Alain Forget, Ph.D. , B.C.S., CIPT, CIPM Software Engineer and Researcher Usable Privacy and Security Google Mountain View, California (CA), United States of America (USA) E-mail: aforget@google.com

Table of Contents

Research Interests

My current research area of interest is broadly in usable privacy and security, the intersection of human-computer interaction (HCI), cybersecurity, and privacy. I am also interested in exploring the intersection of my current research areas with the domains of artificial intelligence, artificial life, augmented reality, economics, finance, mobile computing, social computing, and software engineering.

Biography

Present

Since April 2016, I am a Software Engineer of usable privacy and security at Google. I am one of many people who continually strive to make Google's products and services more privacy-respecting, secure, and usable. In September 2019, Google announced the publication of open source differential privacy libraries, which I co-authored.

I am an active member of the usable privacy and security research community by collaborating with external colleagues on research projects and participating in conference program committees, journal peer-reviewing, and so on.

I am a founding member of the Project Management Committee for the CipherShed Project, a successor to the discontinued TrueCrypt encryption software.

Past

I was a postdoctoral research scientist in the CyLab Usable Privacy and Security (CUPS) group at Carnegie Mellon University (CMU), working with Professors Lorrie Cranor, Nicolas Christin, Alessandro Acquisti, and Rahul Telang. At CMU, I built and led a team in the design, development, deployment, and on-going growth of the Security Behavior Observatory (SBO), a data collection architecture monitoring end-users' own computing behaviours. The objective of the SBO is to better understand the security and privacy challenges users actually face in the wild and reveal insights on how we may better address said challenges. I remain involved in the SBO as an external collaborator.

I completed my Ph.D. in Computer Science at Carleton University in 2012, supervised by Professors Robert Biddle and Sonia Chiasson, the Canada Research Chair in Human Oriented Computer Security. I was awarded a Senate Medal for Outstanding Graduate Work at the Doctoral level. My Ph.D. thesis was in the area of usable authentication, where I proposed and tested two novel authentication schemes (Persuasive Text Passwords and Cued Gaze-Points), examined approaches to teaching users a novel authentication scheme, and developed and user tested an architecture for providing users with a selection of authentication schemes deemed secure and usable by system administrators and usable authentication experts, thereby empowering users to select a scheme that best suits their abilities, preferences, and usage context.

In the summer of 2010, I interned alongside (now Prof.) Kami Vaniea at Microsoft Research. We worked with Dr. Stuart Schechter on usable access control in a collaborative environment.

My earliest research involved implementing feature modeling functionality into CASE tools. I also spent eight months with the Canadian Department of National Defence's Research and Development division developing Tyche: a stochastic military resource allocation simulator used for strategic planning.

Publications and Presentations

Fully Peer-Reviewed Articles

N. Navolio, G. Lemaitre, A. Forget, L. Heller (2016). The Egocentric Nature of Action-Sound Associations. Frontiers in Psychology 7(231).
View document on publisher site: Frontiers In Psychology.

A. Forget, S. Chiasson, R. Biddle (2015). User-Centred Authentication Feature Framework. Information and Computer Security 23(5), Emerald Insight.
Awarded Outstanding Paper in the 2016 Emerald Literati Network Awards for Excellence
View document on publisher site: Emerald Insight.

S. Chiasson, E. Stobert, A. Forget, R. Biddle, P.C. van Oorschot (2012). Persuasive Cued Click-Points: Design, implementation, and evaluation of a knowledge-based authentication mechanism. Transactions on Dependable and Secure Computing (TDSC) 9(2), March-April 2012, IEEE.
View document on publisher site: IEEEXplore.
Preliminary version: Technical Report TR-11-03

S. Chiasson, A. Forget, R. Biddle, P.C. van Oorschot (2009). User interface design affects security: Patterns in click-based graphical passwords. International Journal of Information Security 8(6), December 2009, Springer.
View document on publisher site: SpringerLink DOI: 10.1007/s10207-009-0080-7.
Preliminary version: Technical Report TR-08-14

Fully Peer-Reviewed Conference Papers

S. Pearman, J. Thomas, P.E. Naeini, H. Habib, L. Bauer, N. Christin, L.F. Cranor, S. Egelman, A. Forget (2017). Let's go in for a closer look: Observing passwords in their natural habitat. ACM Conference on Computer and Communications Security (CCS), October-November 2017, Dallas, USA.

