I’m a scientist who criticizes the how scientists conduct ourselves, a security technologist who debunks security technologies, and a human-subjects researcher who isn’t the best people person. This doesn’t make me very popular…
…at least until people learn that my research debunking common security practices is part of the reason why they no longer have to answer so many ‘security’ questions,1 why their employer no longer asks them to reset their password every 90 days, and why many websites no longer care if your password has digits, punctuation, or uppercase letters.
I’m currently engaged on my war on social stratification in science from a desk at the School of Engineering and Applied Sciences at Harvard,2 where I am an ‘Associate\0’.3 I continue to work on ensuring that security doesn’t backfire, both through research and building DiceKeys (US Patent 11,438,182 B2). I formerly worked at Microsoft Research and MIT Lincoln Laboratory. I served nine years as a Resident Tutor in Harvard’s Leverett House.
I am available to conduct scoreless peer review of scientific research on topics including human factors in security (AKA usable security) and more generally in evaluating novel experimental methodologies for human subjects experiments.
My preferred pronouns are he/him but I also welcome they.
Subscribe to receive future posts by sending me an email (which I might actually read) or following me at @MildlyAggrievedScientist.