Computer Laboratory

Kat Krol

I am a user experience researcher in the Pico project, which, under the leadership of Frank Stajano, aims to liberate humanity from passwords.

I am passionate about conducting user studies in security and privacy. My past research has looked at the user experience of various authentication mechanisms, warnings, webforms and messaging apps.

Before joining the Pico Team, I was based in the Information Security Research Group at University College London where I also did my PhD under the supervision of Angela Sasse.


Post Kat Krol
University of Cambridge
Computer Laboratory
15 JJ Thomson Avenue
Cambridge CB3 0FD
United Kingdom


  • Aebischer, S., Dettoni, C., Jenkinson, G., Krol, K., Llewellyn-Jones, D., Masui, T. & Stajano, F. (2017). Pico in the Wild: Replacing Passwords, One Site at a Time. European Workshop on Usable Security (EuroUSEC 2017). [paper and blogpost]
  • Krol, K. & Preibusch, S. (2016). Control Versus Effort in Privacy Warnings for Webforms. Workshop on Privacy in the Electronic Society (WPES 2016). link
  • Krol, K., Spring, J.M., Parkin, S. & Sasse, M.A. (2016). Towards robust experimental design for user studies in security and privacy, The LASER Workshop: Learning from Authoritative Security Experiment Results. [paper and blogpost]
  • Beautement, A., Becker, I., Parkin, S., Krol, K. & Sasse, M.A. (2016). Productive Security: A scalable methodology for analysing employee security behaviours. Workshop on Usable Privacy and Security (SOUPS 2016). [paper and dataset]
  • Krol, K., Parkin, S. & Sasse, M.A. (2016). "I don't like putting my face on the Internet!" An acceptance study of face biometrics as a CAPTCHA replacement. IEEE International Conference on Identity, Security and Behavior Analysis (ISBA 2016). link
  • Krol, K., Parkin & Sasse, M.A. (2016). Better the Devil You Know: A User Study of Two CAPTCHAs and a Possible Replacement Technology. NDSS Workshop on Usable Security (USEC 2016). link
  • Krol, K., Rahman, M.S., Parkin, S., De Cristofaro, E. & Vasserman, E. (2016). An Exploratory Study of User Perceptions of Payment Methods in the UK and the US. NDSS Workshop on Usable Security (USEC 2016). link
  • Parkin, S., Driss, S., Krol, K. & Sasse, M.A. (2015). Assessing the User Experience of Password Reset Policies in a University, Passwords 2015. link
  • Parkin, S. & Krol, K. Appropriation of security technologies in the workplace. Workshop on Experiences of Technology Appropriation: Unanticipated Users, Usage, Circumstances, and Design, in conjunction with ECSCW 2015. link
  • Krol, K., & Preibusch, S. (2015). Effortless Privacy Negotiations. Security & Privacy, IEEE, 13(3), 88-91. link
  • Krol, K., Papanicolaou, C., Vernitski, A. & Sasse, M.A. (2015). "Too taxing on the mind!" Authentication grids might not be for everyone. HCI International 2015, International Conference on Human Aspects of Information Security, Privacy and Trust. link
  • Krol, K., Philippou, E., De Cristofaro, E. & Sasse, M.A. (2015). "They brought in the horrible key ring thing" Analysing the Usability of Two-Factor Authentication in UK Online Banking. NDSS Workshop on Usable Security (USEC 2015). link
  • Krol, K. (2014). "Wait: That's optional!" Designing helpful over-disclosure alerts. Designing Human Technologies (DHT) 2.0
  • Sasse, M.A., Steves, M., Krol, K. & Chisnell, D. (2014). The Great Authentication Fatigue — And How to Overcome It. HCI International 2014, International Conference on Cross-Cultural Design. link
  • Steves, M., Chisnell, D., Sasse, A., Krol, K., Theofanos, M. & Wald, H. (2014). Report: Authentication Diary Study. NISTIR 7983
  • Sasse, M.A. & Krol, K. (2013). Usable biometrics for an ageing population. In: Fairhurst, M. (ed.), Age factors in biometric processing (pp. 303-320). The IET. link
  • Krol, K., Moroz, M. & Sasse, M.A. (2012). Don't Work. Can't Work? Why It's Time to Rethink Security Warnings. International Conference on Risks and Security of Internet and Systems (CRiSIS 2012). link
  • Preibusch, S., Krol, K. & Beresford, A.R. (2012). The privacy economics of voluntary overdisclosure in Web forms. Workshop on the Economics of Information Security (WEIS 2012). link
  • Marewski, J.N. & Krol, K. (2011). Fast, frugal, & moral: Uncovering the heuristics of morality. Journal of Organizational Moral Psychology, 1 (3), 1-20
  • Marewski, J.N., & Krol, K. (2010). Modelle ökologischer Rationalität: Auf dem Weg zu einer Theorie der Moralheuristiken. In: M. Iorio & R. Reisenzein (eds.), Regel, Norm, Gesetz: Eine interdisziplinäre Bestandsaufnahme (pp. 231-256). Frankfurt am Main, Germany: Lang