C.I. Canfield, A. Davis, B. Fischhoff, A. Forget, S. Pearman, J. Thomas (2017). Replication: Challenges in Using Data Logs to Validate Phishing Detection Ability Metrics. USENIX Symposium on Usable Privacy and Security (SOUPS), July 2017, Santa Clara, USA.

A. Forget, S. Pearman, J. Thomas, A. Acquisti, N. Christin, L.F. Cranor, S. Egelman, M. Harbach, R. Telang (2016). Do or Do Not, There Is No Try: User Engagement May Not Improve Security Outcomes. USENIX Symposium on Usable Privacy and Security (SOUPS), June 2016, Denver, USA. (28% acceptance rate)
View document on publisher site: USENIX

R. Shay, L. Bauer, N. Christin, L.F. Cranor, A. Forget, S. Komanduri, M.L. Mazurek, W. Melicher, S.M. Segreti, B. Ur (2015). A Spoonful of Sugar? The Impact of Guidance and Feedback on Password-Creation Behavior. ACM SIGCHI Conference on Human Factors in Computing Systems (CHI), April 2015, Seoul, South Korea. (23% acceptance rate)

Y. Wang, P. Leon, A. Acquisti, L.F. Cranor, A. Forget, N. Sadeh (2014). A Field Trial of Privacy Nudges in Facebook. ACM SIGCHI Conference on Human Factors in Computing Systems (CHI), April-May 2014, Toronto, Canada. (23% acceptance rate)

A. Forget, S. Chiasson, R. Biddle (2012). Supporting Learning of an Unfamiliar Authentication Scheme. AACE World Conference on E-Learning in Corporate, Government, Healthcare, and Higher Education (E-Learn), October 2012, Montréal, Canada.

S. Chiasson, C. Deschamps, E. Stobert, M. Hlywa, B.F. Machado, A. Forget, N. Wright, G. Chan, R. Biddle (2012). The MVP Web-based Authentication Framework. Financial Cryptography and Data Security (FC), Springer LNCS, February-March 2012, Bonaire, Netherlands. (short paper)

E. Stobert, A. Forget, S. Chiasson, P.C. van Oorschot, R. Biddle (2010). Exploring Usability Effects of Increasing Security in Click-based Graphical Passwords. ACM Annual Computer Security Applications Conference (ACSAC), December 2010, Austin, USA. (17% acceptance rate)

D. LeBlanc, A. Forget, R. Biddle (2010). Guessing Click-Based Graphical Passwords by Eye Tracking. IEEE Privacy, Security, Trust (PST), August 2010, Ottawa, Canada.

A. Forget, S. Chiasson, R. Biddle (2010). Shoulder-Surfing Resistance with Eye-Gaze Entry in Click-Based Graphical Passwords. ACM SIGCHI Conference on Human Factors in Computing Systems (CHI), April 2010, Atlanta, USA. (Note, 22% acceptance rate)

S. Chiasson, A. Forget, E. Stobert, P.C. van Oorschot, R. Biddle (2009). Multiple Password Interference in Text Passwords and Click-Based Graphical Passwords. ACM Conference on Computer and Communications Security (CCS), November 2009, Chicago, USA. (18% acceptance rate)
Preliminary version: Technical Report TR-08-20

S. Chiasson, A. Forget, R. Biddle, P.C. van Oorschot (2008). Influencing Users Towards Better Passwords: Persuasive Cued Click-Points. HCI on People and Computers XXII, British Computer Society, September 2008, Liverpool, England. (29% acceptance rate)
Preliminary version: Technical Report TR-07-16

A. Forget, S. Chiasson, P.C. van Oorschot, R. Biddle (2008). Improving Text Passwords Through Persuasion. ACM Symposium on Usable Privacy and Security (SOUPS), July 2008, Pittsburgh, USA. (28% acceptance rate)

A. Forget, S. Chiasson, P.C. van Oorschot, R. Biddle (2008). Persuasion for Stronger Passwords: Motivation and Pilot Study. International Conference on Persuasive Technology, June 2008, Oulu, Finland.

A. Forget, S. Chiasson, R. Biddle (2007). Persuasion as Education for Computer Security. AACE World Conference on E-Learning in Corporate, Government, Healthcare, and Higher Education (E-Learn), October 2007, Québec City, Canada.

