Professor M. Angela Sasse FREng

Quick Links: Research Projects | Publications | PhD Students

Photo of Angela SasseProfessor of Human-Centred Security

Head of Information Security Research

Director of the UK Research Institute in Science of Cyber Security (RISCS


Office: 6.22, Malet Place Engineering

Tel: +44 020 7679 7212

Fax: +44 020 7387 1397

Email: a.sasse [at]



Over the past 15 years, she has been researching the human-centred aspects of security, privacy, identity and trust.

Research interests: how we design and implement innovative technologies that are fit for purpose, value for money, and improve productivity and well-being of individuals and society.

Angela's full research portrait can be found here.


Current research projects


Short Biography

Read psychology in Germany and holds an M.Sc. in Occupational Psychology from Sheffield University, and a PhD in Computer Science (on Users' Models) from the University of Birmingham. Worked as a Human Factors Specialist for Philips Corporate Industrial Design in 1990. Started as Lecturer in the Department of Computer Science at UCL in November 1990.

Beyond UCL


  • Past Chair of the British HCI Group (A Specialist Group of the British Computer Society).
  • Past programme co-chair of HCI'96, INTERACT'99 and WEIS 2009.
  • Papers Co-Chair of ACM CHI 2002 in Minneapolis and Associate Papers Chair in 2003, 2014, 2016
  • Steering Committee Member, USEC (NDSS Workshop on Usable Security)
  • PC member of Mycrypt 2016, ISBA 2016

Research Fellows: Dr. Adam Beautement, Dr. Simon Parkin, Dr. Granville Moore, Dr. Brian Glass

Current PhD students: Inka Karppinen, Anthony Morton, Kat Krol, Iacovos Kirlappos, Ingolf Becker, Ruba Abu-Salma

List of all PhD students

Recent Publications

  • Kirlappos, I., Parkin, S., Sasse, M.A. (2015). "Shadow security" as a tool for the learning organization. ACM SIGCAS Computers and Society, 45 (1), 29-37. doi:10.1145/2738210.2738216
  • Kirlappos, I., Sasse, M.A. (2015). Fixing Security Together: Leveraging trust relationships to improve security in organizations. USEC 2015 San Diego, California.
  • Krol, K., Philippou, E., De Cristofaro, E., Sasse, M.A. (2015). "They brought in the horrible key ring thing!" Analysing the Usability of Two-Factor Authentication in UK Online Banking. .
  • Angela Sasse, M. (2014). "Technology should be smarter than this!": A vision for overcoming the great authentication fatigue. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 8425 LNCS, 33-36 doi:10.1007/978-3-319-06811-4_7
  • Kirlappos, I., Sasse, M. A. (2014). What Usable Security Really Means: Trusting and Engaging Users. HCI International. Publisher URL
  • Kirlappos, I., Parkin, S., Sasse, M. A. (2014). Learning from “Shadow Security”: Why understanding non-compliance provides the basis for effective security. Workshop on Usable Security.
  • Sasse, M. A., Kirlappos, I. (2014). Design for Trusted and Trustworthy Services: Why We Must Do Better. In Trust, Computing, and Society ( pp.229-249). Cambridge University Press. Publisher URL
  • Sasse, M. A., Palmer, C. C. (2014). Protecting you. IEEE Security and Privacy 12(1), 11-13 doi:10.1109/MSP.2014.11.
  • Sasse, M. A., Steves, M., Krol, K., Chisnell, D. (2014). The Great Authentication Fatigue – And How to Overcome It. Cross-Cultural Design 6th International Conference, CCD 2014 Held as Part of HCI International 2014 Heraklion, Crete, Greece, June 22-27, 2014: Proceedings. ( Vol. 8528 pp.228-228). Cham, Switzerland Springer International Publishing. Publisher URL
  • Ashenden, D., Sasse, A. (2013). CISOs and organisational culture: Their own worst enemy? Computers & Security 39, 396-405, PB doi:10.1016/j.cose.2013.09.004.
  • Bartsch, S., Sasse, M. A. (2013). How Users Bypass Access Control - And Why: The Impact Of Authorization Problems On Individuals And The Organization. Proceedings of the 21st European Conference on Information Systems. ( pp.Paper 53-). Utrecht, Netherland Publisher URL
  • Brostoff, S., Jennett, C., Malheiros, M., Sasse, M. A. (2013). Federated identity to access e-government services - Are citizens ready for this? Proceedings of the 2013 ACM workshop on Digital identity management. ( pp.97-108). New York, NY, USA ACM.
  • Huth, M., Kuo, J. H., Sasse, M. A., Kirlappos, I. (2013). Towards Usable Generation and Enforcement of Trust Evidence from Programmers’ Intent. Human Aspects of Information Security, Privacy, and Trust. Publisher URL
  • Kirlappos, I., Beautement, A., Sasse, M. A. (2013). “Comply or Die” Is Dead: Long Live Security-Aware Principal Agents. Financial Cryptography and Data Security.
  • Malheiros, M., Preibusch, S., Sasse, M. A. (2013). "Fairly truthful": The impact of perceived effort, fairness, relevance, and sensitivity on personal data disclosure. Trust and Trustworthy Computing. ( pp.250-266). London Springer Berlin Heidelberg. Publisher URL
  • Sasse, M. A., Krol, K. (2013). Usable biometrics for an ageing population. In Fairhurst, M. (Ed.). Age factors in biometric processing ( pp.303-320). Stevenage, UK IET. Publisher URL
  • Bartsch, S. and Sasse M.A. (2012) Guiding decisions on authorization policies: a participatory approach to decision support. Proceedings of the 27th Annual ACM Symposium on Applied Computing. ACM, New York, NY, USA. 1502-1507.
  • Jennett, C., Brostoff, S., Malheiros, M., Sasse, M. A. (2012). Adding insult to injury: consumer experiences of being denied credit. International Journal of Consumer Studies 36(5), 549-555
  • Kirlappos, I., Sasse, M. A. (2012). Security Education against Phishing: A Modest Proposal for a Major Rethink. IEEE Security and Privacy Magazine 10(2), 24-32
  • Kirlappos, I., Sasse, M. A., Harvey, N. (2012). Why Trust Seals Don't Work: A Study of User Perceptions and Behavior. In Katzenbeisser, S., Weippl, E., Camp, L., Volkamer, M., Reiter, M., Zhang, X. (Eds.). Trust and Trustworthy Computing 7344, 308-324. Berlin/Heidelberg: Springer.
  • Malheiros, M., Jennett, C., Patel, S., Brostoff, S., Sasse, M. A. (2012). Too close for comfort: A study of the effectiveness and acceptability of rich-media personalized advertising. Proceedings of the 2012 ACM annual conference on Human Factors in Computing Systems. 579-588. New York, NY, USA: ACM.
  • Zhang, M., Jennett, C., Malheiros, M., and Sasse, M. A. (2012). Data after death: User requirements and design challenges for SNSs and email providers. Presented at Memento Mori: Technology Design for the End of Life (CHI Workshop 2012), Austin, Texas, 05 May 2012 - 10 May 2012
  • Sasse, M. A., Kirlappos, I. (2012). Familiarity Breeds Con-victims: Why We Need More Effective Trust Signaling. In Wakeman, I., Gudes, E., Jensen, C. D., Crampton, J. (Eds.). Trust Management V. Springer-Verlag New York Inc.
  • Malheiros, M., Brostoff, S., Jennett, C. and Sasse, M. A. (2012). Would You Sell Your Mother's Data for a Credit Card? Personal Data Disclosure in a Simulated Credit Card Application. Proceedings of WEIS 2012, Berlin, Germany, 25-26 June.
  • Conti, N., Jennett, C., Maestre, J., and Sasse, M. A. (2012). When did my mobile turn into a 'sellphone'? A study of consumer responses to tailored smartphone ads. BCS-HCI '12 Proceedings of the 26th Annual BCS Interaction Specialist Group Conference on People and Computers, 2012 pp.215-220. Swinton, UK:British Computer Society.
  • Jennett, C., Malheiros, M., Brostoff, S., and Sasse, M. A. (2012). Privacy for applicants versus lenders' needs for predictive power: Is it possible to bridge the gap? In Gutwirth, S., Leenes, R., De Hert, P., Poullet, Y. (Eds.)European Data Protection: In Good Health?, 2012 pp.35-51. SpringerLink.
  • Porter C., Sasse M. A., and Letier E. (2012). Designing acceptable user registration processes for e-services. In Proceedings of HCI 2012 The 26th BCS Conference on Human Computer Interaction. Birmingham, UK, 12 - 14 September 2012
  • Krol, K., Moroz, M. and Sasse, M. A. (2012). Don't Work. Can't Work? Why It's Time to Rethink Security Warnings. 7th International Conference on Risks and Security of Internet and Systems (CRiSIS 2012), 10-12 October 2012, Cork, Ireland.
  • Bartsch, S. and Sasse M.A. (2012) How Users Bypass Access Control and Why: The Impact of Authorization Problems on Individuals and the Organization. Technical Report RN/12/06. Department of Computer Science, University College London. London, UK.

List of all publications

This page was last modified on 12 May 2016.


Internal Links


  • PhD Tutor 1999-2007
  • Chair of Exam Board (Undergraduate) 1998-2000.


Research Students