Publications

Towards Quantum Large-Scale Password Guessing on Real-World Distributions

2021 - Markus Dürmuth, Maximilian Golla, Philipp Markert, Alexander May, Lars Schlieper

International Conference on Cryptology and Network Security 2021 (CANS '21). Vienna, Austria, December 13-15, 2021

Verify It's You: How Users Perceive Risk-based Authentication

2021 - Stephan Wiefling, Markus Dürmuth, Luigi Lo Iacono

IEEE Security & Privacy, Volume 19, Issue 6, November-December 2021 [DOI] [Paper]

Privacy Considerations for Risk-Based Authentication Systems

2021 - Stephan Wiefling, Jan Tolsdorf, Luigi Lo Iacono

International Workshop on Privacy Engineering (IWPE '21). Vienna, Austria, September 7, 2021 [Website] [Paper]

"I have no idea what they’re trying to accomplish" Enthusiastic and Casual Signal Users’ Understanding of Signal PINs

2021 - Daniel V. Bailey, Philipp Markert, Adam J. Aviv

Symposium on Usable Privacy and Security (SOUPS '21). Virtual Conference, August 8-10, 2021 [Website] [Paper]

Using a Blocklist to Improve the Security of User Selection of Android Patterns

2021 - Collins W. Munyendo, Miles Grant, Philipp Markert, Timothy J. Forman, Adam J. Aviv

Symposium on Usable Privacy and Security (SOUPS '21). Virtual Conference, August 8-10, 2021 [Website] [Paper]

My Account Is Compromised - What Do I Do? Towards an Intercultural Analysis of Account Remediation for Websites

2021 - Kathryn Walsh, Faiza Tazi, Philipp Markert, Sanchari Das

Workshop on Inclusive Privacy and Security (WIPS '21). Virtual Conference, August 7-8, 2021 [Video] [Paper] [Slides]

Unifying Privacy Policy Detection

2021 - Henry Hosseini, Martin Degeling, Christine Utz, Thomas Hupperich

The 21st Privacy Enhancing Technologies Symposium (PETS 2021), July 12–16, 2021, Virtual Conference

Are Privacy Dashboards Good for End Users? Evaluating User Perceptions and Reactions to Google’s My Activity

2021 - Florian Farke, David Balash, Maximilian Golla, Markus Dürmuth, Adam Aviv

USENIX Security Symposium (SSYM '21). Virtual Conference, August 11-13, 2021 [Conference Page] [arXiv Preprint] [Paper]

"It's Stored, Hopefully, on an Encrypted Server": Mitigating Users' Misconceptions About FIDO2 Biometric WebAuthn

2021 - Leona Lassak, Annika Hildebrandt, Maximilian Golla, Blase Ur

USENIX Security Symposium (SSYM '21). Virtual Conference, August 11-13, 2021 [Conference Page]

Evaluation of Account Recovery Strategies with FIDO2-based Passwordless Authentication

2021 - Johannes Kunke, Stephan Wiefling, Markus Ullmann, Luigi Lo Iacono

Open Identity Summit 2021 (OID '21). Lyngby, Denmark, June 1-2, 2021 [Link] [Paper]

We Built This Circuit: Exploring Threat Vectors in Circuit Establishment in Tor

2021 - Theodor Schnitzler, Christina Pöpper, Markus Dürmuth, Katharina Kohls

IEEE European Symposium on Security and Privacy (EuroS&P '21). Virtual Conference, September 6-10, 2021 [Paper]

What's in Score for Website Users: A Data-driven Long-term Study on Risk-based Authentication Characteristics

2021 - Stephan Wiefling, Markus Dürmuth, Luigi Lo Iacono

Financial Cryptography and Data Security (FC '21). Grenada, March 1-5, 2021 [Website] [Paper]

More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication

2020 - Stephan Wiefling, Markus Dürmuth, Luigi Lo Iacono

Annual Computer Security Applications Conference (ACSAC '20). Austin, USA, December 7-11, 2020 [Website] [Paper]

Data Sharing in Mobile Apps — User Privacy Expectations in Europe

2020 - Nils Quermann, Martin Degeling

5th European Workshop on Usable Security (EuroUSEC 2020) [pdf]

Knock, Knock. Who’s There? On the Security of LG’s Knock Codes

2020 - Raina Samuel, Philipp Markert, Adam J. Aviv, Iulian Neamtiu

Symposium on Usable Privacy and Security (SOUPS '20). Virtual Conference, August 7-11, 2020 [Video] [Paper] [Slides]

Evaluation of Risk-based Re-Authentication Methods

2020 - Stephan Wiefling, Tanvil Patil, Markus Dürmuth, Luigi Lo Iacono

IFIP In­ter­na­tio­nal Con­fe­rence on ICT Sys­tems Se­cu­ri­ty and Pri­va­cy Pro­tec­tion (IFIP SEC '20). Maribor, Slovenia, September 21-23, 2020 [Website] [Paper]

Usability, Sicherheit und Privatsphäre von risikobasierter Authentifizierung

2020 - Stephan Wiefling

Sicherheit 2020. Göttingen, Germany, March 17-20, 2020 [PDF]

“You still use the password after all” – Exploring FIDO2 Security Keys in a Small Company

2020 - Florian Farke, Lennart Lorenz, Theodor Schnitzler, Philipp Markert, Markus Dürmuth

Symposium on Usable Privacy and Security (SOUPS '20). Virtual Conference, August 7-11, 2020 [Video] [PDF] [Slides]

This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs

2020 - Philipp Markert, Daniel V. Bailey, Maximilian Golla, Markus Dürmuth, Adam J. Aviv

IEEE Sym­po­si­um on Se­cu­ri­ty and Pri­va­cy (SP '20). San Fran­cis­co, Ca­li­for­nia, USA, May 18-20, 2020 [Website] [Video] [PDF] [Slides]

Work in Progress: The European “Right To be Forgotten” – Legal and Technical Challenges of Search Engines Complying With The Right to Erasure

2019 - Jan Rensinghoff, Florian Farke, Markus Dürmuth, Tobias Gostomzyk

AoIR 2019: Trust in the System (AoIR '19). Brisbane, Australia, October 2, 2019
Page: