Sanam Ghorbani Lyastani

Sanam Ghorbani Lyastani

UX Reseacher / PhD Candidate

CISPA Helmholtz Center for Information Security

I am a UX researcher devoted to making technology more user-friendly. I am wrapping up my Ph.D. journey at the CISPA Helmholtz Center for Information Security, Saarbrücken, Germany. My main research interests during my Ph.D. were passwords, multi-factor authentication, and passwordless authentication with FIDO2/WebAuthn. The results of my works have been published at top-tier scientific conferences like USENIX Security, IEEE S&P, and NDSS. See projects for summaries of my recent works.

Education
  • Ph.D. candidate, since 09/2016 (graduation expected 09/2023)

    CISPA Helmholtz Center for Information Secrurity, Department of Computer Science, Saarland University, Saarbrücken, Germany

  • Preparatory phase for graduate school, 04/2015 — 09/2016

    Department of Computer Science, Saarland University, Saarbrücken, Germany

  • Internship student, 05/2014 — 07/2014

    Center for Information Security, Privacy and Accountability (CISPA), Saarbrücken, Germany

  • Master of Computer Science (Information Security), 02/2012 — 09/2013

    UTM University, Kuala Lumpur, Malaysia

  • Bachelor of Information Technology (Information System Engineering), 11/2006 — 10/2010

    MMU University, Cyberjaya, Malaysia

Certificates

Coursera
Data Analysis with R Programming
See certificate
Coursera
Foundations of User Experience (UX) Design
See certificate
Coursera
Introduction to User Experience Principles and Processes
See certificate

Projects

Is FIDO2 the Kingslayer of User Authentication?
A Comparative Usability Study of FIDO2 Passwordless Authentication

Scientific Publications

(2023). A Systematic Study of the Consistency of Two-Factor Authentication User Journeys on Top-Ranked Websites. 30th Annual Network and Distributed System Security Symposium (NDSS ‘23).

PDF Cite Extended Version

(2020). Is FIDO2 the Kingslayer of User Authentication? A Comparative Usability Study of FIDO2 Passwordless Authentication. Proceedings of the 41st IEEE Symposium on Security and Privacy (Oakland'20).

PDF Cite

(2018). Better managed than memorized? Studying the Impact of Managers on Password Strength and Reuse. Proceedings of the 27th USENIX Security Symposium (USENIX Security'18).

PDF Cite

(2016). Poster: Improving Password Memorability and Strength Using Mangling Rules. Symposium on Usable Privacy and Security (SOUPS).