Peer-Reviewed Workshop Papers

A. Forget, S. Chiasson, R. Biddle (2015). Choose Your Own Authentication. ACM New Security Paradigms Workshop (NSPW), September 2015, Twente, The Netherlands.

A. Forget, S. Chiasson, R. Biddle (2014). Towards Supporting a Diverse Ecosystem of Authentication Schemes. Who are you?! Adventures in Authentication (WAY) workshop at the Symposium on Usable Privacy and Security (SOUPS), July 2014, Menlo Park, USA.

S. Chiasson, A. Forget, R. Biddle (2008). Accessibility and Graphical Passwords. Symposium on Accessible Privacy and Security (SOAPS) workshop at the Symposium on Usable Privacy and Security (SOUPS), July 2008, Pittsburgh, USA.

Peer-Reviewed Posters

S. Pearman, J. Thomas, P.E. Naeini, H. Habib, L. Bauer, N. Christin, L.F. Cranor, S. Egelman, A. Forget (2018). Let's go in for a closer look: Observing passwords in their natural habitat. USENIX Symposium on Usable Privacy and Security (SOUPS), August 2018, Baltimore, USA.
(Full paper previously published at CCS 2017)

Y. Wang, P. Leon, A. Acquisti, L.F. Cranor, A. Forget, N. Sadeh (2014). A Field Trial of Privacy Nudges in Facebook. USENIX Symposium on Usable Privacy and Security (SOUPS), July 2014, Menlo Park, USA.
Distinguished Poster Award. (see SOUPS 2014 program)
(Full paper previously published at CHI 2014)

A. Forget, S. Komanduri, A. Acquisti, N. Christin, L.F. Cranor, R. Telang (2014). Building the Security Behavior Observatory: An Infrastructure for Long-term Monitoring of Client Machines. IEEE Symposium and Bootcamp on the Science of Security (HotSoS), April 2014, Raleigh, USA.
Poster (jpg)

A. Forget, S. Chiasson, R. Biddle (2010). Input Precision for Gaze-Based Graphical Passwords. ACM SIGCHI Work-in-Progress (CHI WIP), April 2010, Atlanta, USA.

A. Forget, S. Chiasson, R. Biddle (2009). Lessons from Brain Age on Persuasion for Computer Security. ACM SIGCHI Work-in-Progress (CHI WIP), April 2009, Boston, USA.
Poster (jpg)

A. Forget, S. Chiasson, R. Biddle (2008). Lessons from Brain Age on Password Memorability. ACM Future Play, November 2008, Toronto, Canada.
Poster (jpg)

D. LeBlanc, S. Chiasson, A. Forget, R. Biddle (2008). Can eye gaze predict graphical passwords? ACM Symposium on Usable Privacy and Security (SOUPS), July 2008, Pittsburgh, USA.

A. Forget, R. Biddle (2008). Memorability of Persuasive Passwords. ACM SIGCHI Student Research Competition (CHI SRC), April 2008, Florence, Italy.
Poster (jpg)

A. Forget, D. Arnold, S. Chiasson (2007). CASE-FX: Feature Modeling Support in an OO CASE Tool. ACM Object-Oriented Programming, Software, Languages, and Applications (OOPSLA), October 2007, Montréal, Canada.
Poster (jpg)

A. Forget, S. Chiasson, R. Biddle (2007). Helping Users Protect Themselves from e-Criminals in Click-Based Graphical Passwords. Anti-Phishing Working Group (APWG) eCrime Researchers Summit, October 2007, Pittsburgh, USA.
Poster (jpg)

A. Forget, S. Chiasson, R. Biddle (2007). Helping Users Create Better Passwords: Is this the right approach? ACM Symposium on Usable Privacy and Security (SOUPS), July 2007, Pittsburgh, USA.
Poster (jpg)

Other

A. Forget, S. Komanduri, A. Acquisti, N. Christin, L.F. Cranor, R. Telang (2014). Security Behavior Observatory: Infrastructure for Long-term Monitoring of Client Machines. CMU CyLab Technical Report CMU-CyLab-14-009, July 2014, Pittsburgh, USA.

