Biography
At a time when 3.6 billion people worldwide use the Internet each day for work, personal banking, online shopping, and a host of other scenarios, information security and privacy has never been more important. Yet, without rigorous security systems behind each of these platforms, users won’t embrace online technology and Internet trust begins to crumble.
IT security expert Julie Thorpe, PhD, examines online security, the way people interact with devices, and how that influences security systems. Users are prone to making mistakes in online authentication and security systems which can lead to loss and breach of trust. An Associate Professor in the Faculty of Business and Information Technology, Dr. Thorpe aims to improve online security by designing systems that understand key functions of the human brain.
With a myriad of online systems and services, users are required to select and remember a variety of character-specific passwords that don’t necessarily work well with human memory. Dr. Thorpe’s latest research focuses on the design and evaluation of stronger authentication systems that work with the users’ memory. Using a model that assumes most online users are working with a password manager, her research explores ways to help generate a secure password including the use of locations, password phrases and a set of policies to help create secure passwords.
Highly specialized computer security programs brought Dr. Thorpe to UOIT as an Assistant Professor in 2010, and she has developed and taught courses in Malware and Software Security, IT Security Policies and Procedures, and Operating System Security. An advocate for learning beyond the classroom, she founded UOIT’s IT Security Reading Group to create broad discussion of the latest IT security industry news and help students build critical thinking and communication skills. Dr. Thorpe is also a member of the ACM-W Women in Computing Chapter at UOIT and DC where she aims to raise the profile of female experts in her field. And as a founding member of the Information Forensics and Security Lab, she helped create an advanced space for hands-on learning.
Dr. Thorpe completed her Bachelor of Computer Science with First Class Honours at the Faculty of Computer Science at Dalhousie University in Halifax; then gained six years of invaluable industry experience as a software systems analyst before earning her Doctorate of Philosophy in Computer Science from Ottawa’s Carleton University in 2008.
Industry Expertise (7)
Computer/Network Security
Computer Software
Consumer Electronics
Education/Learning
Information Technology and Services
Research
Wireless
Areas of Expertise (10)
Authentication
Software Security
Human Factors
Usability
Biometrics
Security Policies
Operating System Security
Networks
Distributed Computing
Brain Computing Interfaces
Accomplishments (1)
Senate Medal Award, Carleton University (professional)
2008-06-01
Awarded for Outstanding Academic Achievement, Dr. Thorpe was also nominated for a University Medal that same year and has received numerous academic scholarships and honours.
Education (2)
Carleton University: PhD, Philosophy (Computer Science) 2008
Dalhousie University: BSc, Computer Science, First Class Honours (Co-op Option) 2002
Affiliations (2)
- UOIT IT Security Reading Group
- ACM-W Women in Computing Chapter at UOIT and DC
Links (1)
Media Appearances (8)
Businesses slow to adopt even basic cyber security policies
The Deal Room online
2015-03-19
While cyber security experts are growing hoarse from telling businesses to wake up and realize leaks and IT infrastructure compromises are bleeding them billions of dollars, the looming threat isn’t savvy new hacking techniques – it’s just plain laziness, according to Hewlett-Packard’s latest Cyber Risk Report.
Password protection
CBC Radio Yukon online
2015-03-17
Tech columnist Dan Misener talks about Yahoo's new plan to protect your online profile, and why it won't fly.
Is there ‘love’ in your online passwords?
The Toronto Star print
2015-02-13
People are putting a little too much “love” into their online passwords. At least that’s what a team of researchers from the University of Ontario Institute of Technology (UOIT) says. They analyzed 32 million leaked passwords from the now-defunct RockYou.com website. The project was led by UOIT graduate student Rafael Veras in collaboration with UOIT faculty Dr. Christopher Collins and Dr. Julie Thorpe. And their findings are, um, lovely.
The Secret Life of Passwords
The New York Times Magazine
2014-11-23
We despise them – yet we imbue them with our hopes and dreams, our dearest memories, our deepest meanings. They unlock much more than our accounts.
