Talks

Below are some recordings of talks I gave at various conferences and other videos.
Last update: January 2026
December 2025
PasswordsCon 2025: Measuring the Risk Password Reuse Poses for a University
PasswordsCon 2025:
Measuring the Risk Password Reuse Poses for a University
August 2025
Microsft Research: Understanding How Users Prepare for and React to Smartphone Theft
Microsft Research:
Understanding How Users Prepare for and React to Smartphone Theft
November 2024
No Coffee No Research: Sind Passkeys die neuen Passwörter?
No Coffee No Research:
Sind Passkeys die neuen Passwörter?

November 2024
Saar-Security 2024: Über Passwort-Manager und wie sie uns im Arbeitsalltag unterstützen können
Saar-Security 2024:
Über Passwort-Manager und wie sie uns im Arbeitsalltag unterstützen können
August 2024
USENIX Security 2024: Why Aren't We Using Passkeys? Obstacles Companies Face Deploying FIDO2 Passwordless Authentication
USENIX Security 2024:
Why Aren't We Using Passkeys? Obstacles Companies Face Deploying FIDO2 Passwordless Authentication
July 2024
PETS 2024: How Does Connecting Online Activities to Advertising Inferences Impact Privacy Perceptions?
PETS 2024:
How Does Connecting Online Activities to Advertising Inferences Impact Privacy Perceptions?

May 2024
ACM CHI 2024: Understanding Users' Interaction with Login Notifications
ACM CHI 2024:
Understanding Users' Interaction with Login Notifications
May 2024
ACM CHI 2024: A Comparative Long-Term Study of Fallback Authentication Schemes
ACM CHI 2024:
A Comparative Long-Term Study of Fallback Authentication Schemes
August 2023
USENIX Security 2023: A Two-Decade Retrospective Analysis of a University's Vulnerability to Attacks Exploiting Reused Passwords
USENIX Security 2023:
A Two-Decade Retrospective Analysis of a University's Vulnerability to Attacks Exploiting Reused Passwords

May 2023
PasswordsCon 2023: How Administrators Configure Risk-based Authentication
PasswordsCon 2023:
How Administrators Configure Risk-based Authentication
February 2023
Guest Lecture - University of Denver: From Magic Links to Passkeys: The Future of Passwordless Authentication on the Web
Guest Lecture - University of Denver:
From Magic Links to Passkeys: The Future of Passwordless Authentication on the Web
August 2022
SOUPS 2022: How Administrators Configure Risk-based Authentication
SOUPS 2022:
How Administrators Configure Risk-based Authentication

July 2022
PETS 2022: A Privacy and Security Analysis of Mobile Child Care Applications
PETS 2022:
A Privacy and Security Analysis of Mobile Child Care Applications
December 2021
CANS 2021: Towards Quantum Large Scale Password Guessing on Real World Distributions
CANS 2021:
Towards Quantum Large Scale Password Guessing on Real World Distributions
November 2021
PasswordsCon 2021: Mitigating Misconceptions About Biometric WebAuthn
PasswordsCon 2021:
Mitigating Misconceptions About Biometric WebAuthn

August 2021
USENIX Security 2021: Evaluating User Perceptions and Reactions to Google's My Activity
USENIX Security 2021:
Evaluating User Perceptions and Reactions to Google's My Activity
August 2021
USENIX Security 2021: Optimizing Two-Factor Authentication Notification Design Patterns
USENIX Security 2021:
Optimizing Two-Factor Authentication Notification Design Patterns
August 2021
USENIX Security 2021: Mitigating Misconceptions About Biometric WebAuthn
USENIX Security 2021:
Mitigating Misconceptions About Biometric WebAuthn

December 2020
Remote Chaos Experience 2020: Alexa, Who Else Is Listening?
Remote Chaos Experience 2020:
Alexa, Who Else Is Listening?
November 2020
PasswordsCon 2020: Everything You Always Wanted to Know About PINs
PasswordsCon 2020:
Everything You Always Wanted to Know About PINs
June 2020
STRG_F: Alexa, Siri & Co. Are Secretly Listening
STRG_F:
Alexa, Siri & Co. Are Secretly Listening

May 2020
IEEE SP 2020: This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs
IEEE SP 2020:
This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs
December 2019
PasswordsCon 2019: Reasoning Analytically About Password-Cracking Software
PasswordsCon 2019:
Reasoning Analytically About Password-Cracking Software
May 2019
IEEE SP 2019: Reasoning Analytically About Password-Cracking Software
IEEE SP 2019:
Reasoning Analytically About Password-Cracking Software

October 2018
ACM CCS 2018: On the Accuracy of Password Strength Meters
ACM CCS 2018:
On the Accuracy of Password Strength Meters
October 2018
ACM CCS 2018: Designing Password-Reuse Notifications
ACM CCS 2018:
Designing Password-Reuse Notifications
August 2018
USENIX Security 2018: Rethinking Access Control and Authentication for the Home Internet of Things
USENIX Security 2018:
Rethinking Access Control and Authentication for the Home Internet of Things

February 2017
ISOC NDSS 2017: Towards Implicit Visual Memory-Based Authentication
ISOC NDSS 2017:
Towards Implicit Visual Memory-Based Authentication
October 2016
ACM CCS 2016: On the Security of Cracking-Resistant Password Vaults
ACM CCS 2016:
On the Security of Cracking-Resistant Password Vaults
December 2015
PasswordsCon 2015: Analyzing 4 Million Real-World Personal Knowledge Questions
PasswordsCon 2015:
Analyzing 4 Million Real-World Personal Knowledge Questions

December 2015
PasswordsCon 2015: A Framework for Comparing Password Guessing Strategies
PasswordsCon 2015:
A Framework for Comparing Password Guessing Strategies