Joseph Bonneau
email   (PGP key)
mobile +1 650 804 6934
office +1 609 258 2203

I am a fellow at the Center For Information Technology Policy, Princeton. I'm focused on web authentication, cryptocurrencies, and TLS, though my past research has spanned side-channel cryptanalysis, protocol verification, software obfuscation, and privacy in social networks.

I completed my PhD in 2012 with the Security Group of the University of Cambridge Computer Laboratory, supervised by Professor Ross Anderson and funded as a Gates Cambridge Scholar. My PhD thesis formalises the analysis of human-chosen distributions of secrets, specifically passwords and PINs.

My background is in computer science, math, and cryptography, in which I earned my BS and MS from Stanford. I've worked on cryptography and security at Google, Cryptography Research, Inc and as a private consultant.

Selected publications

  • Towards reliable storage of 56-bit secrets in human memory
    Joseph Bonneau and Stuart Schechter. 23rd USENIX Security Symposium (to appear).
    Abstract Citation
  • The Tangled Web of Password Reuse
    Anupam Das, Joseph Bonneau, Matthew Caesar, Nikita Borisov and XiaoFeng Wang. NDSS '14: The 2014 Network and Distributed System Security Symposium.
    Abstract Citation
  • The science of guessing: analyzing an anonymized corpus of 70 million passwords
    Joseph Bonneau. 2012 IEEE Symposium on Security and Privacy.
    Abstract Citation
  • The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes
    Joseph Bonneau, Cormac Herley, Paul C. van Oorschot and Frank Stajano. 2012 IEEE Symposium on Security and Privacy.
    Abstract Citation
  • The password thicket: technical and market failures in human authentication on the web
    Joseph Bonneau and Sören Preibusch. WEIS '10: The 9th Workshop on the Economics of Information Security.
    Abstract Citation