Small business, big problems
The Toronto Star print
2014-10-20
There has never been a more dangerous time to be online. In numbers far greater than the combined populations of the U.S. and Canada, our Internet identities are falling into the hands of hackers—over 552 million breached in 2013 alone. And in this era of cybercrime, small businesses stand to lose big.
Weak passwords
Durham Now tv
2014-09-29
This segment discusses Dr. Thorpe's Password Semantics research (NDSS 2014) and Geo Pass research (SOUPS 2013) research.
UOIT researchers crack down on password security in wake of Heartbleed
Durhamregion.com online
2014-04-18
In the wake of an online bug that prompted a number of websites, including the Canada Revenue Agency’s tax filing system, to shut down, UOIT researchers are discussing personal password security and ways to make them stronger. Dr. Julie Thorpe, assistant professor of IT security at the University of Ontario Institute of Technology, said while high-impact vulnerabilities such as the latest online bug, Heartbleed, are somewhat rare, it highlights the need for education regarding online security.
Data breaches: It’s more expensive to react than prevent
The Globe and Mail print
2013-05-23
On April 11, the Investment Industry Regulatory Organization of Canada (IIROC) announced the loss of a mobile device – reportedly a laptop – containing the personal financial information of about 52,000 brokerage firm clients.
Event Appearances (3)
The Presentation Effect on Graphical Passwords
The ACM CHI Conference on Human Factors in Computing Systems Toronto, Ontario
2014-04-26
Usability and Security Evaluation of GeoPass: a Geographic Location-Password Scheme
The 9th Symposium on Usable Privacy and Security Northumbria University, Newcastle, United Kingdom
2013-07-24
Video Passwords: Advertising While Authenticating
The New Security Paradigms Workshop Bertinoro, Italy
2012-09-19
Patents (1)
Systems, Methods, and Computer Program Products for Providing Video-Passwords for User Authentication
U.S. Patent No. 8966614
2015-02-24
This invention is related to authentication schemes utilizing advertising video-passwords, which require the user to watch and remember parts of a given advertisement video. Different embodiments of the invention can utilize just time reference point information, or can optionally include grid element, click point, tag phrase, or a combination of both click point and tag phrase information. A reference video-password is defined based on the time reference point information, and optionally with grid element, click point, or tag phrase information. Subsequently, the user will attempt authentication and the candidate video-password will be defined with the associated time reference point determined from the user's input, and optionally with grid element, click point, or tag phrase information received from the user. The system would then authenticate the user based on the comparison result between the reference video-password and the candidate video-password.
Research Grants (2)
Towards Cognitive Aids for Stronger Computer Security
NSERC Discovery Grant $75000
2013-04-01
As principal investigator of this five-year research program, Dr. Thorpe aims to design and evaluate systems that work cohesively with human brain function to achieve better online security and privacy.
Laboratory for Human-Centered Computer Science Research
Canada Foundation for Innovation (CFI) $21152
2013-01-01
As co-founder, Dr. Thorpe helped create a hands-on, experiential lab to study how people interact with different technologies including desktop, mobile, touch screen, and eye tracking.
Courses (5)
Articles (9)
An Exploration of Geographic Authentication Schemes
IEEE Transactions on Information Forensics and Security
2016-01-01
We design and explore the usability and security of two geographic authentication schemes: GeoPass and GeoPassNotes. GeoPass requires users to choose a place on a digital map to authenticate with (a location password). GeoPassNotes—an extension of GeoPass—requires users to annotate their location password with a sequence of words that they can associate with the location (an annotated location password). In GeoPassNotes, users are authenticated by correctly entering both a location and an annotation. We conducted user studies to test the usability and assess the security of location passwords and annotated location passwords.
