Alain Forget, Ph.D.

, B.C.S., CIPT
Software Engineer and Researcher
Usable Privacy and Security
Google

Mountain View, California (CA), United States of America (USA)

E-mail: Click here to reveal

Table of Contents

Research Interests
Biography
Publications and Presentations
Teaching
Service to the Profession
Certifications

Research Interests

My current research area of interest is broadly in usable privacy and security, the intersection of human-computer interaction (HCI), cybersecurity, and privacy. I am also interested in exploring the intersection of my current research areas with the domains of artificial intelligence, artificial life, augmented reality, economics, finance, mobile computing, social computing, and software engineering.

Biography

Present

As of April 2016, I am a Software Engineer of usable privacy and security at Google. I am one of many people who continually strive to make Google's products and services more privacy-respecting, secure, and usable. I am also an active member of the usable privacy and security research community by collaborating with external colleagues on research projects and participating in conference program committees, journal peer-reviewing, and so on.

I am a founding member of the Project Management Committee for the CipherShed Project, a successor to the discontinued TrueCrypt encryption software.

Past

I was a postdoctoral research scientist in the CyLab Usable Privacy and Security (CUPS) group at Carnegie Mellon University (CMU), working with Professors Lorrie Cranor, Nicolas Christin, Alessandro Acquisti, and Rahul Telang. At CMU, I built and led a team in the design, development, deployment, and on-going growth of the Security Behavior Observatory (SBO), a data collection architecture monitoring end-users' own computing behaviours. The objective of the SBO is to better understand the security and privacy challenges users actually face in the wild and reveal insights on how we may better address said challenges. I remain involved in the SBO as an external collaborator.

I completed my Ph.D. in Computer Science at Carleton University in 2012, supervised by Professors Robert Biddle and Sonia Chiasson, the Canada Research Chair in Human Oriented Computer Security. I was awarded a Senate Medal for Outstanding Graduate Work at the Doctoral level. My Ph.D. thesis was in the area of usable authentication, where I proposed and tested two novel authentication schemes (Persuasive Text Passwords and Cued Gaze-Points), examined approaches to teaching users a novel authentication scheme, and developed and user tested an architecture for providing users with a selection of authentication schemes deemed secure and usable by system administrators and usable authentication experts, thereby empowering users to select a scheme that best suits their abilities, preferences, and usage context.

In the summer of 2010, I interned alongside (now Prof.) Kami Vaniea at Microsoft Research. We worked with Dr. Stuart Schechter on usable access control in a collaborative environment.

My earliest research involved implementing feature modeling functionality into CASE tools. I also spent eight months with the Canadian Department of National Defence's Research and Development division developing Tyche: a stochastic military resource allocation simulator used for strategic planning.

Publications and Presentations

Fully Peer-Reviewed Articles

N. Navolio, G. Lemaitre, A. Forget, L. Heller (2016). The Egocentric Nature of Action-Sound Associations. Frontiers in Psychology 7(231).
View document on publisher site: Frontiers In Psychology.

A. Forget, S. Chiasson, R. Biddle (2015). User-Centred Authentication Feature Framework. Information and Computer Security 23(5), Emerald Insight.
Awarded Outstanding Paper in the 2016 Emerald Literati Network Awards for Excellence
View document on publisher site: Emerald Insight.

S. Chiasson, E. Stobert, A. Forget, R. Biddle, P.C. van Oorschot (2012). Persuasive Cued Click-Points: Design, implementation, and evaluation of a knowledge-based authentication mechanism. Transactions on Dependable and Secure Computing (TDSC) 9(2), March-April 2012, IEEE.
View document on publisher site: IEEEXplore.
Preliminary version: Technical Report TR-11-03

S. Chiasson, A. Forget, R. Biddle, P.C. van Oorschot (2009). User interface design affects security: Patterns in click-based graphical passwords. International Journal of Information Security 8(6), December 2009, Springer.
View document on publisher site: SpringerLink DOI: 10.1007/s10207-009-0080-7.
Preliminary version: Technical Report TR-08-14

Fully Peer-Reviewed Conference Papers

S. Pearman, J. Thomas, P.E. Naeini, H. Habib, L. Bauer, N. Christin, L.F. Cranor, S. Egelman, A. Forget (2017). Let's go in for a closer look: Observing passwords in their natural habitat. ACM Conference on Computer and Communications Security (CCS), October-November 2017, Dallas, USA.

C.I. Canfield, A. Davis, B. Fischhoff, A. Forget, S. Pearman, J. Thomas (2017). Replication: Challenges in Using Data Logs to Validate Phishing Detection Ability Metrics. USENIX Symposium on Usable Privacy and Security (SOUPS), July 2017, Santa Clara, USA.

