Below, you can find a list of selected papers and posters.
Last update: April 2024
2024
USENIX Security Symposium (SSYM '24) — August, 2024 — Philadelphia, Pennsylvania, USA (Acceptance: TBA)
33 Why Aren't We Using Passkeys? Obstacles Companies Face Deploying FIDO2 Passwordless AuthenticationLeona Lassak, Elleen Pan, Blase Ur, and Maximilian Golla
Privacy Enhancing Technologies Symposium (PETS '24) — July, 2024 — Bristol, United Kingdom (Acceptance: 17.0%)
32 How Does Connecting Online Activities to Advertising Inferences Impact Privacy Perceptions?Florian M. Farke, David G. Balash, Maximilian Golla , and Adam J. Aviv
ACM Conference on Human Factors in Computing Systems (CHI '24) — May, 2024 — Honolulu, Hawaii, USA (Acceptance: 26.3%)
31 Understanding Users' Interaction with Login NotificationsPhilipp Markert, Leona Lassak, Maximilian Golla , and Markus Dürmuth
ACM Conference on Human Factors in Computing Systems (CHI '24) — May, 2024 — Honolulu, Hawaii, USA (Acceptance: 26.3%)
30 A Comparative Long-Term Study of Fallback Authentication SchemesLeona Lassak, Philipp Markert, Maximilian Golla , Elizabeth Stobert, Markus Dürmuth
2023
USENIX Security Symposium (SSYM '23) — August, 2023 — Anaheim, California, USA (Acceptance: 29.0%) (
29 A Two-Decade Retrospective Analysis of a University's Vulnerability to Attacks Exploiting Reused PasswordsAlexandra Nisenoff, Maximilian Golla , Miranda Wei, Juliette Hainline, Hayley Szymanek, Annika Braun, Annika Hildebrandt, Blair Christensen, David Langenberg, and Blase Ur
USENIX ;login: — July, 2023 — Science Magazine 28 Measuring the Risk Password Reuse Poses for a UniversityAlexandra Nisenoff, Maximilian Golla , and Blase Ur
2022
USENIX Symposium on Usable Privacy and Security (SOUPS '22) — August, 2022 — Boston, Massachusetts, USA 27 "As soon as it's a risk, I want to require MFA": How Administrators Configure Risk-based AuthenticationPhilipp Markert, Theodor Schnitzler, Maximilian Golla , and Markus Dürmuth
USENIX Symposium on Usable Privacy and Security (SOUPS '22) — August, 2022 — Boston, Massachusetts, USA 26 POSTER: "It's Stored, Hopefully, on an Encrypted Server": Mitigating Users' Misconceptions About FIDO2 Biometric WebAuthnLeona Lassak, Annika Hildebrandt, Maximilian Golla , and Blase Ur
Privacy Enhancing Technologies Symposium (PETS '22) — July, 2022 — Sydney, Australia (Acceptance: 21.0%)
25 "We may share the number of diaper changes": A Privacy and Security Analysis of Mobile Child Care ApplicationsMoritz Gruber, Christian Höfig, Maximilian Golla , Tobias Urban, and Matteo Große-Kampmann
Elsevier Computer Speech & Language — Special Issue on Voice Privacy — Journal Publication 24 Exploring Accidental Triggers of Smart SpeakersLea Schönherr, Maximilian Golla , Thorsten Eisenhofer, Jan Wiele, Dorothea Kolossa, and Thorsten Holz
2021
International Conference on Cryptology and Network Security (CANS '21) — December, 2021 — Vienna, Austria 23 Towards Quantum Large-Scale Password Guessing on Real-World DistributionsMarkus Dürmuth, Maximilian Golla , Philipp Markert, Lars Schlieper, and Alexander May
ACM Transactions on Privacy and Security (TOPS '21) — November, 2021 — Journal Publication 22 On the Security of Smartphone Unlock PINsPhilipp Markert, Daniel V. Bailey, Maximilian Golla , Markus Dürmuth, and Adam J. Aviv
USENIX Security Symposium (SSYM '21) — August, 2021 — Virtual Conference (Acceptance: 18.7%)
21 "It's Stored, Hopefully, on an Encrypted Server": Mitigating Users' Misconceptions About FIDO2 Biometric WebAuthnLeona Lassak, Annika Hildebrandt, Maximilian Golla , and Blase Ur
USENIX Security Symposium (SSYM '21) — August, 2021 — Virtual Conference (Acceptance: 18.7%)
20 Are Privacy Dashboards Good for End Users? Evaluating User Perceptions and Reactions to Google's My ActivityFlorian M. Farke, David G. Balash, Maximilian Golla , Markus Dürmuth, and Adam J. Aviv
USENIX Security Symposium (SSYM '21) — August, 2021 — Virtual Conference (Acceptance: 18.7%)
19 Driving 2FA Adoption at Scale: Optimizing Two-Factor Authentication Notification Design PatternsMaximilian Golla , Grant Ho, Marika Lohmus, Monica Pulluri, and Elissa M. Redmiles
2020
IEEE Symposium on Security and Privacy (SP '20) — May, 2020 — San Francisco, California, USA (Acceptance: 12.3%)
