Publications

More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication

2020 - Stephan Wiefling, Markus Dürmuth, Luigi Lo Iacono

Annual Computer Security Applications Conference (ACSAC '20). Austin, USA, December 7-11, 2020 [Website] [Paper]

SoK: Managing Longitudinal Privacy of Publicly Shared Personal Online Data

2020 - Theodor Schnitzler, Shujaat Mirza, Markus Dürmuth, Christina Pöpper

Proceedings of Privacy Enhancing Technologies 2021, Volume 1, pp. 229-249, November 9, 2020 [PDF] [DOI]

Apps Against the Spread: Privacy Implications and User Acceptance of COVID-19-Related Smartphone Apps on Three Continents

2020 - Christine Utz, Steffen Becker, Theodor Schnitzler, Florian Farke, Franziska Herbert, Leonie Schaewitz, Martin Degeling, Markus Dürmuth

[arXiv Preprint]

Data Sharing in Mobile Apps — User Privacy Expectations in Europe

2020 - Nils Quermann, Martin Degeling

5th European Workshop on Usable Security (EuroUSEC 2020) [pdf]

Knock, Knock. Who’s There? On the Security of LG’s Knock Codes

2020 - Raina Samuel, Philipp Markert, Adam J. Aviv, Iulian Neamtiu

Symposium on Usable Privacy and Security (SOUPS '20). Virtual Conference, August 7-11, 2020 [Video] [Paper] [Slides]

Akzeptanz von Corona-Apps in Deutschland vor der Einführung der Corona-Warn-App

2020 - Steffen Becker, Martin Degeling, Markus Dürmuth, Florian Farke, Leonie Schaewitz, Theodor Schnitzler, Christine Utz

Vorabveröffentlichung (Preprint), Juni 2020 [PDF (Deutsch)]

Evaluation of Risk-based Re-Authentication Methods

2020 - Stephan Wiefling, Tanvil Patil, Markus Dürmuth, Luigi Lo Iacono

IFIP In­ter­na­tio­nal Con­fe­rence on ICT Sys­tems Se­cu­ri­ty and Pri­va­cy Pro­tec­tion (IFIP SEC '20). Maribor, Slovenia, September 21-23, 2020 [Website] [Paper]

Usability, Sicherheit und Privatsphäre von risikobasierter Authentifizierung

2020 - Stephan Wiefling

Sicherheit 2020. Göttingen, Germany, March 17-20, 2020 [PDF]

“You still use the password after all” – Exploring FIDO2 Security Keys in a Small Company

2020 - Florian Farke, Lennart Lorenz, Theodor Schnitzler, Philipp Markert, Markus Dürmuth

Symposium on Usable Privacy and Security (SOUPS '20). Virtual Conference, August 7-11, 2020 [Video] [PDF] [Slides]

This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs

2020 - Philipp Markert, Daniel V. Bailey, Maximilian Golla, Markus Dürmuth, Adam J. Aviv

IEEE Sym­po­si­um on Se­cu­ri­ty and Pri­va­cy (SP '20). San Fran­cis­co, Ca­li­for­nia, USA, May 18-20, 2020 [Website] [Video] [PDF] [Slides]

Exploring User Perceptions of Deletion in Mobile Instant Messaging Applications

2020 - Theodor Schnitzler, Christine Utz, Florian Farke, Christina Pöpper, Markus Dürmuth

Journal of Cybersecurity, Volume 6, Issue 1, January 30, 2020 [DOI]

Work in Progress: The European “Right To be Forgotten” – Legal and Technical Challenges of Search Engines Complying With The Right to Erasure

2019 - Jan Rensinghoff, Florian Farke, Markus Dürmuth, Tobias Gostomzyk

AoIR 2019: Trust in the System (AoIR '19). Brisbane, Australia, October 2, 2019

Recht auf Vergessen

2019 - Florian Farke, Jan Rensinghoff, Markus Dürmuth, Tobias Gostomzyk

Datenschutz und Datensicherheit (2019) 43: 681 [Springer]

POSTER: "What was that site doing with my Facebook password?" Designing Password-Reuse Notifications

2019 - Miranda Wei, Maximilian Golla, Juliette Hainline, Lydia Filipe, Markus Dürmuth, Elissa Redmiles, Blase Ur

USENIX Symposium on Usable Privacy and Security 2019 (SOUPS '19). Santa Clara, CA, USA, August 11-13, 2019 [Full Version]

View The Email to Get Hacked: Attacking SMS-Based Two-Factor Authentication

2019 - Philipp Markert, Florian Farke, Markus Dürmuth

Who Are You?! Adventures in Authentication (WAY '19). Santa Clara, California, USA, August 11, 2019 [PDF] [Slides]

Towards Contractual Agreements for Revocation of Online Data

2019 - Theodor Schnitzler, Markus Dürmuth, Christina Pöpper

IFIP International Conference on ICT Systems Security and Privacy Protection (IFIP SEC '19), Lisbon, Portugal, June 25-27, 2019 [PDF]

Is This Really You? An Empirical Study on Risk-Based Authentication Applied in the Wild

