Peer-Reviewed Publications
Below you can find a list of selected papers and posters.
Last update: September 2023
Citation Profiles :
Google Scholar
DBLP
ORCID iD
IEEE Xplore
ACM DL
ResearchGate
2024
USENIX Security Symposium (SSYM '24) — August, 2024 — Philadelphia, Pennsylvania, USA
Why Haven't Passkeys Replaced Passwords? Obstacles Companies Face Deploying FIDO2 Passwordless Authentication
Leona Lassak, Elleen Pan, Blase Ur, and Maximilian Golla
Under Review
Understanding Users' Interaction with Login Notifications
Philipp Markert, Leona Lassak, Maximilian Golla , and Markus Dürmuth
2023
USENIX Security Symposium (SSYM '23) — August, 2023 — Anaheim, California, USA ( Distinguished Paper Award)
A Two-Decade Retrospective Analysis of a University's Vulnerability to Attacks Exploiting Reused Passwords
Alexandra Nisenoff, Maximilian Golla , Miranda Wei, Juliette Hainline, Hayley Szymanek, Annika Braun, Annika Hildebrandt, Blair Christensen, David Langenberg, and Blase Ur
USENIX ;login: — July, 2023 — Science Magazine
Measuring the Risk Password Reuse Poses for a University
Alexandra Nisenoff, Maximilian Golla , and Blase Ur
2022
USENIX Symposium on Usable Privacy and Security (SOUPS '22) — August, 2022 — Boston, Massachusetts, USA
"As soon as it's a risk, I want to require MFA": How Administrators Configure Risk-based Authentication
Philipp Markert, Theodor Schnitzler, Maximilian Golla , and Markus Dürmuth
USENIX Symposium on Usable Privacy and Security (SOUPS '22) — August, 2022 — Boston, Massachusetts, USA
POSTER: "It's Stored, Hopefully, on an Encrypted Server": Mitigating Users' Misconceptions About FIDO2 Biometric WebAuthn
Leona Lassak, Annika Hildebrandt, Maximilian Golla , and Blase Ur
Privacy Enhancing Technologies Symposium (PETS '22) — July, 2022 — Sydney, Australia (Acceptance: 21.0%)
"We may share the number of diaper changes": A Privacy and Security Analysis of Mobile Child Care Applications
Moritz Gruber, Christian Höfig, Maximilian Golla , Tobias Urban, and Matteo Große-Kampmann
Elsevier Computer Speech & Language — Special Issue on Voice Privacy — Journal Publication
Exploring Accidental Triggers of Smart Speakers
Lea Schönherr, Maximilian Golla , Thorsten Eisenhofer, Jan Wiele, Dorothea Kolossa, and Thorsten Holz
2021
International Conference on Cryptology and Network Security (CANS '21) — December, 2021 — Vienna, Austria
Towards Quantum Large-Scale Password Guessing on Real-World Distributions
Markus Dürmuth, Maximilian Golla , Philipp Markert, Lars Schlieper, and Alexander May
ACM Transactions on Privacy and Security (TOPS '21) — November, 2021 — Journal Publication
On the Security of Smartphone Unlock PINs
Philipp Markert, Daniel V. Bailey, Maximilian Golla , Markus Dürmuth, and Adam J. Aviv
USENIX Security Symposium (SSYM '21) — August, 2021 — Virtual Conference (Acceptance: 18.7%)
"It's Stored, Hopefully, on an Encrypted Server": Mitigating Users' Misconceptions About FIDO2 Biometric WebAuthn
Leona Lassak, Annika Hildebrandt, Maximilian Golla , and Blase Ur
USENIX Security Symposium (SSYM '21) — August, 2021 — Virtual Conference (Acceptance: 18.7%)
Are Privacy Dashboards Good for End Users? Evaluating User Perceptions and Reactions to Google's My Activity
Florian M. Farke, David G. Balash, Maximilian Golla , Markus Dürmuth, and Adam J. Aviv
USENIX Security Symposium (SSYM '21) — August, 2021 — Virtual Conference (Acceptance: 18.7%)
Driving 2FA Adoption at Scale: Optimizing Two-Factor Authentication Notification Design Patterns
Maximilian Golla , Grant Ho, Marika Lohmus, Monica Pulluri, and Elissa M. Redmiles
2020
IEEE Symposium on Security and Privacy (SP '20) — May, 2020 — San Francisco, California, USA (Acceptance: 12.3%)
This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs
Philipp Markert, Daniel V. Bailey, Maximilian Golla , Markus Dürmuth, and Adam J. Aviv
2019
USENIX Symposium on Usable Privacy and Security (SOUPS '19) — August, 2019 — Santa Clara, California, USA ( Distinguished Poster Award)
