Below you can find a list of selected papers and posters.
Last update: May 2023
Citation Profiles :
Google Scholar DBLP ORCID iD IEEE Xplore ACM DL ResearchGate
2023
Under Review "I Knew It Was Me": Understanding Users' Interaction with Login Notifications
Philipp Markert, Leona Lassak, Maximilian Golla , and Markus Dürmuth
USENIX Security Symposium (SSYM '23) — August, 2023 — Anaheim, California, USA A Two-Decade Retrospective Analysis of a University's Vulnerability to Attacks Exploiting Reused Passwords
Alexandra Nisenoff, Maximilian Golla , Miranda Wei, Juliette Hainline, Hayley Szymanek, Annika Braun, Annika Hildebrandt, Blair Christensen, David Langenberg, and Blase Ur
2022
USENIX Symposium on Usable Privacy and Security (SOUPS '22) — August, 2022 — Boston, Massachusetts, USA "As soon as it's a risk, I want to require MFA": How Administrators Configure Risk-based Authentication
Philipp Markert, Theodor Schnitzler, Maximilian Golla , and Markus Dürmuth
USENIX Symposium on Usable Privacy and Security (SOUPS '22) — August, 2022 — Boston, Massachusetts, USA POSTER: "It's Stored, Hopefully, on an Encrypted Server": Mitigating Users' Misconceptions About FIDO2 Biometric WebAuthn
Leona Lassak, Annika Hildebrandt, Maximilian Golla , and Blase Ur
Privacy Enhancing Technologies Symposium (PETS '22) — July, 2022 — Sydney, Australia (Acceptance: 21.0%)
"We may share the number of diaper changes": A Privacy and Security Analysis of Mobile Child Care Applications
Moritz Gruber, Christian Höfig, Maximilian Golla , Tobias Urban, and Matteo Große-Kampmann
Elsevier Computer Speech & Language — Special Issue on Voice Privacy — Journal Publication Exploring Accidental Triggers of Smart Speakers
Lea Schönherr, Maximilian Golla , Thorsten Eisenhofer, Jan Wiele, Dorothea Kolossa, and Thorsten Holz
2021
International Conference on Cryptology and Network Security (CANS '21) — December, 2021 — Vienna, Austria Towards Quantum Large-Scale Password Guessing on Real-World Distributions
Markus Dürmuth, Maximilian Golla , Philipp Markert, Lars Schlieper, and Alexander May
ACM Transactions on Privacy and Security (TOPS '21) — November, 2021 — Journal Publication On the Security of Smartphone Unlock PINs
Philipp Markert, Daniel V. Bailey, Maximilian Golla , Markus Dürmuth, and Adam J. Aviv
USENIX Security Symposium (SSYM '21) — August, 2021 — Virtual Conference (Acceptance: 18.7%)
"It's Stored, Hopefully, on an Encrypted Server": Mitigating Users' Misconceptions About FIDO2 Biometric WebAuthn
Leona Lassak, Annika Hildebrandt, Maximilian Golla , and Blase Ur
USENIX Security Symposium (SSYM '21) — August, 2021 — Virtual Conference (Acceptance: 18.7%)
Are Privacy Dashboards Good for End Users? Evaluating User Perceptions and Reactions to Google's My Activity
Florian M. Farke, David G. Balash, Maximilian Golla , Markus Dürmuth, and Adam J. Aviv
USENIX Security Symposium (SSYM '21) — August, 2021 — Virtual Conference (Acceptance: 18.7%)
Driving 2FA Adoption at Scale: Optimizing Two-Factor Authentication Notification Design Patterns
Maximilian Golla , Grant Ho, Marika Lohmus, Monica Pulluri, and Elissa M. Redmiles
2020
IEEE Symposium on Security and Privacy (SP '20) — May, 2020 — San Francisco, California, USA (Acceptance: 12.3%)
This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs
Philipp Markert, Daniel V. Bailey, Maximilian Golla , Markus Dürmuth, and Adam J. Aviv
2019
USENIX Symposium on Usable Privacy and Security (SOUPS '19) — August, 2019 — Santa Clara, California, USA (
POSTER: "What was that site doing with my Facebook password?" Designing Password-Reuse Notifications
Miranda Wei, Maximilian Golla , Juliette Hainline, Lydia Filipe, Markus Dürmuth, Elissa Redmiles, and Blase Ur
