brian C. Stanton
The National Initiative for Cybersecurity Education (NICE) will be conducting a nationwide awareness and outreach program to effect behavioral change. To be effective, an educational campaign must first understand users’ perceptions of computer and online
Was this page helpful?