Publications

Towards Quantum Large-Scale Password Guessing on Real-World Distributions

2021 - Markus Dürmuth, Maximilian Golla, Philipp Markert, Alexander May, Lars Schlieper

International Conference on Cryptology and Network Security 2021 (CANS '21). Vienna, Austria, December 13-15, 2021

Verify It's You: How Users Perceive Risk-based Authentication

2021 - Stephan Wiefling, Markus Dürmuth, Luigi Lo Iacono

IEEE Security & Privacy, Volume 19, Issue 6, November-December 2021 [DOI] [Paper]

Privacy Considerations for Risk-Based Authentication Systems

2021 - Stephan Wiefling, Jan Tolsdorf, Luigi Lo Iacono

International Workshop on Privacy Engineering (IWPE '21). Vienna, Austria, September 7, 2021 [Website] [Paper]

On the Security of Smartphone Unlock PINs

2021 - Philipp Markert, Da­ni­el V. Bai­ley, Maximilian Golla, Markus Dürmuth, Adam J. Aviv

ACM Transactions on Privacy and Security (TOPS '21). [Website]

"I have no idea what they’re trying to accomplish" Enthusiastic and Casual Signal Users’ Understanding of Signal PINs

2021 - Daniel V. Bailey, Philipp Markert, Adam J. Aviv

Symposium on Usable Privacy and Security (SOUPS '21). Virtual Conference, August 8-10, 2021 [Website] [Paper]

Using a Blocklist to Improve the Security of User Selection of Android Patterns

2021 - Collins W. Munyendo, Miles Grant, Philipp Markert, Timothy J. Forman, Adam J. Aviv

Symposium on Usable Privacy and Security (SOUPS '21). Virtual Conference, August 8-10, 2021 [Website] [Paper]

My Account Is Compromised - What Do I Do? Towards an Intercultural Analysis of Account Remediation for Websites

2021 - Kathryn Walsh, Faiza Tazi, Philipp Markert, Sanchari Das

Workshop on Inclusive Privacy and Security (WIPS '21). Virtual Conference, August 7-8, 2021 [Video] [Paper] [Slides]

Unifying Privacy Policy Detection

2021 - Henry Hosseini, Martin Degeling, Christine Utz, Thomas Hupperich

The 21st Privacy Enhancing Technologies Symposium (PETS 2021), July 12–16, 2021, Virtual Conference

"I just looked for the solution!" On Integrating Security-Relevant Information in Non-Security API Documentation to Support Secure Coding Practices

2021 - Peter Leo Gorski, Sebastian Möller, Stephan Wiefling, Luigi Lo Iacono

IEEE Transactions on Software Engineering, Volume 47, Issue x, x 2021 [DOI] [Paper]

Are Privacy Dashboards Good for End Users? Evaluating User Perceptions and Reactions to Google’s My Activity

2021 - Florian Farke, David Balash, Maximilian Golla, Markus Dürmuth, Adam Aviv

USENIX Security Symposium (SSYM '21). Virtual Conference, August 11-13, 2021 [Conference Page] [arXiv Preprint] [Paper]

"It's Stored, Hopefully, on an Encrypted Server": Mitigating Users' Misconceptions About FIDO2 Biometric WebAuthn

2021 - Leona Lassak, Annika Hildebrandt, Maximilian Golla, Blase Ur

USENIX Security Symposium (SSYM '21). Virtual Conference, August 11-13, 2021 [Conference Page]

Evaluation of Account Recovery Strategies with FIDO2-based Passwordless Authentication

2021 - Johannes Kunke, Stephan Wiefling, Markus Ullmann, Luigi Lo Iacono

Open Identity Summit 2021 (OID '21). Lyngby, Denmark, June 1-2, 2021 [Link] [Paper]

Apps Against the Spread: Privacy Implications and User Acceptance of COVID-19-Related Smartphone Apps on Three Continents

2021 - Christine Utz, Steffen Becker, Theodor Schnitzler, Florian Farke, Franziska Herbert, Leonie Schaewitz, Martin Degeling, Markus Dürmuth