2019 - Stephan Wiefling, Luigi Lo Iacono , Markus Dürmuth

IFIP In­ter­na­tio­nal Con­fe­rence on ICT Sys­tems Se­cu­ri­ty and Pri­va­cy Pro­tec­tion (IFIP SEC '19), Lis­bon, Por­tu­gal, June 25-27, 2019 [Website] [PDF]

Reasoning Analytically About Password-Cracking Software

2019 - Enze Liu, Amanda Nakanishi, Maximilian Golla, David Cash, Blase Ur

IEEE Symposium on Security and Privacy (SP '19). San Francisco, California, May 20, 2019 [GitHub] [Video] [PDF] [Slides]

We Value Your Privacy - Now Take Some Cookies: Measuring the GDPR's Impact on Web Privacy

2019 - Martin Degeling, Christine Utz, Christopher Lentzsch, Henry Hosseini, Florian Schaub, Thorsten Holz

Network and Distributed System Security Symposium (NDSS 2019), San Diego, California, USA, February 2019 [GitHub] [PDF]

Work in Progress: A Comparative Long-Term Study of Fallback Authentication

2019 - Philipp Markert, Maximilian Golla, Elizabeth Stobert, Markus Dürmuth

Workshop on Usable Security and Privacy (USEC '19). San Diego, California, USA, February 24, 2019 [PDF] [Slides]

Work in Progress: On the In-Accuracy and Influence of Android Pattern Strength Meters

2019 - Maximilian Golla, Jan Rimkus, Adam J. Aviv, Markus Dürmuth

Workshop on Usable Security and Privacy (USEC '19). San Diego, California, February 24, 2019 [News] [GitHub] [PDF] [Slides]

"What was that site doing with my Facebook password?" Designing Password-Reuse Notifications

2018 - Maximilian Golla, Miranda Wei, Juliette Hainline, Lydia Filipe, Markus Dürmuth, Elissa Redmiles, Blase Ur

ACM Conference on Computer and Communications Security 2018 (CCS '18). Toronto, Canada, October 15-19, 2018 [Video] [News] [PDF] [Slides]

On the Accuracy of Password Strength Meters

2018 - Maximilian Golla, Markus Dürmuth

ACM Conference on Computer and Communications Security 2018 (CCS '18). Toronto, Canada, October 15-19, 2018 [Website] [GitHub] [Video] [PDF] [Slides]

Rethinking Access Control and Authentication for the Home Internet of Things (IoT)

2018 - Weijia He, Maximilian Golla, Roshni Padhi, Jordan Ofek, Markus Dürmuth, Earlence Fernandes, Blase Ur

USENIX Security Symposium 2018 (SSYM '18). Baltimore, MD, USA, August 15-17, 2018 [Video] [News] [PDF] [Slides]

POSTER: User Perception and Expectations on Deleting Instant Messages -or- "What Happens If I Press This Button?"

2018 - Theodor Schnitzler, Christine Utz, Florian Farke, Christina Pöpper, Markus Dürmuth

USENIX Symposium on Usable Privacy and Security 2018 (SOUPS '18). Baltimore, MD, USA, August 12-14, 2018

"Will Any Password Do?" Exploring Rate-Limiting on the Web

2018 - Maximilian Golla, Theodor Schnitzler, Markus Dürmuth

Who Are You?! Adventures in Authentication 2018 (WAY '18). Baltimore, MD, USA, August 12, 2018 [PDF] [Slides]

Bars, Badges, and High Scores: On the Impact of Password Strength Visualizations

2018 - Maximilian Golla, Björn Hahn, Karsten Meyer zu Selhausen, Henry Hosseini, Markus Dürmuth

Who Are You?! Adventures in Authentication 2018 (WAY '18). Baltimore, MD, USA, August 12, 2018 [PDF] [Slides]

The Password Doesn't Fall Far: How Service Influences Password Choice

2018 - Miranda Wei, Maximilian Golla, Blase Ur

Who Are You?! Adventures in Authentication 2018 (WAY '18). Baltimore, MD, USA, August 12, 2018 [PDF] [Slides]

The State of User Authentication in the Wild

2018 - Nils Quermann, Marian Harbach, Markus Dürmuth

Who Are You?! Adventures in Authentication 2018 (WAY '18). Baltimore, MD, USA, August 12, 2018 [PDF]

User Perception and Expectations on Deleting Instant Messages -or- "What Happens If I Press This Button?"