PhD Thesis — Ruhr University Bochum (RUB) — May, 2019 — Bochum, Germany (
On the Usability and Security of Password-Based User Authentication
Maximilian Golla
IEEE Symposium on Security and Privacy (SP '19) — May, 2019 — San Francisco, California, USA (Acceptance: 11.7%)
Reasoning Analytically About Password-Cracking Software
Enze Liu, Amanda Nakanishi, Maximilian Golla , David Cash, Blase Ur
ISOC Workshop on Usable Security (USEC '19) — February, 2019 — San Diego, California, USA Work in Progress: A Comparative Long-Term Study of Fallback Authentication
Philipp Markert, Maximilian Golla , Elizabeth Stobert, and Markus Dürmuth
ISOC Workshop on Usable Security (USEC '19) — February, 2019 — San Diego, California, USA Work in Progress: On the In-Accuracy and Influence of Android Pattern Strength Meters
Maximilian Golla , Jan Rimkus, Adam J. Aviv, and Markus Dürmuth
2018
ACM Conference on Computer and Communications Security (CCS '18) — October, 2018 — Toronto, Canada (Acceptance: 16.6%)
"What was that site doing with my Facebook password?" Designing Password-Reuse Notifications
Maximilian Golla , Miranda Wei, Juliette Hainline, Lydia Filipe, Markus Dürmuth, Elissa Redmiles, and Blase Ur
ACM Conference on Computer and Communications Security (CCS '18) — October, 2018 — Toronto, Canada (Acceptance: 16.6%)
On the Accuracy of Password Strength Meters
Maximilian Golla and Markus Dürmuth
USENIX Security Symposium (SSYM '18) — August, 2018 — Baltimore, Maryland, USA (Acceptance: 19.1%)
Rethinking Access Control and Authentication for the Home Internet of Things (IoT)
Weijia He, Maximilian Golla , Roshni Padhi, Jordan Ofek, Markus Dürmuth, Earlence Fernandes, and Blase Ur
Who Are You?! Adventures in Authentication Workshop (WAY '18) — August, 2018 — Baltimore, Maryland, USA "Will Any Password Do?" Exploring Rate-Limiting on the Web
Maximilian Golla , Theodor Schnitzler, and Markus Dürmuth
Who Are You?! Adventures in Authentication Workshop (WAY '18) — August, 2018 — Baltimore, Maryland, USA Bars, Badges, and High Scores: On the Impact of Password Strength Visualizations
Maximilian Golla , Björn Hahn, Karsten Meyer zu Selhausen, Henry Hosseini, and Markus Dürmuth
Who Are You?! Adventures in Authentication Workshop (WAY '18) — August, 2018 — Baltimore, Maryland, USA The Password Doesn't Fall Far: How Service Influences Password Choice
Miranda Wei, Maximilian Golla , and Blase Ur
2017
Who Are You?! Adventures in Authentication Workshop (WAY '17) — July, 2017 — Santa Clara, California, USA "I want my money back!" Limiting Online Password-Guessing Financially
Maximilian Golla , Daniel V. Bailey, and Markus Dürmuth
USENIX Symposium on Usable Privacy and Security (SOUPS '17) — July, 2017 — Santa Clara, California, USA POSTER: Towards Implicit Visual Memory-Based Authentication
Claude Castelluccia, Markus Dürmuth, Maximilian Golla , and Fatma Deniz
ISOC Network and Distributed System Security Symposium (NDSS '17) — February, 2017 — San Diego, California, USA (Acceptance: 16.1%)
Towards Implicit Visual Memory-Based Authentication
Claude Castelluccia, Markus Dürmuth, Maximilian Golla , and Fatma Deniz
ISOC Workshop on Usable Security (USEC '17) — February, 2017 — San Diego, California, USA EmojiAuth: Quantifying the Security of Emoji-based Authentication
Maximilian Golla , Dennis Detering, and Markus Dürmuth
2016
ACM Conference on Computer and Communications Security (CCS '16) — October, 2016 — Vienna, Austria (Acceptance: 16.5%)
On the Security of Cracking-Resistant Password Vaults
Maximilian Golla , Benedict Beuscher, and Markus Dürmuth
2015
International Conference on Passwords (PASSWORDS '15) — December, 2015 — Cambridge, United Kingdom Analyzing 4 Million Real-World Personal Knowledge Questions
Maximilian Golla and Markus Dürmuth