This paper presents RUST, a testbed for evaluating the usability of website authentication technologies. The results we present demonstrate the versatility of RUST, its ability to test different types of technologies, and the detailed feedback it collects about why participants are tricked, which would not be possible in an in-the-wild study. Though RUST is not intended to measure how users’ performance is affected by time, minor changes can be made to account for this new goal. As an additional benefit, RUST can be used to compare technologies since they same usability study design can easily be used to evaluate different technologies.