Philipp Markert
YOU?
Author Swipe
View article: Understanding Users' Interaction with Login Notifications
Understanding Users' Interaction with Login Notifications Open
Login notifications intend to inform users about sign-ins and help them protect their accounts from unauthorized access. Notifications are usually sent if a login deviates from previous ones, potentially indicating malicious activity. They…
View article: A Comparative Long-Term Study of Fallback Authentication Schemes
A Comparative Long-Term Study of Fallback Authentication Schemes Open
.Fallback authentication, the process of re-establishing access to an account when the primary authenticator is unavailable, holds critical significance. Approaches range from secondary channels like email and SMS to personal knowledge que…
View article: “Someone Definitely Used 0000”: Strategies, Performance, and User Perception of Novice Smartphone-Unlock PIN-Guessers
“Someone Definitely Used 0000”: Strategies, Performance, and User Perception of Novice Smartphone-Unlock PIN-Guessers Open
We examine the risk to lost, stolen, or unattended smartphones due to attempts to guess the device's unlock PIN, the most widespread authentication scheme for smartphones. We find novice attacks by those lacking forensic tools or training …
View article: A Transcontinental Analysis of Account Remediation Protocols of Popular Websites
A Transcontinental Analysis of Account Remediation Protocols of Popular Websites Open
Websites are used regularly in our day-today lives, yet research has shown that it is challenging for many users to use them securely, e.g., most prominently due to weak passwords through which they access their accounts. At the same time,…
View article: Understanding Users' Interaction with Login Notifications
Understanding Users' Interaction with Login Notifications Open
Login notifications intend to inform users about sign-ins and help them protect their accounts from unauthorized access. Notifications are usually sent if a login deviates from previous ones, potentially indicating malicious activity. They…
View article: “It’s Just a Lot of Prerequisites”: A User Perception and Usability Analysis of the German ID Card as a FIDO2 Authenticator
“It’s Just a Lot of Prerequisites”: A User Perception and Usability Analysis of the German ID Card as a FIDO2 Authenticator Open
Two-factor authentication (2FA) overcomes the insecurity of passwords by adding a second factor to the authentication process. A variant of 2FA, which is even phishing-resistant unlike, e.g., SMS-based implementations, is offered by the FI…
View article: On the Security of Smartphone Unlock PINs
On the Security of Smartphone Unlock PINs Open
In this article, we provide the first comprehensive study of user-chosen four- and six-digit PINs ( n =1705) collected on smartphones with participants being explicitly primed for device unlocking. We find that against a throttled attacker…
View article: "I have no idea what they're trying to accomplish:" Enthusiastic and Casual Signal Users' Understanding of Signal PINs
"I have no idea what they're trying to accomplish:" Enthusiastic and Casual Signal Users' Understanding of Signal PINs Open
We conducted an online study with $n = 235$ Signal users on their understanding and usage of PINs in Signal. In our study, we observe a split in PIN management and composition strategies between users who can explain the purpose of the Sig…
View article: Knock, Knock. Who's There? On the Security of LG's Knock Codes
Knock, Knock. Who's There? On the Security of LG's Knock Codes Open
Knock Codes are a knowledge-based unlock authentication scheme used on LG smartphones where a user enters a code by tapping or "knocking" a sequence on a 2x2 grid. While a lesser used authentication method, as compared to PINs or Android p…
View article: This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs
This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs Open
In this paper, we provide the first comprehensive study of user-chosen 4- and 6-digit PINs (n=1220) collected on smartphones with participants being explicitly primed for device unlocking. We find that against a throttled attacker (with 10…
View article: This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone\n Unlock PINs
This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone\n Unlock PINs Open
In this paper, we provide the first comprehensive study of user-chosen 4- and\n6-digit PINs (n=1220) collected on smartphones with participants being\nexplicitly primed for device unlocking. We find that against a throttled\nattacker (with…
View article: Work in Progress: A Comparative Long-Term Study of Fallback Authentication
Work in Progress: A Comparative Long-Term Study of Fallback Authentication Open
Fallback authentication, the process of recovering access to an account if the primary authenticator is forgotten or lost, is of significant importance in real-world applications.A variety of mechanisms are deployed, ranging from secondary…