Joseph Bonneau
email   (PGP key)
mobile +1 650 804 6934
office +1 609 258 2203

I am a postdoctoral researcher at the Applied Crypto Group at Stanford and a Technology Fellow at the Electronic Frontier Foundation, supported by a Secure Usability Fellowship through the Open Technology Fund and Simply Secure. My research focuses on secure communication tools, cryptocurrencies, web authentication and TLS, though my past research has spanned side-channel cryptanalysis, protocol verification, software obfuscation, and privacy in social networks.

I completed my PhD in 2012 with the Security Group at the University of Cambridge Computer Laboratory, supervised by Professor Ross Anderson and funded as a Gates Cambridge Scholar. My PhD thesis formalises the analysis of human-chosen distributions of secrets, specifically passwords and PINs.

My background is in computer science, math, and cryptography, in which I earned my BS and MS from Stanford. I was a fellow at at the Center For Information Technology Policy, Princeton in 2014 and I have also worked in cryptography and security at Google, Yahoo!, Cryptography Research, Inc and as a private consultant.

Selected publications

  • Upgrading HTTPS in Mid-Air: An Empirical Study of Strict Transport Security and Key Pinning
    Michael Kranch and Joseph Bonneau. NDSS '15: The 2015 Network and Distributed System Security Symposium (to appear).
    Abstract Citation
  • Towards reliable storage of 56-bit secrets in human memory
    Joseph Bonneau and Stuart Schechter. 23rd USENIX Security Symposium.
    Abstract Citation
  • The Tangled Web of Password Reuse
    Anupam Das, Joseph Bonneau, Matthew Caesar, Nikita Borisov and XiaoFeng Wang. NDSS '14: The 2014 Network and Distributed System Security Symposium.
    Abstract Citation
  • The science of guessing: analyzing an anonymized corpus of 70 million passwords
    Joseph Bonneau. 2012 IEEE Symposium on Security and Privacy.
    Abstract Citation
  • The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes
    Joseph Bonneau, Cormac Herley, Paul C. van Oorschot and Frank Stajano. 2012 IEEE Symposium on Security and Privacy.
    Abstract Citation
  • The password thicket: technical and market failures in human authentication on the web
    Joseph Bonneau and Sören Preibusch. WEIS '10: The 9th Workshop on the Economics of Information Security.
    Abstract Citation