Markus Dürmuth
YOU?
Author Swipe
View article: Understanding Users' Interaction with Login Notifications
Understanding Users' Interaction with Login Notifications Open
Login notifications intend to inform users about sign-ins and help them protect their accounts from unauthorized access. Notifications are usually sent if a login deviates from previous ones, potentially indicating malicious activity. They…
View article: A Comparative Long-Term Study of Fallback Authentication Schemes
A Comparative Long-Term Study of Fallback Authentication Schemes Open
.Fallback authentication, the process of re-establishing access to an account when the primary authenticator is unavailable, holds critical significance. Approaches range from secondary channels like email and SMS to personal knowledge que…
View article: A Representative Study on Human Detection of Artificially Generated Media Across Countries
A Representative Study on Human Detection of Artificially Generated Media Across Countries Open
AI-generated media has become a threat to our digital society as we know it. These forgeries can be created automatically and on a large scale based on publicly available technology. Recognizing this challenge, academics and practitioners …
View article: 52 Weeks Later: Attitudes Towards COVID-19 Apps for Different Purposes Over Time
52 Weeks Later: Attitudes Towards COVID-19 Apps for Different Purposes Over Time Open
The COVID-19 pandemic has prompted countries around the world to introduce smartphone apps to support disease control efforts. Their purposes range from digital contact tracing to quarantine enforcement to vaccination passports, and their …
View article: 52 Weeks Later: Attitudes Towards COVID-19 Apps for Different Purposes Over Time
52 Weeks Later: Attitudes Towards COVID-19 Apps for Different Purposes Over Time Open
The COVID-19 pandemic has prompted countries around the world to introduce smartphone apps to support disease control efforts. Their purposes range from digital contact tracing to quarantine enforcement to vaccination passports, and their …
View article: A World Full of Privacy and Security (Mis)conceptions? Findings of a Representative Survey in 12 Countries
A World Full of Privacy and Security (Mis)conceptions? Findings of a Representative Survey in 12 Countries Open
Misconceptions about digital security and privacy topics in the general public frequently lead to insecure behavior. However, little is known about the prevalence and extent of such misconceptions in a global context. In this work, we pres…
View article: Digital Security -- A Question of Perspective. A Large-Scale Telephone Survey with Four At-Risk User Groups
Digital Security -- A Question of Perspective. A Large-Scale Telephone Survey with Four At-Risk User Groups Open
This paper investigates the digital security experiences of four at-risk user groups in Germany, including older adults (70+), teenagers (14-17), people with migration backgrounds, and people with low formal education. Using computer-assis…
View article: A World Full of Privacy and Security (Mis)conceptions? Findings of a Representative Survey in 12 Countries
A World Full of Privacy and Security (Mis)conceptions? Findings of a Representative Survey in 12 Countries Open
Misconceptions about digital security and privacy topics in the general public frequently lead to insecure behavior. However, little is known about the prevalence and extent of such misconceptions in a global context. In this work, we pres…
View article: Understanding Users' Interaction with Login Notifications
Understanding Users' Interaction with Login Notifications Open
Login notifications intend to inform users about sign-ins and help them protect their accounts from unauthorized access. Notifications are usually sent if a login deviates from previous ones, potentially indicating malicious activity. They…
View article: “It’s Just a Lot of Prerequisites”: A User Perception and Usability Analysis of the German ID Card as a FIDO2 Authenticator
“It’s Just a Lot of Prerequisites”: A User Perception and Usability Analysis of the German ID Card as a FIDO2 Authenticator Open
Two-factor authentication (2FA) overcomes the insecurity of passwords by adding a second factor to the authentication process. A variant of 2FA, which is even phishing-resistant unlike, e.g., SMS-based implementations, is offered by the FI…
View article: Proof-of-Vax: Studying User Preferences and Perception of Covid Vaccination Certificates
Proof-of-Vax: Studying User Preferences and Perception of Covid Vaccination Certificates Open
Digital tools play an important role in fighting the current global COVID-19 pandemic. We conducted a representative online study in Germany on a sample of 599 participants to evaluate the user perception of vaccination certificates. We in…
View article: Proof-of-Vax: Studying User Preferences and Perception of Covid Vaccination Certificates
Proof-of-Vax: Studying User Preferences and Perception of Covid Vaccination Certificates Open
Digital tools play an important role in fighting the current global COVID-19 pandemic. We conducted a representative online study in Germany on a sample of 599 participants to evaluate the user perception of vaccination certificates. We in…
View article: Table of Contents
Table of Contents Open
each year to highlight selected papers from a conference.The papers in this issue cover a broad spectrum of applied
View article: Vision: Developing a Broad Usable Security & Privacy Questionnaire
Vision: Developing a Broad Usable Security & Privacy Questionnaire Open
We aim to develop a questionnaire that measures privacy and security knowledge, attitude, and behavior on a broad level with a wide range of topics like authentication, smart home, web tracking, operating systems, mobile devices, instant m…