A. Forget, S. Pearman, J. Thomas, A. Acquisti, N. Christin, L.F. Cranor, S. Egelman, M. Harbach, R. Telang (2016). Do or Do Not, There Is No Try: User Engagement May Not Improve Security Outcomes. USENIX Symposium on Usable Privacy and Security (SOUPS), June 2016, Denver, USA. (28% acceptance rate)
View document on publisher site: USENIX

R. Shay, L. Bauer, N. Christin, L.F. Cranor, A. Forget, S. Komanduri, M.L. Mazurek, W. Melicher, S.M. Segreti, B. Ur (2015). A Spoonful of Sugar? The Impact of Guidance and Feedback on Password-Creation Behavior. ACM SIGCHI Conference on Human Factors in Computing Systems (CHI), April 2015, Seoul, South Korea. (23% acceptance rate)

Y. Wang, P. Leon, A. Acquisti, L.F. Cranor, A. Forget, N. Sadeh (2014). A Field Trial of Privacy Nudges in Facebook. ACM SIGCHI Conference on Human Factors in Computing Systems (CHI), April-May 2014, Toronto, Canada. (23% acceptance rate)

A. Forget, S. Chiasson, R. Biddle (2012). Supporting Learning of an Unfamiliar Authentication Scheme. AACE World Conference on E-Learning in Corporate, Government, Healthcare, and Higher Education (E-Learn), October 2012, Montréal, Canada.

S. Chiasson, C. Deschamps, E. Stobert, M. Hlywa, B.F. Machado, A. Forget, N. Wright, G. Chan, R. Biddle (2012). The MVP Web-based Authentication Framework. Financial Cryptography and Data Security (FC), Springer LNCS, February-March 2012, Bonaire, Netherlands. (short paper)

E. Stobert, A. Forget, S. Chiasson, P.C. van Oorschot, R. Biddle (2010). Exploring Usability Effects of Increasing Security in Click-based Graphical Passwords. ACM Annual Computer Security Applications Conference (ACSAC), December 2010, Austin, USA. (17% acceptance rate)

D. LeBlanc, A. Forget, R. Biddle (2010). Guessing Click-Based Graphical Passwords by Eye Tracking. IEEE Privacy, Security, Trust (PST), August 2010, Ottawa, Canada.

A. Forget, S. Chiasson, R. Biddle (2010). Shoulder-Surfing Resistance with Eye-Gaze Entry in Click-Based Graphical Passwords. ACM SIGCHI Conference on Human Factors in Computing Systems (CHI), April 2010, Atlanta, USA. (Note, 22% acceptance rate)

S. Chiasson, A. Forget, E. Stobert, P.C. van Oorschot, R. Biddle (2009). Multiple Password Interference in Text Passwords and Click-Based Graphical Passwords. ACM Conference on Computer and Communications Security (CCS), November 2009, Chicago, USA. (18% acceptance rate)
Preliminary version: Technical Report TR-08-20

S. Chiasson, A. Forget, R. Biddle, P.C. van Oorschot (2008). Influencing Users Towards Better Passwords: Persuasive Cued Click-Points. HCI on People and Computers XXII, British Computer Society, September 2008, Liverpool, England. (29% acceptance rate)
Preliminary version: Technical Report TR-07-16

A. Forget, S. Chiasson, P.C. van Oorschot, R. Biddle (2008). Improving Text Passwords Through Persuasion. ACM Symposium on Usable Privacy and Security (SOUPS), July 2008, Pittsburgh, USA. (28% acceptance rate)

A. Forget, S. Chiasson, P.C. van Oorschot, R. Biddle (2008). Persuasion for Stronger Passwords: Motivation and Pilot Study. International Conference on Persuasive Technology, June 2008, Oulu, Finland.

A. Forget, S. Chiasson, R. Biddle (2007). Persuasion as Education for Computer Security. AACE World Conference on E-Learning in Corporate, Government, Healthcare, and Higher Education (E-Learn), October 2007, Québec City, Canada.

Peer-Reviewed Workshop Papers

A. Forget, S. Chiasson, R. Biddle (2015). Choose Your Own Authentication. ACM New Security Paradigms Workshop (NSPW), September 2015, Twente, The Netherlands.

A. Forget, S. Chiasson, R. Biddle (2014). Towards Supporting a Diverse Ecosystem of Authentication Schemes. Who are you?! Adventures in Authentication (WAY) workshop at the Symposium on Usable Privacy and Security (SOUPS), July 2014, Menlo Park, USA.

S. Chiasson, A. Forget, R. Biddle (2008). Accessibility and Graphical Passwords. Symposium on Accessible Privacy and Security (SOAPS) workshop at the Symposium on Usable Privacy and Security (SOUPS), July 2008, Pittsburgh, USA.