ACM CHI Conference on Human Factors in Computing Systems 2021 [arXiv Preprint] [ACM Digital Library] [HTML Version]

We Built This Circuit: Exploring Threat Vectors in Circuit Establishment in Tor

2021 - Theodor Schnitzler, Christina Pöpper, Markus Dürmuth, Katharina Kohls

IEEE European Symposium on Security and Privacy (EuroS&P '21). Virtual Conference, September 6-10, 2021 [Paper]

What's in Score for Website Users: A Data-driven Long-term Study on Risk-based Authentication Characteristics

2021 - Stephan Wiefling, Markus Dürmuth, Luigi Lo Iacono

Financial Cryptography and Data Security (FC '21). Grenada, March 1-5, 2021 [Website] [Paper]

SoK: Managing Longitudinal Privacy of Publicly Shared Personal Online Data

2021 - Theodor Schnitzler, Shujaat Mirza, Markus Dürmuth, Christina Pöpper

Proceedings of Privacy Enhancing Technologies 2021, Volume 1, pp. 229-249, November 9, 2020 [Paper (DOI)] [Video] [Paper] [Slides]

More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication

2020 - Stephan Wiefling, Markus Dürmuth, Luigi Lo Iacono

Annual Computer Security Applications Conference (ACSAC '20). Austin, USA, December 7-11, 2020 [Website] [Paper]

Data Sharing in Mobile Apps — User Privacy Expectations in Europe

2020 - Nils Quermann, Martin Degeling

5th European Workshop on Usable Security (EuroUSEC 2020) [pdf]

Knock, Knock. Who’s There? On the Security of LG’s Knock Codes

2020 - Raina Samuel, Philipp Markert, Adam J. Aviv, Iulian Neamtiu

Symposium on Usable Privacy and Security (SOUPS '20). Virtual Conference, August 7-11, 2020 [Video] [Paper] [Slides]

Akzeptanz von Corona-Apps in Deutschland vor der Einführung der Corona-Warn-App

2020 - Steffen Becker, Martin Degeling, Markus Dürmuth, Florian Farke, Leonie Schaewitz, Theodor Schnitzler, Christine Utz

Vorabveröffentlichung (Preprint), Juni 2020 [PDF (Deutsch)]

Evaluation of Risk-based Re-Authentication Methods

2020 - Stephan Wiefling, Tanvil Patil, Markus Dürmuth, Luigi Lo Iacono

IFIP In­ter­na­tio­nal Con­fe­rence on ICT Sys­tems Se­cu­ri­ty and Pri­va­cy Pro­tec­tion (IFIP SEC '20). Maribor, Slovenia, September 21-23, 2020 [Website] [Paper]

Usability, Sicherheit und Privatsphäre von risikobasierter Authentifizierung

2020 - Stephan Wiefling

Sicherheit 2020. Göttingen, Germany, March 17-20, 2020 [PDF]

“You still use the password after all” – Exploring FIDO2 Security Keys in a Small Company

2020 - Florian Farke, Lennart Lorenz, Theodor Schnitzler, Philipp Markert, Markus Dürmuth

Symposium on Usable Privacy and Security (SOUPS '20). Virtual Conference, August 7-11, 2020 [Video] [PDF] [Slides]

This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs

2020 - Philipp Markert, Daniel V. Bailey, Maximilian Golla, Markus Dürmuth, Adam J. Aviv

IEEE Sym­po­si­um on Se­cu­ri­ty and Pri­va­cy (SP '20). San Fran­cis­co, Ca­li­for­nia, USA, May 18-20, 2020 [Website] [Video] [PDF] [Slides]

Exploring User Perceptions of Deletion in Mobile Instant Messaging Applications

2020 - Theodor Schnitzler, Christine Utz, Florian Farke, Christina Pöpper, Markus Dürmuth

Journal of Cybersecurity, Volume 6, Issue 1, January 30, 2020 [DOI]

Work in Progress: The European “Right To be Forgotten” – Legal and Technical Challenges of Search Engines Complying With The Right to Erasure