A. Forget, A. Acquisti, L.F. Cranor, N. Christin, R. Telang (2014). Deploying the Security Behavior Observatory: An Infrastructure for Long-term Monitoring of Client Machines. Poster at the Science of Security (SoS) Quarterly Lablet PI Meeting, July 2014, Pittsburgh, USA.

A. Forget, S. Komanduri, A. Acquisti, N. Christin, L.F. Cranor, R. Telang (2014). Building the Security Behavior Observatory: An Infrastructure for Long-term Monitoring of Client Machines. Invited talk at the IEEE Symposium and Bootcamp on the Science of Security (HotSoS), April 2014, Raleigh, USA.

A. Forget, L.F. Cranor, N. Christin, A. Acquisti, R. Telang (2013). Security Behavior Observatory. Poster at the CyLab Partners Conference, October 2013, Pittsburgh, USA.

A. Forget (2013). Flying South For The Career. Invited talk at the NSERC ISSNet 2013 Annual Workshop, April 2013, Victoria, Canada.

A. Forget (2012). A World with Many Authentication Schemes. Ph.D. Thesis. School of Computer Science, Carleton University, October 2012, Ottawa, Canada.
Awarded a Senate Medal for Outstanding Academic Achievement at the Doctoral level.

A. Forget, R. Biddle (2011). A World without Authentication. Lightning talk, ACM Symposium on Usable Privacy and Security (SOUPS), July 2011, Pittsburgh, USA.

A. Forget (2009). Introduction to ASP.NET. Guest lecture for COMP 3008 User Interface Architecture, School of Computer Science, Carleton University, October 2009, Ottawa, Canada.

A. Forget, R. Biddle (2009). Teaching Players about Secure Behaviour through In-Game Incentives. Presented at the Interacting with Immersive Worlds conference, June 2009, St. Catharines, Canada.

A. Forget, S. Chiasson, R. Biddle (2009). Lessons from Brain Age on Password Memorability. Invited poster for the Game Developers Conference, March 2009, San Francisco, USA.
Poster (jpg)

A. Forget (2008). Helping Users Create and Remember More Secure Text Passwords. Doctoral consortium, HCI on People and Computers XXII, British Computer Society, September 2008, Liverpool, England.
Poster (jpg)

A. Forget, R. Biddle (2008). Persuasion for the Security and Memorability of Text Passwords. Doctoral consortium, International Conference on Persuasive Technology, June 2008, Oulu, Finland.

A. Forget (2008). Improving Text Passwords Through Persuasion. Invited talk for CHIStuds, CapCHI on June 11, 2008.

A. Forget (2008). Improving Text Passwords Through Persuasion. Invited talk for CapCHI at the Algonquin College Programming Olympics on May 24, 2008.

D. Allen, C. Eisler, A. Forget (2006). A Users Guide to Tyche Version 2.0: Providing a Joint Flavour to Tyche. Department of National Defence, Ottawa, Canada. Technical Report TR 2006-14.

Teaching

Teaching Assistant

COMP 2402 Abstract Data Types and Algorithms, Carleton University, September-December 2011.
Instructor: Pat Morin

COMP 1501 Introduction to Computer Game Design, Carleton University, January-April 2011.
Instructor: David Mould

COMP 4002 Real-time 3D Game Engines, Carleton University, January-April 2010.
Instructor: Wilf LaLonde

COMP 3008 User Interface Architecture, Carleton University, September-December 2009.
Instructor: Imran Ahmad

COMP 4002 Real-time 3D Game Engines, Carleton University, January-April 2009.
Instructor: Wilf LaLonde

COMP 3004 Object-Oriented Software Engineering, Carleton University, September-December 2008.
Instructor: Dave Arnold

COMP 4002 Real-time 3D Game Engines, Carleton University, January-April 2008.
Instructor: Wilf LaLonde

COMP 3004 Object-Oriented Software Engineering, Carleton University, September-December 2007.
Instructor: Dave Arnold

COMP 4002 Real-time 3D Game Engines, Carleton University, January-April 2007.
Instructor: Wilf LaLonde

COMP 3004 Object-Oriented Software Engineering, Carleton University, September-December 2006.
Instructor: Dave Arnold

Service to the Profession

Program committees & organisation

Peer-reviewing

Volunteering and other service

Certifications

	IAPP Certified Information Privacy Manager (CIPM)
	IAPP Certified Information Privacy Technologist (CIPT)