Maximilian Golla

Postdoc at the Max Planck Institute for Security and Privacy in Bochum, Germany

Hi there!

 

I'm a postdoctoral researcher interested in usable security and privacy. While I studied computer science, I later specialized in information security and developed an interest for usability and human factors in computer security.

During my PhD, I focused on exploring the usability and security of password-based user authentication. At the time, I was a scholar of the DFG (German Research Foundation) research training group UbiCrypt. I worked extensively with Blase Ur from SUPERgroup Logo SUPERgroup at the University of Chicago and Adam J. Aviv from GWUSEC Logo GWUSEC Lab at the George Washington University. I received my PhD in 2019 from RUB Logo Ruhr University Bochum, where I was advised by Prof. Dr. Markus Dürmuth.

Since October 2019, I'm a postdoc at the MPI-SP Logo Max Planck Institute for Security and Privacy in Bochum, Germany. The research of our group at MPI-SP focuses on computer security, privacy, and human-computer interaction (HCI). We are especially working on methods to help users make better security and privacy decisions, as well as, to make complex computer systems more usable for non-technical users.

Me

Interests

User Authentication
User Authentication
Privacy Controls
Privacy Controls

  • User Authentication
    • Passwords (Strength, Recovery, Management, Quantum ...)
    • Mobile Authentication (PINs, Patterns, Biometrics)
    • Notifications (Reuse, WebAuthn, 2FA)
    • Passwordless (FIDO2 & biometric WebAuthn)
    • Access Control (Smart Home & IoT)
    • Alternative Schemes (Implicit Memory, Gamification)
  • Privacy Controls
    • Social Networks (Targeting & Transparency Tools)
    • Voice Assistants (Private Mode & Accidental Triggers)
    • Secure Communication (Messenger & Email Encryption)

Education

  • Doctorate (Dr.-Ing.) Summa cum laude (With highest honors)
  • Master of Science (M.Sc., Engineer) Very good
    • IT Security - Network & Systems
    • «Graphical Fallback Authentication»
    • Ruhr University Bochum
  • Bachelor of Engineering (B.Eng., Engineer) Good
    • Computer Science - Communication in Distributed Systems
    • «Security Audit of a Web Interface for Building Automation»
    • University of Applied Sciences Würzburg-Schweinfurt

Contact

Maximilian Golla
Max Planck Institute for Security and Privacy
Ruhr University Bochum, ID 2/129
Universitaetsstr. 150, 44780 Bochum
maximilian.golla@rub.de
MPI-SP RUB Twitter Slack GitHub Google Hall of Fame PGP Key

Peer-Reviewed Publications

Below you can find a list of selected papers and posters.
Last update: October 2021
Citation Profiles:
Google Scholar DBLP ORCID iD IEEE Xplore ACM DL ResearchGate

Community Service, Committees, and Reviewing Activities

Last update: June 2021
  • Reviewer: ACM Transactions on Privacy and Security (TOPS '21)
  • Reviewer: IEEE Transactions on Information Forensics and Security (TIFS '21)
  • Program Committee and Poster Chair: 17th Symposium on Usable Privacy and Security (SOUPS '21)
  • External Reviewer: 42nd IEEE Symposium on Security and Privacy (SP '21)
  • Reviewer: 16th International Conference on Wirtschaftsinformatik (WI '21)
  • Reviewer: IEEE Transactions on Emerging Topics in Computing (TETC '20)
  • Program Chair: 6th Who Are You?! Adventures in Authentication Workshop (WAY '20)
  • Program Committee and Poster Chair: 16th Symposium on Usable Privacy and Security (SOUPS '20)
  • Publicity Chair: 5th European Workshop on Usable Security (EuroUSEC '20)
  • Reviewer: ACM Transactions on Privacy and Security (TOPS '20)
  • External Reviewer: 29th USENIX Security Symposium (SSYM '20)
  • Poster Jury: 15th Symposium on Usable Privacy and Security (SOUPS '19)
  • Program Chair: 5th Who Are You?! Adventures in Authentication Workshop (WAY '19)
  • Program Committee and Publicity Chair: 4th European Workshop on Usable Security (EuroUSEC '19)
  • Program Committee: 4th Who Are You?! Adventures in Authentication Workshop (WAY '18)
  • Reviewer: 39th International Conference on Information Systems (ICIS '18)
  • Program Committee: 2018 Networked Privacy Workshop at ACM CHI (NPW '18)
  • External Reviewer: 3rd Who Are You?! Adventures in Authentication Workshop (WAY '17)
  • External Reviewer: 26th USENIX Security Symposium (SSYM '17)
  • Reviewer: ACM Transactions on Privacy and Security (TOPS '17)
  • Reviewer: 11th International Conference on Passwords (PASSWORDS '16)

Talks

Below you can find some recordings of talks I gave at various conferences and other videos.

Last update: September 2021
August 2021
USENIX Security 2021: Are Privacy Dashboards Good for End Users?
USENIX Security 2021:
Are Privacy Dashboards Good for End Users?
August 2021
USENIX Security 2021: Driving 2FA Adoption at Scale
USENIX Security 2021:
Driving 2FA Adoption at Scale
August 2021
USENIX Security 2021: Mitigating Misconceptions About Biometric WebAuthn
USENIX Security 2021:
Mitigating Misconceptions About Biometric WebAuthn

December 2020
Remote Chaos Experience 2020: Alexa, Who Else Is Listening?
Remote Chaos Experience 2020:
Alexa, Who Else Is Listening?
November 2020
PasswordsCon 2020: Everything You Always Wanted to Know About PINs
PasswordsCon 2020:
Everything You Always Wanted to Know About PINs
June 2020
STRG_F: Alexa, Siri & Co. Are Secretly Listening
STRG_F:
Alexa, Siri & Co. Are Secretly Listening

May 2020
IEEE SP 2020: This PIN Can Be Easily Guessed
IEEE SP 2020:
This PIN Can Be Easily Guessed
December 2019
PasswordsCon 2019: Reasoning Analytically About Password-Cracking Software
PasswordsCon 2019:
Reasoning Analytically About Password-Cracking Software
May 2019
IEEE SP 2019: Reasoning Analytically About Password-Cracking Software
IEEE SP 2019:
Reasoning Analytically About Password-Cracking Software

October 2018
ACM CCS 2018: Designing Password-Reuse Notifications
ACM CCS 2018:
Designing Password-Reuse Notifications
October 2018
ACM CCS 2018: On the Accuracy of Password Strength Meters
ACM CCS 2018:
On the Accuracy of Password Strength Meters
August 2018
USENIX Security 2018: Rethinking Access Control and Authentication for the Home Internet of Things
USENIX Security 2018:
Rethinking Access Control and Authentication for the Home Internet of Things

February 2017
ISOC NDSS 2017: Towards Implicit Visual Memory-Based Authentication
ISOC NDSS 2017:
Towards Implicit Visual Memory-Based Authentication
October 2016
ACM CCS 2016: On the Security of Cracking-Resistant Password Vaults
ACM CCS 2016:
On the Security of Cracking-Resistant Password Vaults
December 2015
PasswordsCon 2015: Analyzing 4 Million Real-World Personal Knowledge Questions
PasswordsCon 2015:
Analyzing 4 Million Real-World Personal Knowledge Questions

December 2015
PasswordsCon 2015: A Framework for Comparing Password Guessing Strategies
PasswordsCon 2015:
A Framework for Comparing Password Guessing Strategies

In the News

Below you can find a list of selected news articles.

Last update: June 2021

Projects & Software

Below you can find a list of cool projects I created or have been involved with.

Last update: September 2021
June 2021
Mitigating Users' Misconceptions About FIDO2 Biometric WebAuthn Mitigating Users' Misconceptions About
FIDO2 Biometric WebAuthn
June 2021
Are Privacy Dashboards Good for End Users? Google My Activity:
Are Privacy Dashboards Good for End Users?
June 2020
Unacceptable-Privacy: Exploring Accidental Triggers of Smart Speakers Unacceptable-Privacy:
Exploring Accidental Triggers of Smart Speakers

June 2020
COVID-LENS: List COVID-19 Exposure Notification Services COVID-LENS:
List COVID-19 Exposure Notification Services
May 2020
PIN Blocklists: This PIN Can Be Easily Guessed PIN Blocklists:
This PIN Can Be Easily Guessed
July 2019
Android (Unlock) Pattern Classifier: Unlock Pattern Strength Meter Android (Unlock) Pattern Classifier:
Unlock Pattern Strength Meter

July 2019
NEMO: Modeling Guessability Using Markov Models NEMO:
Modeling Guessability Using Markov Models
June 2019
2FA Phishing: SMS Verification in Gmail's Confidential Mode 2FA Phishing:
SMS Verification in Gmail's Confidential Mode
December 2018
Analytic Password Cracking: Reasoning About Password-Cracking Software Analytic Password Cracking:
Reasoning About Password-Cracking Software

October 2018
Password Strength Meters: Meter Comparison Made Simple Password Strength Meters:
Meter Comparison Made Simple
January 2018
Comparing Fallback Schemes: Usability Study of Fallback Authentication Comparing Fallback Schemes:
Usability Study of Fallback Authentication
December 2017
Bars, Badges, and High Scores: Impact of Password Strength Visualizations Bars, Badges, and High Scores:
Impact of Password Strength Visualizations

May 2017
Authentication in Virtual Reality: Predictive Keyboard for Entering Passwords Authentication in Virtual Reality:
Predictive Keyboard for Entering Passwords
February 2017
MooneyAuth: Implicit (Fallback) Authentication MooneyAuth:
Implicit (Fallback) Authentication
October 2016
Cracking NoCrack: Security of Cracking-Resistant Vaults Cracking NoCrack:
Security of Cracking-Resistant Vaults

August 2016
Ordered Markov ENumerator OMEN:
Ordered Markov ENumerator
March 2016
EmojiAuth: Emoji-based Mobile Authentication EmojiAuth:
Emoji-based Mobile Authentication
December 2015
Comparing Guessing Strategies: Framework for Comparing Password Guesser Comparing Guessing Strategies:
Framework for Comparing Password Guesser

October 2015
Gathering User Information: PII-Based Password Guessing Gathering User Information:
PII-Based Password Guessing
July 2015
Learning Authentication Secrets: Knock Patterns Learning Authentication Secrets:
Knock Patterns
December 2014
Attacking Audio CAPTCHAs: Breaking Apple's iCloud Audio CAPTCHA Attacking Audio CAPTCHAs:
Breaking Apple's iCloud Audio CAPTCHA

July 2014
Graphical Fallback Authentication: Google Street View-Based Authentication Graphical Fallback Authentication:
Google Street View-Based Authentication