Publications

“You still use the password after all” – Exploring FIDO2 Security Keys in a Small Company

2020 - Florian Farke, Lennart Lorenz, Theodor Schnitzler, Philipp Markert, Markus Dürmuth

Symposium on Usable Privacy and Security (SOUPS '20). Boston, Massachusetts, August 9, 2020

This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs

2020 - Philipp Markert, Daniel V. Bailey, Maximilian Golla, Markus Dürmuth, Adam J. Aviv

IEEE Sym­po­si­um on Se­cu­ri­ty and Pri­va­cy (SP '20). San Fran­cis­co, Ca­li­for­nia, May 18, 2020 [Website] [PDF] [Slides]

Exploring User Perceptions of Deletion in Mobile Instant Messaging Applications

2020 - Theodor Schnitzler, Christine Utz, Florian Farke, Christina Pöpper, Markus Dürmuth

Journal of Cybersecurity, Volume 6, Issue 1, January 30, 2020 [DOI]

Work in Progress: The European “Right To be Forgotten” – Legal and Technical Challenges of Search Engines Complying With The Right to Erasure

2019 - Jan Rensinghoff, Florian Farke, Markus Dürmuth, Tobias Gostomzyk

AoIR 2019: Trust in the System (AoIR '19). Brisbane, Australia, October 2, 2019

Recht auf Vergessen

2019 - Florian Farke, Jan Rensinghoff, Markus Dürmuth, Tobias Gostomzyk

Datenschutz und Datensicherheit (2019) 43: 681 [Springer]

POSTER: "What was that site doing with my Facebook password?" Designing Password-Reuse Notifications

2019 - Miranda Wei, Maximilian Golla, Juliette Hainline, Lydia Filipe, Markus Dürmuth, Elissa Redmiles, Blase Ur

USENIX Symposium on Usable Privacy and Security 2019 (SOUPS '19). Santa Clara, CA, USA, August 11-13, 2019 [Full Version]

View The Email to Get Hacked: Attacking SMS-Based Two-Factor Authentication

2019 - Philipp Markert, Florian Farke, Markus Dürmuth

Who Are You?! Adventures in Authentication (WAY '19). Santa Clara, California, USA, August 11, 2019 [PDF] [Slides]

Towards Contractual Agreements for Revocation of Online Data

2019 - Theodor Schnitzler, Markus Dürmuth, Christina Pöpper

IFIP International Conference on ICT Systems Security and Privacy Protection (IFIP SEC '19), Lisbon, Portugal, June 25-27, 2019 [PDF]

Is This Really You? An Empirical Study on Risk-Based Authentication Applied in the Wild

2019 - Stephan Wiefling, Luigi Lo Iacono , Markus Dürmuth

IFIP In­ter­na­tio­nal Con­fe­rence on ICT Sys­tems Se­cu­ri­ty and Pri­va­cy Pro­tec­tion (IFIP SEC '19), Lis­bon, Por­tu­gal, June 25-27, 2019 [Website] [PDF]

Reasoning Analytically About Password-Cracking Software

2019 - Enze Liu, Amanda Nakanishi, Maximilian Golla, David Cash, Blase Ur

IEEE Symposium on Security and Privacy (SP '19). San Francisco, California, May 20, 2019 [GitHub] [Video] [PDF] [Slides]

We Value Your Privacy - Now Take Some Cookies: Measuring the GDPR's Impact on Web Privacy

2019 - Martin Degeling, Christine Utz, Christopher Lentzsch, Henry Hosseini, Florian Schaub, Thorsten Holz

Network and Distributed System Security Symposium (NDSS 2019), San Diego, California, USA, February 2019 [GitHub] [PDF]

Work in Progress: A Comparative Long-Term Study of Fallback Authentication

2019 - Philipp Markert, Maximilian Golla, Elizabeth Stobert, Markus Dürmuth

Workshop on Usable Security and Privacy (USEC '19). San Diego, California, USA, February 24, 2019 [PDF] [Slides]

Work in Progress: On the In-Accuracy and Influence of Android Pattern Strength Meters

2019 - Maximilian Golla, Jan Rimkus, Adam J. Aviv, Markus Dürmuth

Workshop on Usable Security and Privacy (USEC '19). San Diego, California, February 24, 2019 [News] [GitHub] [PDF] [Slides]

"What was that site doing with my Facebook password?" Designing Password-Reuse Notifications

2018 - Maximilian Golla, Miranda Wei, Juliette Hainline, Lydia Filipe, Markus Dürmuth, Elissa Redmiles, Blase Ur

ACM Conference on Computer and Communications Security 2018 (CCS '18). Toronto, Canada, October 15-19, 2018 [Video] [News] [PDF] [Slides]

On the Accuracy of Password Strength Meters

2018 - Maximilian Golla, Markus Dürmuth

ACM Conference on Computer and Communications Security 2018 (CCS '18). Toronto, Canada, October 15-19, 2018 [Website] [GitHub] [Video] [PDF] [Slides]

Rethinking Access Control and Authentication for the Home Internet of Things (IoT)

2018 - Weijia He, Maximilian Golla, Roshni Padhi, Jordan Ofek, Markus Dürmuth, Earlence Fernandes, Blase Ur

USENIX Security Symposium 2018 (SSYM '18). Baltimore, MD, USA, August 15-17, 2018 [Video] [News] [PDF] [Slides]

POSTER: User Perception and Expectations on Deleting Instant Messages -or- "What Happens If I Press This Button?"

2018 - Theodor Schnitzler, Christine Utz, Florian Farke, Christina Pöpper, Markus Dürmuth

USENIX Symposium on Usable Privacy and Security 2018 (SOUPS '18). Baltimore, MD, USA, August 12-14, 2018

"Will Any Password Do?" Exploring Rate-Limiting on the Web

2018 - Maximilian Golla, Theodor Schnitzler, Markus Dürmuth

Who Are You?! Adventures in Authentication 2018 (WAY '18). Baltimore, MD, USA, August 12, 2018 [PDF] [Slides]

Bars, Badges, and High Scores: On the Impact of Password Strength Visualizations

2018 - Maximilian Golla, Björn Hahn, Karsten Meyer zu Selhausen, Henry Hosseini, Markus Dürmuth

Who Are You?! Adventures in Authentication 2018 (WAY '18). Baltimore, MD, USA, August 12, 2018 [PDF] [Slides]

The Password Doesn't Fall Far: How Service Influences Password Choice

2018 - Miranda Wei, Maximilian Golla, Blase Ur

Who Are You?! Adventures in Authentication 2018 (WAY '18). Baltimore, MD, USA, August 12, 2018 [PDF] [Slides]

The State of User Authentication in the Wild

2018 - Nils Quermann, Marian Harbach, Markus Dürmuth

Who Are You?! Adventures in Authentication 2018 (WAY '18). Baltimore, MD, USA, August 12, 2018 [PDF]

User Perception and Expectations on Deleting Instant Messages -or- "What Happens If I Press This Button?"

2018 - Theodor Schnitzler, Christine Utz, Florian Farke, Christina Pöpper, Markus Dürmuth

European Workshop on Usable Security (EuroUSEC) 2018, London, England, 23 April 2018 [PDF] [Slides]

HAL—The Missing Piece of the Puzzle for Hardware Reverse Engineering, Trojan Detection and Insertion

2018 - Marc Fyrbiak, Sebastian Wallat, Pawel Swierczynski, Max Hoffmann, Sebastian Hoppach, Mathias Wilhelm, Tobias Weidlich, Russell Tessier, Chris­tof Paar

IEEE Transactions on Dependable and Secure Computing (to appear)

On The (In-)Security Of JavaScript Object Signing And Encryption

2017 - Dennis Detering, Juraj Somorovsky, Christian Mainka, Vladislav Mladenov, Jörg Schwenk

ROOTS, November 16–17, 2017, Vienna, Austria [PDF]

"I want my money back!" Limiting Online Password-Guessing Financially

2017 - Maximilian Golla, Daniel V. Bailey, Markus Dürmuth

Who Are You?! Adventures in Authentication 2017 (WAY '17). Santa Clara, CA, USA, July 12, 2017 [PDF] [Slides]

POSTER: Towards Implicit Visual Memory-Based Authentication

2017 - Claude Castelluccia, Markus Dürmuth, Maximilian Golla, Fatma Deniz

USENIX Symposium on Usable Privacy and Security 2017 (SOUPS '17). Santa Clara, CA, USA, July 12-14, 2017 [Full Version]

Towards Implicit Visual Memory-Based Authentication

2017 - Claude Castelluccia, Markus Dürmuth, Maximilian Golla, Fatma Deniz

ISOC Network and Distributed System Security Symposium 2017 (NDSS '17). San Diego, CA, USA, February 26 - March 1, 2017 [Video] [PDF] [Slides]

EmojiAuth: Quantifying the Security of Emoji-based Authentication

2017 - Maximilian Golla, Dennis Detering, Markus Dürmuth

Workshop on Usable Security 2017 (USEC '17). San Diego, CA, USA, February 25, 2017 [PDF] [Slides]

On the Security of Cracking-Resistant Password Vaults

2016 - Maximilian Golla, Benedict Beuscher, Markus Dürmuth

ACM Conference on Computer and Communications Security 2016 (CCS '16). Vienna, Austria, October 24-28, 2016 [Video] [PDF] [Slides]

Side-Channel Attacks on Fingerprint Matching Algorithms

2016 - Markus Dürmuth, David Oswald, Niklas Pastewka

To appear at the 6th International Workshop on Trustworthy Embedded Devices (TrustED 2016) [PDF]

On User Choice for Android Unlock Patterns

2016 - Marte Loge, Markus Dürmuth, Lillian Rostad

Accepted at the 1st European Workshop on Usable Security, 2016. [PDF]

Position Paper: Measuring the Impact of Alphabet and Culture on Graphical Passwords

2016 - Adam J. Aviv, Markus Dürmuth, Payas Gupta

Adventures in Authentication: WAY Workshop, 2016. [PDF]

Neuralyzer: Flexible Expiration Times for the Revocation of Online Data

2016 - Apostolis Zarras, Katharina Kohls, Markus Dürmuth, Christina Pöpper

In Proceedings of the ACM Conference on Data and Application Security and Privacy (ACM CODASPY) 2016 *** OUTSTANDING PAPER AWARD *** [PDF]

Who Are You? A Statistical Approach to Measuring User Authenticity

2016 - Markus Dürmuth, David Freeman, Sakshi Jain, Battista Biggio, Giorgio Giacinto

The Network and Distributed System Security Symposium 2016 (NDSS '16), San Diego, CA, USA, February 21-24, 2016 [PDF] [Slides]

Analyzing 4 Million Real-World Personal Knowledge Questions (Short Paper)

2015 - Maximilian Golla, Markus Dürmuth

International Conference on Passwords 2015 (PASSWORDS '15). Cambridge, United Kingdom, December 7-9, 2015 [Video] [PDF] [Slides]

OMEN: Faster Password Guessing Using an Ordered Markov Enumerator

2015 - Markus Dürmuth, Fabian Angelstorf, Claude Castelluccia, Daniele Perito, Abdelberi Chaabane

International Symposium on Engineering Secure Software and Systems (ESSoS), 2015. [GitHub] [PDF]

Learning from Neuroscience to Improve Internet Security

2014 - Claude Castelluccia, Markus Dürmuth, Fatma Imamoglu

ERCIM News 2014(99), 2014.

On Password Guessing with GPUs and FPGAs

2014 - Markus Dürmuth, Thorsten Kranz

PASSWORDS 2014 Conference, 2014. [pdf]

Secure Fallback Authentication and the Trusted Friend Attack

2014 - Ashar Javed, David Bletgen, Florian Kohlar, Markus Dürmuth, Jörg Schwenk

Proceedings International Conference on Distributed Computing Systems Workshops (ICDCS Workshops), 2014.

Statistics on Password Re-use and Adaptive Strength for Financial Accounts

2014 - Daniel V. Bailey, Markus Dürmuth, Chris­tof Paar

Proceedings 9th International Conference on Security and Cryptography (SCN), 2014. [PDF]

Typing passwords with voice recognition --or-- How to authenticate to Google Glass

2014 - Daniel Bailey, Markus Dürmuth, Chris­tof Paar

Adventures in Authentication: WAY Workshop. 2014. [PDF]

Quantifying the Security of Graphical Passwords: The Case of Android Unlock Patterns

2013 - Sebastian Uellenbeck, Markus Dürmuth, Christopher Wolf, Thorsten Holz

ACM Conference on Computer and Communications Security (CCS), Berlin, November 2013 [PDF]

Useful Password Hashing: How to Waste Computing Cycles with Style

2013 - Markus Dürmuth

Proceedings of the 2013 New security paradigms workshop (NSPW) Pages 31-40 ACM, 2013 [PDF]

Evaluation of Standardized Password-Based Key Derivation against Parallel Processing Platforms

2013 - Markus Dürmuth, Tim Güneysu, Markus Kasper, Chris­tof Paar, Tolga Yalcin, Ralf Zimmermann

Computer Security - ESORICS 2012 - 17th European Symposium on Research in Computer Security, Pisa, Italy, September 10-12, 2012 [DOI] [BibTeX] [pdf] [bib]

Achieving anonymity against major face recognition algorithms

2013 - Benedikt Driessen, Markus Dürmuth

Proceedings Communications and Multimedia Security (CMS 2013), LNCS 8099, Springer, 2013. [PDF]

Anonymität und Gesichtserkennung

2013 - Benedikt Driessen, Markus Dürmuth

digma, Zeitschrift für Datenrecht und Informationssicherheit, 2013.

Adaptive password-strength meters from Markov models

2012 - Claude Castelluccia, Markus Dürmuth, Daniele Perito

Proceedings 19th Network & Distributed System Security Symposium (NDSS 12). Internet Society, 2012. [PDF]

Timed revocation of user data: Long expiration times from existing infrastructure

2012 - Sirke Reimann , Markus Dürmuth

Proceedings Workshop on Privacy in the Electronic Society (WPES), 2012.

Deniable encryption with negligible detection probability: An interactive construction

2011 - Markus Dürmuth, David Mandell Freeman

Proceedings Advances in Cryptology (EUROCRYPT 11), Springer, 2011

Acoustic Side-Channel Attacks on Printers

2010 - Michael Backes, Markus Dürmuth, Sebastian Gerling, Manfred Pinkal, Caroline Sporleder

Proceedings USENIX Security Symposium, 2010.
Page: