Alain Forget
About
Alain completed his PhD in Computer Science in 2012.
His thesis was entitled “A world with many authentication schemes”. He was awarded a Senate Medal for Outstanding Graduate Work at the Doctoral level. His PhD thesis was in the area of usable authentication, where I proposed and tested two novel authentication schemes (Persuasive Text Passwords and Cued Gaze-Points), examined approaches to teaching users a novel authentication scheme, and developed an architecture for providing users with a selection of authentication schemes deemed secure and usable by system administrators and usable authentication experts, thereby empowering users to select a scheme that best suits their abilities, preferences, and usage context.
Alain completed a postdoc at CMU.
He is currently a Software Engineer of usable privacy and security at Google.
His personal website is at https://people.scs.carleton.ca/~aforget/
Research Interests
His current research area focuses on usable security and privacy, the intersection of human-computer interaction (HCI), cybersecurity, and privacy. He is also interested in exploring the intersection of my current research areas with the domains of artificial intelligence, artificial life, augmented reality, economics, finance, mobile computing, social computing, and software engineering.
Thesis abstract
Usability and security challenges with standard text passwords have led researchers and professionals to consider alternative authentication schemes. This thesis explores the various challenges inherent in supporting a practical reality of authentication scheme diversity. We address these challenges by proposing the following solutions aimed at providing users with a usable and secure authentication experience through alternative schemes.
We developed a framework for developers, researchers, professionals, and users to identify and compare the user-centred features that may be supported by authentication schemes. We also performed empirical studies on two novel authentication schemes. We demonstrate that our text-based password scheme, Persuasive Text Passwords, can influence users to create more secure passwords that are memorable. We also show that our gaze-based graphical password scheme, Cued Gaze-Points, is usable and may o er resistance against shoulder-surfing attacks at the cost of reduced resistance against password guessing attacks. Furthermore, we built and user tested four different tutorial formats to determine which is most effective at teaching users a novel authentication scheme. Finally, we designed Choose Your Own Authentication (CYOA); an architecture that enables users to choose an authentication scheme amongst several available alternatives. CYOA provides numerous benefits to end-users, as well as security administrators who manage the back-end portion of the authentication, and researchers who develop novel authentication technologies. Finally, we discuss the design of a usability study of CYOA, to evaluate how users will leverage and cope with the power of choice between authentication schemes.
Publications
Articles
-
![[DOI]](https://chorus.scs.carleton.ca/wp-content/plugins/papercite/img/external.png)
Sonia Chiasson, Elizabeth Stobert, Alain Forget, Robert Biddle, and P. C. van Oorschot. [Journal Article] Persuasive Cued Click Points: Design, implementation, and evaluation of a knowledge-based authentication mechanism. Transactions on Dependable and Secure Computing (TDSC), 9(2):222–235, 2012.
![[PDF]](https://chorus.scs.carleton.ca/wp-content/plugins/papercite/img/pdf.png)
[Bibtex]
@ARTICLE{chiasson2012pccp-tdsc, author = {Chiasson, Sonia and Stobert, Elizabeth and Forget, Alain and Biddle, Robert and van Oorschot, P. C.}, title = {[Journal Article] Persuasive Cued Click Points: Design, implementation, and evaluation of a knowledge-based authentication mechanism}, journal = {Transactions on Dependable and Secure Computing (TDSC)}, year = {2012}, volume = {9}, pages = {222--235}, number = {2}, doi={10.1109/TDSC.2011.55}, note = {Articles}, publisher = {IEEE} } - Sonia Chiasson, Alain Forget, Robert Biddle, and P. C. van Oorschot. [Journal Article] User interface design affects security: Patterns in click-based graphical passwords. International Journal of Information Security, 8(6):387–398, 2009.
[Bibtex]
@ARTICLE{chiasson2009patterns-ijis, author = {Chiasson, Sonia and Forget, Alain and Biddle, Robert and van Oorschot, P. C.}, title = {[Journal Article] User interface design affects security: Patterns in click-based graphical passwords}, journal = {International Journal of Information Security}, year = {2009}, volume = {8}, pages = {387--398}, number = {6}, note = {Articles}, doi={10.1007/s10207-009-0080-7}, organization = {Springer-Verlag} }
Conference Papers
- Alain Forget, Sonia Chiasson, and Robert Biddle. [Paper] Choose Your Own Authentication. In New Security Paradigm Workshop (NSPW). ACM, 2015.
[Bibtex]
@INPROCEEDINGS{forget2015cyoa-nspw, author = {Forget, Alain and Chiasson, Sonia and Biddle, Robert}, title = {[Paper] Choose Your Own Authentication}, booktitle = {New Security Paradigm Workshop ({NSPW})}, year = {2015}, organization = {ACM}, note = {Conference Papers} } - Sonia Chiasson, Chris Deschamps, Elizabeth Stobert, Max Hlywa, Bruna Freitas Machado, Alain Forget, Nicholas Wright, Gerry Chan, and Robert Biddle. [Paper] The MVP Web-Based Authentication Framework. In International Conference on Financial Cryptography and Data Security (FC), page 16–24. Springer Berlin/Heidelberg, 2012.
[Bibtex]
@INPROCEEDINGS{chiasson2012mvp-fc, author = {Chiasson, Sonia and Deschamps, Chris and Stobert, Elizabeth and Hlywa, Max and Freitas Machado, Bruna and Forget, Alain and Wright, Nicholas and Chan, Gerry and Biddle, Robert}, title = {[Paper] The {MVP} Web-Based Authentication Framework}, booktitle = {International Conference on Financial Cryptography and Data Security (FC)}, year = {2012}, pages = {16--24}, organization = {Springer Berlin/Heidelberg}, note = {Conference Papers} } - Alain Forget, Sonia Chiasson, and Robert Biddle. [Paper] Supporting learning of an unfamiliar authentication scheme. In World Conference on E-Learning in Corporate, Government, Healthcare and Higher Education (E-LEARN), page 1002–1011. AACE, 2012.
[Bibtex]
@INPROCEEDINGS{forget2012supportinglearning-elearn, author = {Forget, Alain and Chiasson, Sonia and Biddle, Robert}, title = {[Paper] Supporting learning of an unfamiliar authentication scheme}, booktitle = {World Conference on E-Learning in Corporate, Government, Healthcare and Higher Education (E-LEARN)}, year = {2012}, pages = {1002--1011}, organization = {AACE}, note = {Conference Papers} } - Alain Forget, Sonia Chiasson, and Robert Biddle. [Paper] Shoulder-surfing resistance with eye-gaze entry in cued-recall graphical passwords. In SIGCHI Conference on Human factors in Computing Systems (CHI), page 1107–1110. ACM, 2010.
[Bibtex]
@INPROCEEDINGS{forget2010shoulder-chi, author = {Forget, Alain and Chiasson, Sonia and Biddle, Robert}, title = {[Paper] Shoulder-surfing resistance with eye-gaze entry in cued-recall graphical passwords}, booktitle = {SIGCHI Conference on Human factors in Computing Systems (CHI)}, year = {2010}, pages = {1107--1110}, organization = {ACM}, note = {Conference Papers} } - Elizabeth Stobert, Alain Forget, Sonia Chiasson, Paul C. van Oorschot, and Robert Biddle. [Paper] Exploring usability effects of increasing security in click-based graphical passwords. In Annual Computer Security Applications Conference (ACSAC), page 79–88. ACM, 2010.
[Bibtex]
@INPROCEEDINGS{stobert2010increasingsecurity-acsac, author = {Stobert, Elizabeth and Forget, Alain and Chiasson, Sonia and van Oorschot, Paul C and Biddle, Robert}, title = {[Paper] Exploring usability effects of increasing security in click-based graphical passwords}, booktitle = {Annual Computer Security Applications Conference (ACSAC)}, year = {2010}, pages = {79--88}, organization = ACM, note = {Conference Papers} } - Sonia Chiasson, Alain Forget, Elizabeth Stobert, P. C. {van Oorschot}, and Robert Biddle. [Paper] Multiple password interference in text passwords and click-based graphical passwords. In Conference on Computer and Communications Security (CCS), page 500–511. ACM, 2009.
[Bibtex]
@INPROCEEDINGS{chiasson2009interference-ccs, author = {Chiasson, Sonia and Forget, Alain and Stobert, Elizabeth and {van Oorschot}, P. C. and Biddle, Robert}, title = {[Paper] Multiple password interference in text passwords and click-based graphical passwords}, booktitle = {Conference on Computer and Communications Security (CCS)}, year = {2009}, pages = {500--511}, organization = {ACM}, note = {Conference Papers} } - Sonia Chiasson, Alain Forget, Robert Biddle, and P. C. van Oorschot. [Paper] Influencing users towards better passwords: Persuasive Cued Click Points. In British HCI Annual Conference, page 121–130. British Computer Society, 2008.
[Bibtex]
@INPROCEEDINGS{chiasson2008pccp-british, author = {Chiasson, Sonia and Forget, Alain and Biddle, Robert and van Oorschot, P. C.}, title = {[Paper] Influencing users towards better passwords: Persuasive Cued Click Points}, booktitle = {British HCI Annual Conference}, year = {2008}, pages = {121--130}, organization = {British Computer Society}, note = {Conference Papers} } - Alain Forget, Sonia Chiasson, P. C. van Oorschot, and Robert Biddle. [Paper] Improving text passwords through persuasion. In Symposium on Usable Privacy and Security (SOUPS), page 1–12. ACM, 2008.
[Bibtex]
@INPROCEEDINGS{forget2008improvingtext-soups, author = {Forget, Alain and Chiasson, Sonia and van Oorschot, P. C. and Biddle,Robert}, title = {[Paper] Improving text passwords through persuasion}, booktitle = {Symposium on Usable Privacy and Security (SOUPS)}, year = {2008}, pages = {1--12}, organization = {ACM}, note = {Conference Papers} } - Alain Forget, Sonia Chiasson, and Robert Biddle. [Paper] Persuasion as education for computer security. In World Conference on E-Learning in Corporate, Government, Healthcare and Higher Education (E-LEARN), page 822–829 2007.
[Bibtex]
@INPROCEEDINGS{forget2007persuasion-elearn, author = {Forget, Alain and Chiasson, Sonia and Biddle, Robert}, title = {[Paper] Persuasion as education for computer security}, booktitle = {World Conference on E-Learning in Corporate, Government, Healthcare and Higher Education (E-LEARN)}, year = {2007}, pages = {822--829}, note = {Conference Papers} }
Extended Abstracts and Workshop Papers
- Alain Forget, Sonia Chiasson, and Robert Biddle. [Workshop paper] Towards Supporting a Diverse Ecosystem of Authentication Schemes. WAY Workshop, Symposium on Usable Privacy and Security (SOUPS), 2014.
[Bibtex]
@MISC{forget2014ecosystem-way, author = {Forget, Alain and Chiasson, Sonia and Biddle, Robert}, title = {[Workshop paper] Towards Supporting a Diverse Ecosystem of Authentication Schemes}, howpublished = {WAY Workshop, Symposium on Usable Privacy and Security (SOUPS)}, year = {2014}, note = {Extended Abstracts and Workshop Papers} } - Elizabeth Stobert, Alain Forget, Sonia Chiasson, and Robert Biddle. [Workshop Paper] Trade-offs in Click-based Graphical Passwords: Usability vs. Password Space. In GRAND Annual Conference 2012.
[Bibtex]@INPROCEEDINGS{stobert2012tradeoffs-grand, author = {Stobert, Elizabeth and Forget, Alain and Chiasson, Sonia and Biddle, Robert}, title = {[Workshop Paper] Trade-offs in Click-based Graphical Passwords: Usability vs. Password Space}, booktitle = {GRAND Annual Conference}, year = {2012}, note = {Extended Abstracts and Workshop Papers} } - Alain Forget, Sonia Chiasson, and Robert Biddle. [Extended abstract] Input precision for gaze-based graphical passwords. In SIGCHI Conference on Human factors in Computing Systems (CHI) Extended Abstracts, page 4279–4284. ACM, 2010.
[Bibtex]
@INPROCEEDINGS{forget2010gaze-chi, author = {Forget, Alain and Chiasson, Sonia and Biddle, Robert}, title = {[Extended abstract] Input precision for gaze-based graphical passwords}, booktitle = {SIGCHI Conference on Human factors in Computing Systems (CHI) Extended Abstracts}, year = {2010}, pages = {4279--4284}, organization = {ACM}, note = {Extended Abstracts and Workshop Papers} } - Alain Forget, Sonia Chiasson, and Robert Biddle. [Extended abstract] Lessons from Brain Age on persuasion for computer security. In SIGCHI Conference on Human factors in Computing Systems (CHI) Extended Abstracts, page 4435–4440. ACM, 2009.
[Bibtex]
@INPROCEEDINGS{forget2009lessons-chi, author = {Forget, Alain and Chiasson, Sonia and Biddle, Robert}, title = {[Extended abstract] Lessons from Brain Age on persuasion for computer security}, booktitle = {SIGCHI Conference on Human factors in Computing Systems (CHI) Extended Abstracts}, year = {2009}, pages = {4435--4440}, organization = {ACM}, note = {Extended Abstracts and Workshop Papers} } - Sonia Chiasson, Alain Forget, and Robert Biddle. [Workshop paper] Accessibility and graphical passwords. Symposium on Accessible Privacy and Security (SOAPS), 2008.
[Bibtex]
@MISC{chiasson2008accessibility-soaps, author = {Chiasson, Sonia and Forget, Alain and Biddle, Robert}, title = {[Workshop paper] Accessibility and graphical passwords}, howpublished = {Symposium on Accessible Privacy and Security (SOAPS)}, year = {2008}, note = {Extended Abstracts and Workshop Papers} } - Alain Forget, Sonia Chiasson, and Robert Biddle. [Extended abstract] Lessons from Brain Age on Password Memorability. In Future Play Conference. ACM, 2008.
[Bibtex]
@INPROCEEDINGS{forget2008brainage-futureplay, author = {Alain Forget AND Sonia Chiasson AND Robert Biddle}, title = {[Extended abstract] Lessons from Brain Age on Password Memorability}, booktitle = {Future Play Conference}, year = {2008}, organization = {ACM}, note = {Extended Abstracts and Workshop Papers} } - Daniel LeBlanc, Sonia Chiasson, Alain Forget, and Robert Biddle. [Extended abstract] Can eye gaze reveal graphical passwords?. In Symposium on Usable Privacy and Security (SOUPS) 2008.
[Bibtex]
@INPROCEEDINGS{leblanc2008eyegaze-soups, author = {LeBlanc, Daniel and Chiasson, Sonia and Forget, Alain and Biddle, Robert}, title = {[Extended abstract] Can eye gaze reveal graphical passwords?}, booktitle = {Symposium on Usable Privacy and Security (SOUPS)}, year = {2008}, note = {Extended Abstracts and Workshop Papers} } - Alain Forget, Dave Arnold, and Sonia Chiasson. [Extended abstract] CASE-FX: feature modeling support in an OO Case tool. In SIGPLAN Conference on Object-Oriented Programming Systems and Applications (OOPSLA), page 803–804. ACM, 2007.
[Bibtex]
@INPROCEEDINGS{forget2007case-oopsla, author = {Forget, Alain and Arnold, Dave and Chiasson, Sonia}, title = {[Extended abstract] {CASE-FX}: feature modeling support in an {OO} Case tool}, booktitle = {SIGPLAN Conference on Object-Oriented Programming Systems and Applications (OOPSLA)}, year = {2007}, pages = {803--804}, organization = {ACM}, note = {Extended Abstracts and Workshop Papers} } - Alain Forget, Sonia Chiasson, and Robert Biddle. [Extended abstract] Helping users create better passwords: is this the right approach?. In Symposium on Usable Privacy and Security (SOUPS), page 151–152. ACM, 2007.
[Bibtex]
@INPROCEEDINGS{forget2007betterpasswords-soups, author = {Forget, Alain and Chiasson, Sonia and Biddle, Robert}, title = {[Extended abstract] Helping users create better passwords: is this the right approach?}, booktitle = { Symposium on Usable Privacy and Security (SOUPS)}, year = {2007}, pages = {151--152}, organization = {ACM}, note = {Extended Abstracts and Workshop Papers} } - Alain Forget, Sonia Chiasson, and Robert Biddle. [Extended abstract] Helping Users Protect Themselves from e-Criminals in Click-Based Graphical Passwords. In Anti-Phishing Working Group (APWG) eCrime Researchers Summit 2007.
[Bibtex]
@INPROCEEDINGS{forget2007helping-apwg, author = {Forget, Alain and Chiasson, Sonia and Biddle, Robert}, title = {[Extended abstract] Helping Users Protect Themselves from e-Criminals in Click-Based Graphical Passwords}, booktitle = {Anti-Phishing Working Group (APWG) eCrime Researchers Summit}, year = {2007}, note = {Extended Abstracts and Workshop Papers} }
Theses
- Alain Forget. [Thesis] A World with many authentication schemes. PhD thesis, School of Computer Science, Carleton University, 2012.
[Bibtex]
@PHDTHESIS{forget2012thesis-carleton, author = {Alain Forget}, title = {[Thesis] A World with many authentication schemes}, school = {School of Computer Science, Carleton University}, year = {2012}, note = {Theses} }