Yi Xu, Gerardo Reynaga, Sonia Chiasson, Jan-Michael Frahm, Fabian Monrose and Paul Van Oorschot . Security and Usability Challenges of Moving-Object CAPTCHAs: Decoding Codewords in Motion. In Proceedings of the USENIX Security Symposium, August, 2012.  (PDF). You can find out more information (including videos) here.

     Yi Xu, Gerardo Reynaga, Sonia Chiasson, Jan-Michael Frahm and Fabian Monrose. Security and Usability Challenges of Moving-Object CAPTCHAs: Decoding Codewords in Motion. In Proceedings IEE Transactions on Dependable and Secure Computing, February, 2014. (PDF)

    Text passwords

   Katherine Shaw, Andrew White, Elliott Moreton and Fabian Monrose. Emergent faithfulness to morphological and semantic heads in lexical blends. In Proceedings of Phonology (PDF)

   Andrew White, Katherine Shaw, Fabian Monrose and Elliott Moreton. Isn’t that Fantabulous: Security, Linguistic and Usability Challenges of Pronounceable Tokens. In Proceedings of New Security Paradigms Workshop (NSPW) (PDF)

    Yinqian Zhang, Fabian Monrose and M.K. Reiter. The Security of Modern Password Expiration: An Algorithmic Framework and Empirical Analysis. In Proceedings of ACM Conference on Computer and Communication Security, Chicago, 2010. (PDF)

    Graphical passwords

We evaluated a new graphical password scheme that exploits features of graphical input devices such as PDAs to provide better security than textual-based alternatives. Graphical passwords serve the same purpose as textual passwords, with the added benefit that pictures (e.g., line drawings) may be used in conjunction with words. A primary motivation for using pictures as opposed to words stems from our (well, at least some people's) remarkable ability to recall pictures. This paper won both the best student and best overal paper awards at the 8th USENIX Security conference. 

◦Ian Jermyn, Alain Mayer, Fabian Monrose, Michael K. Reiter, and Aviel D. RubinThe Design and Analysis of Graphical Passwords. In Proceedings of the 8th USENIX Security Symposium, August, Washington DC, 1999. (PDF) (Best Paper Award)

◦Some additional work on the relationship between user choice and its implication for the available entropy in Graphical Passwords schemes appears here:

◦Darren Davis, Fabian Monrose, and Michael K. Reiter. On user choice in Graphical Password Schemes. In Proceedings of the 13th USENIX Security Symposium, August, San Diego, 2004. (PDF)

    Password Hardening using Keystroke Dynamics

This project dates way back (to when I was still a graduate student), and though I still get regular email inquires about it,  I am no longer continuing this work (as the voice project outlined earlier continues where this left off). In our work on keystroke dynamics, we examined a new approach to strengthening the security of user chosen passwords. Our techniques made use of habitual patterns in a user's typing rhythm (as she types her password) for generating strong cryptographic keys that could be used, for example, for file encryption, VPN access, etc. See:

◦Fabian Monrose and Aviel D. RubinAuthentication via Keystroke Dynamics. In Proceedings of the Fourth ACM Conference on Computer and Communication Security, Zurich, Switzerland, April, 1997. (PDF).

◦Fabian Monrose, Michael K. Reiter, and Suzanne Wetzel. Password Hardening based on Keystroke Dynamics. In the International Journal of Information Security (PDF), 2001. A preliminary version appears in the Proceedings of the 6th ACM Computer and Communications Security Conference, Singapore, November, 1999. (PDF)

◦Fabian Monrose and Aviel D. RubinKeystroke Dynamics as a Biometric for Authentication. Future Generation Computing Systems (FGCS) Journal: Security on the Web (special issue). March 2000. (PDF).