Peer-Reviewed Posters

A. Forget, S. Komanduri, A. Acquisti, N. Christin, L.F. Cranor, R. Telang (2014). Building the Security Behavior Observatory: An Infrastructure for Long-term Monitoring of Client Machines. IEEE Symposium and Bootcamp on the Science of Security (HotSoS), April 2014, Raleigh, USA.
Poster (jpg)

A. Forget, S. Chiasson, R. Biddle (2010). Input Precision for Gaze-Based Graphical Passwords. ACM SIGCHI Work-in-Progress (CHI WIP), April 2010, Atlanta, USA.

A. Forget, S. Chiasson, R. Biddle (2009). Lessons from Brain Age on Persuasion for Computer Security. ACM SIGCHI Work-in-Progress (CHI WIP), April 2009, Boston, USA.
Poster (jpg)

A. Forget, S. Chiasson, R. Biddle (2008). Lessons from Brain Age on Password Memorability. ACM Future Play, November 2008, Toronto, Canada.
Poster (jpg)

D. LeBlanc, S. Chiasson, A. Forget, R. Biddle (2008). Can eye gaze predict graphical passwords? ACM Symposium on Usable Privacy and Security (SOUPS), July 2008, Pittsburgh, USA.

A. Forget, R. Biddle (2008). Memorability of Persuasive Passwords. ACM SIGCHI Student Research Competition (CHI SRC), April 2008, Florence, Italy.
Poster (jpg)

A. Forget, D. Arnold, S. Chiasson (2007). CASE-FX: Feature Modeling Support in an OO CASE Tool. ACM Object-Oriented Programming, Software, Languages, and Applications (OOPSLA), October 2007, Montréal, Canada.
Poster (jpg)

A. Forget, S. Chiasson, R. Biddle (2007). Helping Users Protect Themselves from e-Criminals in Click-Based Graphical Passwords. Anti-Phishing Working Group (APWG) eCrime Researchers Summit, October 2007, Pittsburgh, USA.
Poster (jpg)

A. Forget, S. Chiasson, R. Biddle (2007). Helping Users Create Better Passwords: Is this the right approach? ACM Symposium on Usable Privacy and Security (SOUPS), July 2007, Pittsburgh, USA.
Poster (jpg)

Other

A. Forget, S. Komanduri, A. Acquisti, N. Christin, L.F. Cranor, R. Telang (2014). Security Behavior Observatory: Infrastructure for Long-term Monitoring of Client Machines. CMU CyLab Technical Report CMU-CyLab-14-009, July 2014, Pittsburgh, USA.

A. Forget, A. Acquisti, L.F. Cranor, N. Christin, R. Telang (2014). Deploying the Security Behavior Observatory: An Infrastructure for Long-term Monitoring of Client Machines. Poster at the Science of Security (SoS) Quarterly Lablet PI Meeting, July 2014, Pittsburgh, USA.

A. Forget, S. Komanduri, A. Acquisti, N. Christin, L.F. Cranor, R. Telang (2014). Building the Security Behavior Observatory: An Infrastructure for Long-term Monitoring of Client Machines. Invited talk at the IEEE Symposium and Bootcamp on the Science of Security (HotSoS), April 2014, Raleigh, USA.

A. Forget, L.F. Cranor, N. Christin, A. Acquisti, R. Telang (2013). Security Behavior Observatory. Poster at the CyLab Partners Conference, October 2013, Pittsburgh, USA.

A. Forget (2013). Flying South For The Career. Invited talk at the NSERC ISSNet 2013 Annual Workshop, April 2013, Victoria, Canada.

A. Forget (2012). A World with Many Authentication Schemes. Ph.D. Thesis. School of Computer Science, Carleton University, October 2012, Ottawa, Canada.
Awarded a Senate Medal for Outstanding Academic Achievement at the Doctoral level.

A. Forget, R. Biddle (2011). A World without Authentication. Lightning talk, ACM Symposium on Usable Privacy and Security (SOUPS), July 2011, Pittsburgh, USA.

A. Forget (2009). Introduction to ASP.NET. Guest lecture for COMP 3008 User Interface Architecture, School of Computer Science, Carleton University, October 2009, Ottawa, Canada.

A. Forget, R. Biddle (2009). Teaching Players about Secure Behaviour through In-Game Incentives. Presented at the Interacting with Immersive Worlds conference, June 2009, St. Catharines, Canada.

A. Forget, S. Chiasson, R. Biddle (2009). Lessons from Brain Age on Password Memorability. Invited poster for the Game Developers Conference, March 2009, San Francisco, USA.
Poster (jpg)

A. Forget (2008). Helping Users Create and Remember More Secure Text Passwords. Doctoral consortium, HCI on People and Computers XXII, British Computer Society, September 2008, Liverpool, England.
Poster (jpg)

A. Forget, R. Biddle (2008). Persuasion for the Security and Memorability of Text Passwords. Doctoral consortium, International Conference on Persuasive Technology, June 2008, Oulu, Finland.