View article: On the Security of Smartphone Unlock PINs
On the Security of Smartphone Unlock PINs Open
In this article, we provide the first comprehensive study of user-chosen four- and six-digit PINs ( n =1705) collected on smartphones with participants being explicitly primed for device unlocking. We find that against a throttled attacker…
View article: Proof-of-Vax: Studying User Preferences and Perception of Covid\n Vaccination Certificates
Proof-of-Vax: Studying User Preferences and Perception of Covid\n Vaccination Certificates Open
Digital tools play an important role in fighting the current global COVID-19\npandemic. We conducted a representative online study in Germany on a sample of\n599 participants to evaluate the user perception of vaccination certificates.\nWe…
View article: Are Privacy Dashboards Good for End Users? Evaluating User Perceptions\n and Reactions to Google's My Activity (Extended Version)
Are Privacy Dashboards Good for End Users? Evaluating User Perceptions\n and Reactions to Google's My Activity (Extended Version) Open
Privacy dashboards and transparency tools help users review and manage the\ndata collected about them online. Since 2016, Google has offered such a tool,\nMy Activity, which allows users to review and delete their activity data from\nGoogl…
View article: Are Privacy Dashboards Good for End Users? Evaluating User Perceptions and Reactions to Google's My Activity (Extended Version)
Are Privacy Dashboards Good for End Users? Evaluating User Perceptions and Reactions to Google's My Activity (Extended Version) Open
Privacy dashboards and transparency tools help users review and manage the data collected about them online. Since 2016, Google has offered such a tool, My Activity, which allows users to review and delete their activity data from Google s…
View article: What's in Score for Website Users: A Data-driven Long-term Study on\n Risk-based Authentication Characteristics
What's in Score for Website Users: A Data-driven Long-term Study on\n Risk-based Authentication Characteristics Open
Risk-based authentication (RBA) aims to strengthen password-based\nauthentication rather than replacing it. RBA does this by monitoring and\nrecording additional features during the login process. If feature values at\nlogin time differ si…
View article: More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication
More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication Open
Risk-based Authentication (RBA) is an adaptive security measure to strengthen\npassword-based authentication. RBA monitors additional features during login,\nand when observed feature values differ significantly from previously seen\nones,…
View article: SoK: Managing Longitudinal Privacy of Publicly Shared Personal Online Data
SoK: Managing Longitudinal Privacy of Publicly Shared Personal Online Data Open
Over the past decade, research has explored managing the availability of shared personal online data, with particular focus on longitudinal aspects of privacy. Yet, there is no taxonomy that takes user perspective and technical approaches …
View article: This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs
This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs Open
In this paper, we provide the first comprehensive study of user-chosen 4- and 6-digit PINs (n=1220) collected on smartphones with participants being explicitly primed for device unlocking. We find that against a throttled attacker (with 10…
View article: This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone\n Unlock PINs
This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone\n Unlock PINs Open
In this paper, we provide the first comprehensive study of user-chosen 4- and\n6-digit PINs (n=1220) collected on smartphones with participants being\nexplicitly primed for device unlocking. We find that against a throttled\nattacker (with…
View article: Exploring user perceptions of deletion in mobile instant messaging applications
Exploring user perceptions of deletion in mobile instant messaging applications Open
Contemporary mobile messaging provides rich text and multimedia functionality leaving detailed trails of sensitive user information that can span long periods of time. Allowing users to manage the privacy implications both on the sender an…
View article: WORK IN PROGRESS: THE EUROPEAN "RIGHT TO BE FORGOTTEN" – LEGAL AND TECHNICAL CHALLENGES OF SEARCH ENGINES COMPLYING THE RIGHT TO ERASURE
WORK IN PROGRESS: THE EUROPEAN "RIGHT TO BE FORGOTTEN" – LEGAL AND TECHNICAL CHALLENGES OF SEARCH ENGINES COMPLYING THE RIGHT TO ERASURE Open
The new European right to be forgotten (Art. 17 of the European General Data Protection Regulation (GDPR) grants EU citizens the right to demand the erasure of their personal data from anyone who processes their personal data. To enforce t…
View article: Work in Progress: A Comparative Long-Term Study of Fallback Authentication
Work in Progress: A Comparative Long-Term Study of Fallback Authentication Open
Fallback authentication, the process of recovering access to an account if the primary authenticator is forgotten or lost, is of significant importance in real-world applications.A variety of mechanisms are deployed, ranging from secondary…
View article: Work in Progress: On the In-Accuracy and Influence of Android Pattern Strength Meters
Work in Progress: On the In-Accuracy and Influence of Android Pattern Strength Meters Open
A common method for helping users select stronger authentication secrets, e. g., passwords, is to deploy a visual strength meter that provides feedback to the user while performing password selection.Recent work considered the accuracy of …