2018 - Theodor Schnitzler, Christine Utz, Florian Farke, Christina Pöpper, Markus Dürmuth

European Workshop on Usable Security (EuroUSEC) 2018, London, England, 23 April 2018 [PDF] [Slides]

HAL—The Missing Piece of the Puzzle for Hardware Reverse Engineering, Trojan Detection and Insertion

2018 - Marc Fyrbiak, Sebastian Wallat, Pawel Swierczynski, Max Hoffmann, Sebastian Hoppach, Mathias Wilhelm, Tobias Weidlich, Russell Tessier, Chris­tof Paar

IEEE Transactions on Dependable and Secure Computing (to appear)

On The (In-)Security Of JavaScript Object Signing And Encryption

2017 - Dennis Detering, Juraj Somorovsky, Christian Mainka, Vladislav Mladenov, Jörg Schwenk

ROOTS, November 16–17, 2017, Vienna, Austria [PDF]

"I want my money back!" Limiting Online Password-Guessing Financially

2017 - Maximilian Golla, Daniel V. Bailey, Markus Dürmuth

Who Are You?! Adventures in Authentication 2017 (WAY '17). Santa Clara, CA, USA, July 12, 2017 [PDF] [Slides]

POSTER: Towards Implicit Visual Memory-Based Authentication

2017 - Claude Castelluccia, Markus Dürmuth, Maximilian Golla, Fatma Deniz

USENIX Symposium on Usable Privacy and Security 2017 (SOUPS '17). Santa Clara, CA, USA, July 12-14, 2017 [Full Version]

Towards Implicit Visual Memory-Based Authentication

2017 - Claude Castelluccia, Markus Dürmuth, Maximilian Golla, Fatma Deniz

ISOC Network and Distributed System Security Symposium 2017 (NDSS '17). San Diego, CA, USA, February 26 - March 1, 2017 [Video] [PDF] [Slides]

EmojiAuth: Quantifying the Security of Emoji-based Authentication

2017 - Maximilian Golla, Dennis Detering, Markus Dürmuth

Workshop on Usable Security 2017 (USEC '17). San Diego, CA, USA, February 25, 2017 [PDF] [Slides]

On the Security of Cracking-Resistant Password Vaults

2016 - Maximilian Golla, Benedict Beuscher, Markus Dürmuth

ACM Conference on Computer and Communications Security 2016 (CCS '16). Vienna, Austria, October 24-28, 2016 [Video] [PDF] [Slides]

Side-Channel Attacks on Fingerprint Matching Algorithms

2016 - Markus Dürmuth, David Oswald, Niklas Pastewka

To appear at the 6th International Workshop on Trustworthy Embedded Devices (TrustED 2016) [PDF]

On User Choice for Android Unlock Patterns

2016 - Marte Loge, Markus Dürmuth, Lillian Rostad

Accepted at the 1st European Workshop on Usable Security, 2016. [PDF]

Position Paper: Measuring the Impact of Alphabet and Culture on Graphical Passwords

2016 - Adam J. Aviv, Markus Dürmuth, Payas Gupta

Adventures in Authentication: WAY Workshop, 2016. [PDF]

Neuralyzer: Flexible Expiration Times for the Revocation of Online Data

2016 - Apostolis Zarras, Katharina Kohls, Markus Dürmuth, Christina Pöpper

In Proceedings of the ACM Conference on Data and Application Security and Privacy (ACM CODASPY) 2016 *** OUTSTANDING PAPER AWARD *** [PDF]

Who Are You? A Statistical Approach to Measuring User Authenticity

2016 - Markus Dürmuth, David Freeman, Sakshi Jain, Battista Biggio, Giorgio Giacinto

The Network and Distributed System Security Symposium 2016 (NDSS '16), San Diego, CA, USA, February 21-24, 2016 [PDF] [Slides]

Analyzing 4 Million Real-World Personal Knowledge Questions (Short Paper)

2015 - Maximilian Golla, Markus Dürmuth

International Conference on Passwords 2015 (PASSWORDS '15). Cambridge, United Kingdom, December 7-9, 2015 [Video] [PDF] [Slides]

OMEN: Faster Password Guessing Using an Ordered Markov Enumerator

2015 - Markus Dürmuth, Fabian Angelstorf, Claude Castelluccia, Daniele Perito, Abdelberi Chaabane

International Symposium on Engineering Secure Software and Systems (ESSoS), 2015. [GitHub] [PDF]

Learning from Neuroscience to Improve Internet Security

2014 - Claude Castelluccia, Markus Dürmuth, Fatma Imamoglu

ERCIM News 2014(99), 2014.

On Password Guessing with GPUs and FPGAs

2014 - Markus Dürmuth, Thorsten Kranz

PASSWORDS 2014 Conference, 2014. [pdf]

Secure Fallback Authentication and the Trusted Friend Attack

2014 - Ashar Javed, David Bletgen, Florian Kohlar, Markus Dürmuth, Jörg Schwenk

Proceedings International Conference on Distributed Computing Systems Workshops (ICDCS Workshops), 2014.

Statistics on Password Re-use and Adaptive Strength for Financial Accounts

2014 - Daniel V. Bailey, Markus Dürmuth, Chris­tof Paar

Proceedings 9th International Conference on Security and Cryptography (SCN), 2014. [PDF]

Typing passwords with voice recognition --or-- How to authenticate to Google Glass

2014 - Daniel Bailey, Markus Dürmuth, Chris­tof Paar

Adventures in Authentication: WAY Workshop. 2014. [PDF]

Quantifying the Security of Graphical Passwords: The Case of Android Unlock Patterns

2013 - Sebastian Uellenbeck, Markus Dürmuth, Christopher Wolf, Thorsten Holz

ACM Conference on Computer and Communications Security (CCS), Berlin, November 2013 [PDF]
Page: