log in  |  register  |  feedback?  |  help  |  web accessibility
PhD Defense: Security in Informal, Multi-User Settings
Phoebe Moh
IRB-5165 https://umd.zoom.us/j/99105589537?pwd=hR8mAbDcv7dPwk9TKgR4lahiow7sbm.1
Friday, July 10, 2026, 10:00-11:30 am
  • You are subscribed to this talk through .
  • You are watching this talk through .
  • You are subscribed to this talk. (unsubscribe, watch)
  • You are watching this talk. (unwatch, subscribe)
  • You are not subscribed to this talk. (watch, subscribe)
Abstract

Users’ interactions with and expectations of technology often differ from assumptions held by developers and security experts. This is especially notable when designers assume that only one user is involved with a given system, when in reality there are multiple users and stakeholders. Our first instinct as security experts may be to discourage this behavior, whether it be advising users to better secure their devices or admonishing any kind of credential sharing altogether. However, users will continue to engage in these ``insecure'' behaviors for a wide variety of reasons rational and important to them. Rather than attempt to fit users into frameworks that are not aligned with their actual behavior and goals, my thesis focuses on understanding how users' motivations and behaviors around privacy and security differ from traditional assumptions in these multi-user environments and ways design and advice can be improved to take these realities into account.

First, to better understand how do users' perceptions and lived experiences differ from traditional assumptions related to security and privacy, I conducted a series of surveys with smart home device owners and users. I find that that owners of smart home devices often face casual, unauthorized use of their devices by people within their close social network, and their perceptions of what constitutes appropriate and inappropriate device use often differs from what we would expect. I then examine how users, when going against popular security advice and convention, create shared passwords in multi-user settings. I find that despite the shared nature of these passwords, these passwords are primarily create non-collaboratively. Finally, I examine ways in which a technological intervention, password managers, falls short in the space of password sharing. I highlight ways in which users' lived realities need to be taken into account when designing systems and solutions, especially when there are multiple users and stakeholders involved.

Bio

Phoebe Moh is a computer science PhD candidate whose work focuses primarily on how users’ interactions with and expectations of technology in practice differ from assumptions held by developers and security experts, especially when there are multiple users and stakeholders involved in the space of smart homes and online account passwords.

 

Examining Committee Chair: Dr. Michelle Mazurek

Dean's Representative: Dr. Wayne Lutters

Members:

Dr. Fumeng Yang

Dr. Yonghwi Kwon

Dr. Dave Levin

This talk is organized by Migo Gui