A. Forget (2008). Improving Text Passwords Through Persuasion. Invited talk for CHIStuds, CapCHI on June 11, 2008.

A. Forget (2008). Improving Text Passwords Through Persuasion. Invited talk for CapCHI at the Algonquin College Programming Olympics on May 24, 2008.

D. Allen, C. Eisler, A. Forget (2006). A Users Guide to Tyche Version 2.0: Providing a Joint Flavour to Tyche. Department of National Defence, Ottawa, Canada. Technical Report TR 2006-14.

Teaching

Teaching Assistant

COMP 2402 Abstract Data Types and Algorithms, Carleton University, September-December 2011.
Instructor: Pat Morin

COMP 1501 Introduction to Computer Game Design, Carleton University, January-April 2011.
Instructor: David Mould

COMP 4002 Real-time 3D Game Engines, Carleton University, January-April 2010.
Instructor: Wilf LaLonde

COMP 3008 User Interface Architecture, Carleton University, September-December 2009.
Instructor: Imran Ahmad

COMP 4002 Real-time 3D Game Engines, Carleton University, January-April 2009.
Instructor: Wilf LaLonde

COMP 3004 Object-Oriented Software Engineering, Carleton University, September-December 2008.
Instructor: Dave Arnold

COMP 4002 Real-time 3D Game Engines, Carleton University, January-April 2008.
Instructor: Wilf LaLonde

COMP 3004 Object-Oriented Software Engineering, Carleton University, September-December 2007.
Instructor: Dave Arnold

COMP 4002 Real-time 3D Game Engines, Carleton University, January-April 2007.
Instructor: Wilf LaLonde

COMP 3004 Object-Oriented Software Engineering, Carleton University, September-December 2006.
Instructor: Dave Arnold

Service to the Profession

Program committees & organisation

Years Role Venue Abbr. Full Venue Name Publisher
2015-2016 Program Committee Member SOUPS Symposium on Usable Privacy and Security USENIX
2016 Program Committee Member SOUPS workshop Who are you?! Adventures in Authentication workshop Online
2015 Program Committee Member USEC Workshop on Usable Security Internet Society
2013-2014 Program Committee Member GI Graphics Interface, HCI Track ACM
2014 Program Committee Member PASSAT International Conference on Privacy, Security, Risk and Trust ASE
2014 Lightning Talks and Demos Chair SOUPS Symposium on Usable Privacy and Security USENIX
2014 Program Committee Member CHI workshop Workshop on Inconspicuous Interaction at the SIGCHI Conference on Human Factors in Computing Systems (CHI) ACM
2013 Lightning Talks and Demos Co-Chair SOUPS Symposium on Usable Privacy and Security ACM

Peer-reviewing

Years Venue Abbr. Full Venue Name Publisher
2009-2016 CHI SIGCHI Conference on Human Factors in Computing Systems ACM
2015 TDSC Transactions on Dependable and Secure Computing IEEE
2015 TISSEC Transactions on Information and System Security ACM
2015 n/a Software, Special Issue: Security and Privacy on the Web IEEE
2015 n/a Computers & Security Elsevier
2015 n/a Transactions on Emerging Topics in Computing, Special Issue: Emerging Topics in Cyber Security IEEE
2014 n/a Privacy and Security, Special Issue: Pervasive Computing IEEE
2014 SOUPS Symposium on Usable Privacy and Security USENIX
2014 TRUST International Conference on Trust & Trustworthy Computing Springer
2014 FC Financial Cryptography and Data Security Springer
2012 SOUPS Symposium on Usable Privacy and Security Posters ACM
2010,2012 GI Graphics Interface, HCI Track ACM
2009-2011 British HCI Conference of HCI on People and Computers BCS
2011 USENIX Security USENIX Security Symposium USENIX
2011 INTERACT IFIP Conference on Human-Computer Interaction Springer
2010 GRAND Graphics, Animation and New Media Workshop ACM
2009 CCS Conference on Computer and Communications Security ACM

Volunteering and other service

Years Role Abbr. Full Name
2014-current Project Management Committee member CipherShed CipherShed Project
2014-2015 General Volunteer SOUPS USENIX Symposium on Usable Privacy and Security
2011 Student Volunteer CHI ACM SIGCHI Conference on Human Factors in Computing Systems
2007 General Assistant, Webmaster, and Student Volunteer WikiSym ACM International Symposium on Wikis
2007 Student Volunteer OOPSLA ACM Object-Oriented Software, Programming, Languages, and Applications (OOPSLA) conference

Certifications

IAPP Certified Information Privacy Technologist (CIPT)