Talks

Talks

Below are some recordings of talks I gave at various conferences and other videos.
Last update: August 2025

November 2024

No Coffee No Research: Sind Passkeys die neuen Passwörter?

No Coffee No Research:
Sind Passkeys die neuen Passwörter?

November 2024

Saar-Security 2024: Über Passwort-Manager und wie sie uns im Arbeitsalltag unterstützen können

Saar-Security 2024:
Über Passwort-Manager und wie sie uns im Arbeitsalltag unterstützen können

August 2024

USENIX Security 2024: Why Aren't We Using Passkeys? Obstacles Companies Face Deploying FIDO2 Passwordless Authentication

USENIX Security 2024:
Why Aren't We Using Passkeys? Obstacles Companies Face Deploying FIDO2 Passwordless Authentication

July 2024

PETS 2024: How Does Connecting Online Activities to Advertising Inferences Impact Privacy Perceptions?

PETS 2024:
How Does Connecting Online Activities to Advertising Inferences Impact Privacy Perceptions?

May 2024

ACM CHI 2024: Understanding Users' Interaction with Login Notifications

ACM CHI 2024:
Understanding Users' Interaction with Login Notifications

May 2024

ACM CHI 2024: A Comparative Long-Term Study of Fallback Authentication Schemes

ACM CHI 2024:
A Comparative Long-Term Study of Fallback Authentication Schemes

August 2023

USENIX Security 2023: A Two-Decade Retrospective Analysis of a University's Vulnerability to Attacks Exploiting Reused Passwords

USENIX Security 2023:
A Two-Decade Retrospective Analysis of a University's Vulnerability to Attacks Exploiting Reused Passwords

May 2023

PasswordsCon 2023: How Administrators Configure Risk-based Authentication

PasswordsCon 2023:
How Administrators Configure Risk-based Authentication

February 2023

Guest Lecture - University of Denver: From Magic Links to Passkeys: The Future of Passwordless Authentication on the Web

Guest Lecture - University of Denver:
From Magic Links to Passkeys: The Future of Passwordless Authentication on the Web

August 2022

SOUPS 2022: How Administrators Configure Risk-based Authentication

SOUPS 2022:
How Administrators Configure Risk-based Authentication

July 2022

PETS 2022: A Privacy and Security Analysis of Mobile Child Care Applications

PETS 2022:
A Privacy and Security Analysis of Mobile Child Care Applications

December 2021

CANS 2021: Towards Quantum Large Scale Password Guessing on Real World Distributions

CANS 2021:
Towards Quantum Large Scale Password Guessing on Real World Distributions

November 2021

PasswordsCon 2021: Mitigating Misconceptions About Biometric WebAuthn

PasswordsCon 2021:
Mitigating Misconceptions About Biometric WebAuthn

August 2021

USENIX Security 2021: Evaluating User Perceptions and Reactions to Google's My Activity

USENIX Security 2021:
Evaluating User Perceptions and Reactions to Google's My Activity

August 2021

USENIX Security 2021: Optimizing Two-Factor Authentication Notification Design Patterns

USENIX Security 2021:
Optimizing Two-Factor Authentication Notification Design Patterns

August 2021

USENIX Security 2021: Mitigating Misconceptions About Biometric WebAuthn

USENIX Security 2021:
Mitigating Misconceptions About Biometric WebAuthn

December 2020

Remote Chaos Experience 2020: Alexa, Who Else Is Listening?

Remote Chaos Experience 2020:
Alexa, Who Else Is Listening?

November 2020

PasswordsCon 2020: Everything You Always Wanted to Know About PINs

PasswordsCon 2020:
Everything You Always Wanted to Know About PINs

June 2020

STRG_F: Alexa, Siri & Co. Are Secretly Listening

STRG_F:
Alexa, Siri & Co. Are Secretly Listening

May 2020

IEEE SP 2020: This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs

IEEE SP 2020:
This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs

December 2019

PasswordsCon 2019: Reasoning Analytically About Password-Cracking Software

PasswordsCon 2019:
Reasoning Analytically About Password-Cracking Software

May 2019

IEEE SP 2019: Reasoning Analytically About Password-Cracking Software

IEEE SP 2019:
Reasoning Analytically About Password-Cracking Software

October 2018

ACM CCS 2018: On the Accuracy of Password Strength Meters

ACM CCS 2018:
On the Accuracy of Password Strength Meters

October 2018

ACM CCS 2018: Designing Password-Reuse Notifications

ACM CCS 2018:
Designing Password-Reuse Notifications

August 2018

USENIX Security 2018: Rethinking Access Control and Authentication for the Home Internet of Things

USENIX Security 2018:
Rethinking Access Control and Authentication for the Home Internet of Things

February 2017

ISOC NDSS 2017: Towards Implicit Visual Memory-Based Authentication

ISOC NDSS 2017:
Towards Implicit Visual Memory-Based Authentication

October 2016

ACM CCS 2016: On the Security of Cracking-Resistant Password Vaults

ACM CCS 2016:
On the Security of Cracking-Resistant Password Vaults

December 2015

PasswordsCon 2015: Analyzing 4 Million Real-World Personal Knowledge Questions

PasswordsCon 2015:
Analyzing 4 Million Real-World Personal Knowledge Questions

December 2015

PasswordsCon 2015: A Framework for Comparing Password Guessing Strategies

PasswordsCon 2015:
A Framework for Comparing Password Guessing Strategies