18 This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINsPhilipp Markert, Daniel V. Bailey, Maximilian Golla , Markus Dürmuth, and Adam J. Aviv
2019
USENIX Symposium on Usable Privacy and Security (SOUPS '19) — August, 2019 — Santa Clara, California, USA (
17 POSTER: "What was that site doing with my Facebook password?" Designing Password-Reuse NotificationsMiranda Wei, Maximilian Golla , Juliette Hainline, Lydia Filipe, Markus Dürmuth, Elissa Redmiles, and Blase Ur
PhD Thesis — Ruhr University Bochum (RUB) — May, 2019 — Bochum, Germany (
16 On the Usability and Security of Password-Based User AuthenticationMaximilian Golla
IEEE Symposium on Security and Privacy (SP '19) — May, 2019 — San Francisco, California, USA (Acceptance: 11.7%)
15 Reasoning Analytically About Password-Cracking SoftwareEnze Liu, Amanda Nakanishi, Maximilian Golla , David Cash, Blase Ur
ISOC Workshop on Usable Security (USEC '19) — February, 2019 — San Diego, California, USA 14 Work in Progress: A Comparative Long-Term Study of Fallback AuthenticationPhilipp Markert, Maximilian Golla , Elizabeth Stobert, and Markus Dürmuth
ISOC Workshop on Usable Security (USEC '19) — February, 2019 — San Diego, California, USA 13 Work in Progress: On the In-Accuracy and Influence of Android Pattern Strength MetersMaximilian Golla , Jan Rimkus, Adam J. Aviv, and Markus Dürmuth
2018
ACM Conference on Computer and Communications Security (CCS '18) — October, 2018 — Toronto, Canada (Acceptance: 16.6%)
12 "What was that site doing with my Facebook password?" Designing Password-Reuse NotificationsMaximilian Golla , Miranda Wei, Juliette Hainline, Lydia Filipe, Markus Dürmuth, Elissa Redmiles, and Blase Ur
ACM Conference on Computer and Communications Security (CCS '18) — October, 2018 — Toronto, Canada (Acceptance: 16.6%)
11 On the Accuracy of Password Strength MetersMaximilian Golla and Markus Dürmuth
USENIX Security Symposium (SSYM '18) — August, 2018 — Baltimore, Maryland, USA (Acceptance: 19.1%)
10 Rethinking Access Control and Authentication for the Home Internet of Things (IoT)Weijia He, Maximilian Golla , Roshni Padhi, Jordan Ofek, Markus Dürmuth, Earlence Fernandes, and Blase Ur
Who Are You?! Adventures in Authentication Workshop (WAY '18) — August, 2018 — Baltimore, Maryland, USA 9 "Will Any Password Do?" Exploring Rate-Limiting on the WebMaximilian Golla , Theodor Schnitzler, and Markus Dürmuth
Who Are You?! Adventures in Authentication Workshop (WAY '18) — August, 2018 — Baltimore, Maryland, USA 8 Bars, Badges, and High Scores: On the Impact of Password Strength VisualizationsMaximilian Golla , Björn Hahn, Karsten Meyer zu Selhausen, Henry Hosseini, and Markus Dürmuth
Who Are You?! Adventures in Authentication Workshop (WAY '18) — August, 2018 — Baltimore, Maryland, USA 7 The Password Doesn't Fall Far: How Service Influences Password ChoiceMiranda Wei, Maximilian Golla , and Blase Ur
2017
Who Are You?! Adventures in Authentication Workshop (WAY '17) — July, 2017 — Santa Clara, California, USA 6 "I want my money back!" Limiting Online Password-Guessing FinanciallyMaximilian Golla , Daniel V. Bailey, and Markus Dürmuth
USENIX Symposium on Usable Privacy and Security (SOUPS '17) — July, 2017 — Santa Clara, California, USA 5 POSTER: Towards Implicit Visual Memory-Based AuthenticationClaude Castelluccia, Markus Dürmuth, Maximilian Golla , and Fatma Deniz
ISOC Network and Distributed System Security Symposium (NDSS '17) — February, 2017 — San Diego, California, USA (Acceptance: 16.1%)
4 Towards Implicit Visual Memory-Based AuthenticationClaude Castelluccia, Markus Dürmuth, Maximilian Golla , and Fatma Deniz
ISOC Workshop on Usable Security (USEC '17) — February, 2017 — San Diego, California, USA 3 EmojiAuth: Quantifying the Security of Emoji-based AuthenticationMaximilian Golla , Dennis Detering, and Markus Dürmuth
2016
ACM Conference on Computer and Communications Security (CCS '16) — October, 2016 — Vienna, Austria (Acceptance: 16.5%)
2 On the Security of Cracking-Resistant Password VaultsMaximilian Golla , Benedict Beuscher, and Markus Dürmuth
2015
International Conference on Passwords (PASSWORDS '15) — December, 2015 — Cambridge, United Kingdom 1 Analyzing 4 Million Real-World Personal Knowledge QuestionsMaximilian Golla and Markus Dürmuth