Peer-Reviewed Publications
Below, you can find a list of selected papers and posters.
Last update: December 2024
2024
USENIX Security Symposium (SSYM '24) — August, 2024 — Philadelphia, Pennsylvania, USA (Acceptance: 18.3%)
33 Why Aren't We Using Passkeys? Obstacles Companies Face Deploying FIDO2 Passwordless Authentication
Leona Lassak, Elleen Pan, Blase Ur, and Maximilian Golla
Privacy Enhancing Technologies Symposium (PETS '24) — July, 2024 — Bristol, United Kingdom (Acceptance: 17.0%)
32 How Does Connecting Online Activities to Advertising Inferences Impact Privacy Perceptions?
Florian M. Farke, David G. Balash, Maximilian Golla , and Adam J. Aviv
ACM Conference on Human Factors in Computing Systems (CHI '24) — May, 2024 — Honolulu, Hawaii, USA (Acceptance: 26.3%)
31 Understanding Users' Interaction with Login Notifications
Philipp Markert, Leona Lassak, Maximilian Golla , and Markus Dürmuth
ACM Conference on Human Factors in Computing Systems (CHI '24) — May, 2024 — Honolulu, Hawaii, USA (Acceptance: 26.3%) ( Honorable Mention)
30 A Comparative Long-Term Study of Fallback Authentication Schemes
Leona Lassak, Philipp Markert, Maximilian Golla , Elizabeth Stobert, Markus Dürmuth
2023
USENIX Security Symposium (SSYM '23) — August, 2023 — Anaheim, California, USA (Acceptance: 29.0%) ( Distinguished Paper Award)
29 A Two-Decade Retrospective Analysis of a University's Vulnerability to Attacks Exploiting Reused Passwords
Alexandra Nisenoff, Maximilian Golla , Miranda Wei, Juliette Hainline, Hayley Szymanek, Annika Braun, Annika Hildebrandt, Blair Christensen, David Langenberg, and Blase Ur
USENIX ;login: — July, 2023 — Science Magazine
28 Measuring the Risk Password Reuse Poses for a University
Alexandra Nisenoff, Maximilian Golla , and Blase Ur
2022
USENIX Symposium on Usable Privacy and Security (SOUPS '22) — August, 2022 — Boston, Massachusetts, USA
27 "As soon as it's a risk, I want to require MFA": How Administrators Configure Risk-based Authentication
Philipp Markert, Theodor Schnitzler, Maximilian Golla , and Markus Dürmuth
USENIX Symposium on Usable Privacy and Security (SOUPS '22) — August, 2022 — Boston, Massachusetts, USA
26 POSTER: "It's Stored, Hopefully, on an Encrypted Server": Mitigating Users' Misconceptions About FIDO2 Biometric WebAuthn
Leona Lassak, Annika Hildebrandt, Maximilian Golla , and Blase Ur
Privacy Enhancing Technologies Symposium (PETS '22) — July, 2022 — Sydney, Australia (Acceptance: 21.0%)
25 "We may share the number of diaper changes": A Privacy and Security Analysis of Mobile Child Care Applications
Moritz Gruber, Christian Höfig, Maximilian Golla , Tobias Urban, and Matteo Große-Kampmann
Elsevier Computer Speech & Language — Special Issue on Voice Privacy — Journal Publication
24 Exploring Accidental Triggers of Smart Speakers
Lea Schönherr, Maximilian Golla , Thorsten Eisenhofer, Jan Wiele, Dorothea Kolossa, and Thorsten Holz
2021
International Conference on Cryptology and Network Security (CANS '21) — December, 2021 — Vienna, Austria
23 Towards Quantum Large-Scale Password Guessing on Real-World Distributions
Markus Dürmuth, Maximilian Golla , Philipp Markert, Lars Schlieper, and Alexander May
ACM Transactions on Privacy and Security (TOPS '21) — November, 2021 — Journal Publication
22 On the Security of Smartphone Unlock PINs
Philipp Markert, Daniel V. Bailey, Maximilian Golla , Markus Dürmuth, and Adam J. Aviv
USENIX Security Symposium (SSYM '21) — August, 2021 — Virtual Conference (Acceptance: 18.7%)
21 "It's Stored, Hopefully, on an Encrypted Server": Mitigating Users' Misconceptions About FIDO2 Biometric WebAuthn
Leona Lassak, Annika Hildebrandt, Maximilian Golla , and Blase Ur
USENIX Security Symposium (SSYM '21) — August, 2021 — Virtual Conference (Acceptance: 18.7%)
20 Are Privacy Dashboards Good for End Users? Evaluating User Perceptions and Reactions to Google's My Activity
Florian M. Farke, David G. Balash, Maximilian Golla , Markus Dürmuth, and Adam J. Aviv
USENIX Security Symposium (SSYM '21) — August, 2021 — Virtual Conference (Acceptance: 18.7%)
19 Driving 2FA Adoption at Scale: Optimizing Two-Factor Authentication Notification Design Patterns
Maximilian Golla , Grant Ho, Marika Lohmus, Monica Pulluri, and Elissa M. Redmiles
2020
IEEE Symposium on Security and Privacy (SP '20) — May, 2020 — San Francisco, California, USA (Acceptance: 12.3%)
18 This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs
Philipp Markert, Daniel V. Bailey, Maximilian Golla , Markus Dürmuth, and Adam J. Aviv
2019
USENIX Symposium on Usable Privacy and Security (SOUPS '19) — August, 2019 — Santa Clara, California, USA ( Distinguished Poster Award)
17 POSTER: "What was that site doing with my Facebook password?" Designing Password-Reuse Notifications
Miranda Wei, Maximilian Golla , Juliette Hainline, Lydia Filipe, Markus Dürmuth, Elissa Redmiles, and Blase Ur
PhD Thesis — Ruhr University Bochum (RUB) — May, 2019 — Bochum, Germany ( Distinguished Thesis Award)
16 On the Usability and Security of Password-Based User Authentication
Maximilian Golla
IEEE Symposium on Security and Privacy (SP '19) — May, 2019 — San Francisco, California, USA (Acceptance: 11.7%)
15 Reasoning Analytically About Password-Cracking Software
Enze Liu, Amanda Nakanishi, Maximilian Golla , David Cash, Blase Ur
ISOC Workshop on Usable Security (USEC '19) — February, 2019 — San Diego, California, USA
14 Work in Progress: A Comparative Long-Term Study of Fallback Authentication
Philipp Markert, Maximilian Golla , Elizabeth Stobert, and Markus Dürmuth
ISOC Workshop on Usable Security (USEC '19) — February, 2019 — San Diego, California, USA
13 Work in Progress: On the In-Accuracy and Influence of Android Pattern Strength Meters
Maximilian Golla , Jan Rimkus, Adam J. Aviv, and Markus Dürmuth
2018
ACM Conference on Computer and Communications Security (CCS '18) — October, 2018 — Toronto, Canada (Acceptance: 16.6%)
12 "What was that site doing with my Facebook password?" Designing Password-Reuse Notifications
Maximilian Golla , Miranda Wei, Juliette Hainline, Lydia Filipe, Markus Dürmuth, Elissa Redmiles, and Blase Ur
ACM Conference on Computer and Communications Security (CCS '18) — October, 2018 — Toronto, Canada (Acceptance: 16.6%)
11 On the Accuracy of Password Strength Meters
Maximilian Golla and Markus Dürmuth
USENIX Security Symposium (SSYM '18) — August, 2018 — Baltimore, Maryland, USA (Acceptance: 19.1%)
10 Rethinking Access Control and Authentication for the Home Internet of Things (IoT)
Weijia He, Maximilian Golla , Roshni Padhi, Jordan Ofek, Markus Dürmuth, Earlence Fernandes, and Blase Ur
Who Are You?! Adventures in Authentication Workshop (WAY '18) — August, 2018 — Baltimore, Maryland, USA
9 "Will Any Password Do?" Exploring Rate-Limiting on the Web
Maximilian Golla , Theodor Schnitzler, and Markus Dürmuth
Who Are You?! Adventures in Authentication Workshop (WAY '18) — August, 2018 — Baltimore, Maryland, USA
8 Bars, Badges, and High Scores: On the Impact of Password Strength Visualizations
Maximilian Golla , Björn Hahn, Karsten Meyer zu Selhausen, Henry Hosseini, and Markus Dürmuth
Who Are You?! Adventures in Authentication Workshop (WAY '18) — August, 2018 — Baltimore, Maryland, USA
7 The Password Doesn't Fall Far: How Service Influences Password Choice
Miranda Wei, Maximilian Golla , and Blase Ur
2017
Who Are You?! Adventures in Authentication Workshop (WAY '17) — July, 2017 — Santa Clara, California, USA
6 "I want my money back!" Limiting Online Password-Guessing Financially
Maximilian Golla , Daniel V. Bailey, and Markus Dürmuth
USENIX Symposium on Usable Privacy and Security (SOUPS '17) — July, 2017 — Santa Clara, California, USA
5 POSTER: Towards Implicit Visual Memory-Based Authentication
Claude Castelluccia, Markus Dürmuth, Maximilian Golla , and Fatma Deniz
ISOC Network and Distributed System Security Symposium (NDSS '17) — February, 2017 — San Diego, California, USA (Acceptance: 16.1%)
4 Towards Implicit Visual Memory-Based Authentication
Claude Castelluccia, Markus Dürmuth, Maximilian Golla , and Fatma Deniz
ISOC Workshop on Usable Security (USEC '17) — February, 2017 — San Diego, California, USA
3 EmojiAuth: Quantifying the Security of Emoji-based Authentication
Maximilian Golla , Dennis Detering, and Markus Dürmuth
2016
ACM Conference on Computer and Communications Security (CCS '16) — October, 2016 — Vienna, Austria (Acceptance: 16.5%)
2 On the Security of Cracking-Resistant Password Vaults
Maximilian Golla , Benedict Beuscher, and Markus Dürmuth
2015
International Conference on Passwords (PASSWORDS '15) — December, 2015 — Cambridge, United Kingdom
1 Analyzing 4 Million Real-World Personal Knowledge Questions
Maximilian Golla and Markus Dürmuth