Stuart’s areas of focus include security, human-computer interaction, and distributed systems. His scientific research has discredited the use of “secret” security questions, site authentication images, and password-reset requirements, leading many industry giants to abandon these practices. His 2004 doctoral thesis proposed using bounties to provide a legitimate labor market for vulnerability researchers while increasing product security; today over 300 companies have bug bounty programs. Stuart served on the program committees of all of the top-tier academic security conferences and served on the steering committees of both the Symposium on Usable Privacy and Security and Financial Cryptography.
Stuart currently lives in Seoul to support his wife’s career and to give his daughters the opportunity to experience his mother-in-law land.