Crypto-Assistant: Towards Facilitating Developer’s Encryption of Sensitive Data
Proceedings of the 2014 Twelfth Annual International Conference on Privacy, Security and Trust
2014-07-23
The lack of encryption of data at rest or in motion is one of the top 10 database vulnerabilities [1]. We suggest that this vulnerability could be prevented by encouraging developers to perform encryption-related tasks by enhancing their integrated development environment (IDE). To this end, we created the Crypto-Assistant: a modified version of the Hibernate Tools plug-in for the popular Eclipse IDE. The purpose of the Crypto-Assistant is to mitigate the impact of developers' lack of security knowledge related to encryption by facilitating the use of encryption directives via a graphical user interface that seamlessly integrates with Hibernate Tools.
The Presentation Effect on Graphical Passwords
Proceedings of the 32nd SIGCHI Conference on Human Factors in Computing Systems
2014-05-26
We provide a simple yet powerful demonstration of how an unobtrusive change to a graphical password interface can modify the distribution of user chosen passwords, and thus possibly the security it provides. The only change to the interface is how the background image is presented to the user in the password creation phase—we call the effect of this change the “presentation effect”.
On the Semantic Patterns of Passwords and Their Security Impact
Proceedings of the 2014 Network and Distributed System Security Symposium
2014-02-23
We present the first framework for segmentation, semantic classification, and semantic generalization of passwords and a model that captures the semantic essence of password samples. Researchers have only touched the surface of patterns in password creation, with the semantics of passwords remaining largely unexplored, leaving a gap in our understanding of their characteristics and, consequently, their security. In this paper, we begin to fill this gap by employing Natural Language Processing techniques to extract and leverage understanding of semantic patterns in passwords.
Usability and Security Evaluation of GeoPass: a Geographic Location-Password Scheme
Proceedings of the Symposium on Usable Privacy and Security 2013
2013-07-24
We design, implement, and evaluate GeoPass: an interface for digital map-based authentication where a user chooses a place as his or her password (i.e., a“location-password”). We conducted a multi-session in-lab/at-home user study to evaluate the usability, memorability, and security of locationpasswords created with GeoPass.
Visualizing Semantics in Passwords: The Role of Dates
Proceedings of the Symposium on Visualization for Cyber Security
2012-10-15
We begin an investigation into the semantic patterns underlying user choice in passwords. Understanding semantic patterns provides insight into how people choose passwords, which in turn can be used to inform usable password policies and password guidelines. As semantic patterns are difficult to recognize automatically, we turn to visualization to aid in their discovery. We focus on dates in passwords, designing an interactive visualization for their detailed analysis, and using it to explore the RockYou dataset of over 32 million passwords.
Video-Passwords: Advertising While Authenticating
Proceedings of the New Security Paradigms Workshop
2012-09-19
We introduce a new class of authentication schemes called “video-passwords”, which require the user to watch and remember parts of a given video (e.g., a sequence of scenes, movements, and/or sounds). We propose four different videopassword schemes, describe their prototypes, and analyze their security. Under certain parameters, the security of some of these schemes appears to be theoretically comparable to traditional text passwords. Video-passwords provide more than potentially better security; they also present a unique opportunity for businesses to consider – advertising through the rich multimedia used in the login task.
Exploiting Predictability in Click-based Graphical Passwords
Journal of Computer Security
2011-12-01
We provide an in-depth study of the security of click-based graphical password schemes like PassPoints (Weidenbeck et al., 2005), by exploring popular points (hot-spots), and examining strategies to predict and exploit them in guessing attacks. We report on both short- and long-term user studies: one lab-controlled, involving 43 users and 17 diverse images, the other a field test of 223 user accounts.
Purely Automated Attacks on PassPoints-Style Graphical Passwords
IEEE Transactions on Information Forensics and Security
2010-10-01
We introduce and evaluate various methods for purely automated attacks against PassPoints-style graphical passwords. For generating these attacks, we introduce a graph-based algorithm to efficiently create dictionaries based on heuristics such as click-order patterns (e.g., five points all along a line).