POSTER: "What was that site doing with my Facebook password?" Designing Password-Reuse Notifications
Miranda Wei, Maximilian Golla , Juliette Hainline, Lydia Filipe, Markus Dürmuth, Elissa Redmiles, and Blase Ur
PhD Thesis — Ruhr University Bochum (RUB) — May, 2019 — Bochum, Germany ( Distinguished Thesis Award)
On the Usability and Security of Password-Based User Authentication
Maximilian Golla
IEEE Symposium on Security and Privacy (SP '19) — May, 2019 — San Francisco, California, USA (Acceptance: 11.7%)
Reasoning Analytically About Password-Cracking Software
Enze Liu, Amanda Nakanishi, Maximilian Golla , David Cash, Blase Ur
ISOC Workshop on Usable Security (USEC '19) — February, 2019 — San Diego, California, USA
Work in Progress: A Comparative Long-Term Study of Fallback Authentication
Philipp Markert, Maximilian Golla , Elizabeth Stobert, and Markus Dürmuth
ISOC Workshop on Usable Security (USEC '19) — February, 2019 — San Diego, California, USA
Work in Progress: On the In-Accuracy and Influence of Android Pattern Strength Meters
Maximilian Golla , Jan Rimkus, Adam J. Aviv, and Markus Dürmuth
2018
ACM Conference on Computer and Communications Security (CCS '18) — October, 2018 — Toronto, Canada (Acceptance: 16.6%)
"What was that site doing with my Facebook password?" Designing Password-Reuse Notifications
Maximilian Golla , Miranda Wei, Juliette Hainline, Lydia Filipe, Markus Dürmuth, Elissa Redmiles, and Blase Ur
ACM Conference on Computer and Communications Security (CCS '18) — October, 2018 — Toronto, Canada (Acceptance: 16.6%)
On the Accuracy of Password Strength Meters
Maximilian Golla and Markus Dürmuth
USENIX Security Symposium (SSYM '18) — August, 2018 — Baltimore, Maryland, USA (Acceptance: 19.1%)
Rethinking Access Control and Authentication for the Home Internet of Things (IoT)
Weijia He, Maximilian Golla , Roshni Padhi, Jordan Ofek, Markus Dürmuth, Earlence Fernandes, and Blase Ur
Who Are You?! Adventures in Authentication Workshop (WAY '18) — August, 2018 — Baltimore, Maryland, USA
"Will Any Password Do?" Exploring Rate-Limiting on the Web
Maximilian Golla , Theodor Schnitzler, and Markus Dürmuth
Who Are You?! Adventures in Authentication Workshop (WAY '18) — August, 2018 — Baltimore, Maryland, USA
Bars, Badges, and High Scores: On the Impact of Password Strength Visualizations
Maximilian Golla , Björn Hahn, Karsten Meyer zu Selhausen, Henry Hosseini, and Markus Dürmuth
Who Are You?! Adventures in Authentication Workshop (WAY '18) — August, 2018 — Baltimore, Maryland, USA
The Password Doesn't Fall Far: How Service Influences Password Choice
Miranda Wei, Maximilian Golla , and Blase Ur
2017
Who Are You?! Adventures in Authentication Workshop (WAY '17) — July, 2017 — Santa Clara, California, USA
"I want my money back!" Limiting Online Password-Guessing Financially
Maximilian Golla , Daniel V. Bailey, and Markus Dürmuth
USENIX Symposium on Usable Privacy and Security (SOUPS '17) — July, 2017 — Santa Clara, California, USA
POSTER: Towards Implicit Visual Memory-Based Authentication
Claude Castelluccia, Markus Dürmuth, Maximilian Golla , and Fatma Deniz
ISOC Network and Distributed System Security Symposium (NDSS '17) — February, 2017 — San Diego, California, USA (Acceptance: 16.1%)
Towards Implicit Visual Memory-Based Authentication
Claude Castelluccia, Markus Dürmuth, Maximilian Golla , and Fatma Deniz
ISOC Workshop on Usable Security (USEC '17) — February, 2017 — San Diego, California, USA
EmojiAuth: Quantifying the Security of Emoji-based Authentication
Maximilian Golla , Dennis Detering, and Markus Dürmuth
2016
ACM Conference on Computer and Communications Security (CCS '16) — October, 2016 — Vienna, Austria (Acceptance: 16.5%)
On the Security of Cracking-Resistant Password Vaults
Maximilian Golla , Benedict Beuscher, and Markus Dürmuth
2015
International Conference on Passwords (PASSWORDS '15) — December, 2015 — Cambridge, United Kingdom
Analyzing 4 Million Real-World Personal Knowledge Questions
Maximilian Golla and Markus Dürmuth