2019 - Jan Rensinghoff, Florian Farke, Markus Dürmuth, Tobias Gostomzyk

AoIR 2019: Trust in the System (AoIR '19). Brisbane, Australia, October 2, 2019

Recht auf Vergessen

2019 - Florian Farke, Jan Rensinghoff, Markus Dürmuth, Tobias Gostomzyk

Datenschutz und Datensicherheit (2019) 43: 681 [Springer]

POSTER: "What was that site doing with my Facebook password?" Designing Password-Reuse Notifications

2019 - Miranda Wei, Maximilian Golla, Juliette Hainline, Lydia Filipe, Markus Dürmuth, Elissa Redmiles, Blase Ur

USENIX Symposium on Usable Privacy and Security 2019 (SOUPS '19). Santa Clara, CA, USA, August 11-13, 2019 [Full Version]

View The Email to Get Hacked: Attacking SMS-Based Two-Factor Authentication

2019 - Philipp Markert, Florian Farke, Markus Dürmuth

Who Are You?! Adventures in Authentication (WAY '19). Santa Clara, California, USA, August 11, 2019 [PDF] [Slides]

Towards Contractual Agreements for Revocation of Online Data

2019 - Theodor Schnitzler, Markus Dürmuth, Christina Pöpper

IFIP International Conference on ICT Systems Security and Privacy Protection (IFIP SEC '19), Lisbon, Portugal, June 25-27, 2019 [PDF]

Is This Really You? An Empirical Study on Risk-Based Authentication Applied in the Wild

2019 - Stephan Wiefling, Luigi Lo Iacono , Markus Dürmuth

IFIP In­ter­na­tio­nal Con­fe­rence on ICT Sys­tems Se­cu­ri­ty and Pri­va­cy Pro­tec­tion (IFIP SEC '19), Lis­bon, Por­tu­gal, June 25-27, 2019 [Website] [PDF]

Reasoning Analytically About Password-Cracking Software

2019 - Enze Liu, Amanda Nakanishi, Maximilian Golla, David Cash, Blase Ur

IEEE Symposium on Security and Privacy (SP '19). San Francisco, California, May 20, 2019 [GitHub] [Video] [PDF] [Slides]

We Value Your Privacy - Now Take Some Cookies: Measuring the GDPR's Impact on Web Privacy

2019 - Martin Degeling, Christine Utz, Christopher Lentzsch, Henry Hosseini, Florian Schaub, Thorsten Holz

Network and Distributed System Security Symposium (NDSS 2019), San Diego, California, USA, February 2019 [GitHub] [PDF]

Work in Progress: A Comparative Long-Term Study of Fallback Authentication

2019 - Philipp Markert, Maximilian Golla, Elizabeth Stobert, Markus Dürmuth

Workshop on Usable Security and Privacy (USEC '19). San Diego, California, USA, February 24, 2019 [PDF] [Slides]

Work in Progress: On the In-Accuracy and Influence of Android Pattern Strength Meters

2019 - Maximilian Golla, Jan Rimkus, Adam J. Aviv, Markus Dürmuth

Workshop on Usable Security and Privacy (USEC '19). San Diego, California, February 24, 2019 [News] [GitHub] [PDF] [Slides]

"What was that site doing with my Facebook password?" Designing Password-Reuse Notifications

2018 - Maximilian Golla, Miranda Wei, Juliette Hainline, Lydia Filipe, Markus Dürmuth, Elissa Redmiles, Blase Ur

ACM Conference on Computer and Communications Security 2018 (CCS '18). Toronto, Canada, October 15-19, 2018 [Video] [News] [PDF] [Slides]

On the Accuracy of Password Strength Meters

2018 - Maximilian Golla, Markus Dürmuth

ACM Conference on Computer and Communications Security 2018 (CCS '18). Toronto, Canada, October 15-19, 2018 [Website] [GitHub] [Video] [PDF] [Slides]

Rethinking Access Control and Authentication for the Home Internet of Things (IoT)

2018 - Weijia He, Maximilian Golla, Roshni Padhi, Jordan Ofek, Markus Dürmuth, Earlence Fernandes, Blase Ur

USENIX Security Symposium 2018 (SSYM '18). Baltimore, MD, USA, August 15-17, 2018 [Video] [News] [PDF] [Slides]

POSTER: User Perception and Expectations on Deleting Instant Messages -or- "What Happens If I Press This Button?"

2018 - Theodor Schnitzler, Christine Utz, Florian Farke, Christina Pöpper, Markus Dürmuth

USENIX Symposium on Usable Privacy and Security 2018 (SOUPS '18). Baltimore, MD, USA, August 12-14, 2018

"Will Any Password Do?" Exploring Rate-Limiting on the Web

2018 - Maximilian Golla, Theodor Schnitzler, Markus Dürmuth

Who Are You?! Adventures in Authentication 2018 (WAY '18). Baltimore, MD, USA, August 12, 2018 [PDF] [Slides]

Bars, Badges, and High Scores: On the Impact of Password Strength Visualizations

2018 - Maximilian Golla, Björn Hahn, Karsten Meyer zu Selhausen, Henry Hosseini, Markus Dürmuth

Who Are You?! Adventures in Authentication 2018 (WAY '18). Baltimore, MD, USA, August 12, 2018 [PDF] [Slides]

The Password Doesn't Fall Far: How Service Influences Password Choice

2018 - Miranda Wei, Maximilian Golla, Blase Ur

Who Are You?! Adventures in Authentication 2018 (WAY '18). Baltimore, MD, USA, August 12, 2018 [PDF] [Slides]

The State of User Authentication in the Wild

2018 - Nils Quermann, Marian Harbach, Markus Dürmuth

Who Are You?! Adventures in Authentication 2018 (WAY '18). Baltimore, MD, USA, August 12, 2018 [PDF]

User Perception and Expectations on Deleting Instant Messages -or- "What Happens If I Press This Button?"

2018 - Theodor Schnitzler, Christine Utz, Florian Farke, Christina Pöpper, Markus Dürmuth

European Workshop on Usable Security (EuroUSEC) 2018, London, England, 23 April 2018 [PDF] [Slides]

HAL—The Missing Piece of the Puzzle for Hardware Reverse Engineering, Trojan Detection and Insertion

2018 - Marc Fyrbiak, Sebastian Wallat, Pawel Swierczynski, Max Hoffmann, Sebastian Hoppach, Mathias Wilhelm, Tobias Weidlich, Russell Tessier, Chris­tof Paar

IEEE Transactions on Dependable and Secure Computing (to appear)

On The (In-)Security Of JavaScript Object Signing And Encryption

2017 - Dennis Detering, Juraj Somorovsky, Christian Mainka, Vladislav Mladenov, Jörg Schwenk

ROOTS, November 16–17, 2017, Vienna, Austria [PDF]

"I want my money back!" Limiting Online Password-Guessing Financially

2017 - Maximilian Golla, Daniel V. Bailey, Markus Dürmuth

Who Are You?! Adventures in Authentication 2017 (WAY '17). Santa Clara, CA, USA, July 12, 2017 [PDF] [Slides]

POSTER: Towards Implicit Visual Memory-Based Authentication

2017 - Claude Castelluccia, Markus Dürmuth, Maximilian Golla, Fatma Deniz

USENIX Symposium on Usable Privacy and Security 2017 (SOUPS '17). Santa Clara, CA, USA, July 12-14, 2017 [Full Version]

Towards Implicit Visual Memory-Based Authentication

2017 - Claude Castelluccia, Markus Dürmuth, Maximilian Golla, Fatma Deniz

ISOC Network and Distributed System Security Symposium 2017 (NDSS '17). San Diego, CA, USA, February 26 - March 1, 2017 [Video] [PDF] [Slides]

EmojiAuth: Quantifying the Security of Emoji-based Authentication

2017 - Maximilian Golla, Dennis Detering, Markus Dürmuth

Workshop on Usable Security 2017 (USEC '17). San Diego, CA, USA, February 25, 2017 [PDF] [Slides]
Page: