Publications


Is It Really You Who Forgot the Password? When Account Recovery Meets Risk-Based Authentication ()
and UbiSec ’23. Springer.
PDF Website
@inproceedings{article_ubisec2023_buettner,
  author = {Büttner, Andre and Pedersen, Andreas Thue and Wiefling, Stephan and Gruschka, Nils and {Lo Iacono}, Luigi},
  title  = {Is {It Really You Who Forgot the Password? When Account Recovery Meets Risk-Based Authentication}},
  booktitle = {Ubi{Sec} '23},
  location = {Exeter, United Kingdom},
  doi = {10.1007/978-981-97-1274-8_26},
  publisher = {Springer},
  month = mar,
  year   = {2024},
}

Programmieren trainieren - Mit über 150 Workouts in Java und Python (3. Auflage) [Exercise programming - With over 150 workouts in Java and Python (3rd Edition)] ()
and Carl Hanser Verlag.
PDF [Preview] Website
@book{book_hanser2023_LoIacono,
  title = {Programmieren trainieren - Mit über 150 Workouts in Java und Python (3. Auflage)},
  author = {Lo Iacono, Luigi and Wiefling, Stephan and Schneider, Michael},
  year = {2023},
  publisher = {Carl Hanser Verlag GmbH & Co. KG},
  url = {https://www.hanser-fachbuch.de/fachbuch/artikel/9783446477667},
}

Achieving Usable Security and Privacy Through Human-Centered Design ()
and Human Factors in Privacy Research. Springer.
PDF
@incollection{chapter_groen_achieving_2023,
  title = {Achieving {Usable} {Security} and {Privacy} {Through} {Human}-{Centered} {Design}},
  isbn = {978-3-031-28643-8},
  url = {https://doi.org/10.1007/978-3-031-28643-8_5},
  booktitle = {Human {Factors} in {Privacy} {Research}},
  publisher = {Springer},
  author = {Groen, Eduard C. and Feth, Denis and Polst, Svenja and Tolsdorf, Jan and Wiefling, Stephan and Lo Iacono, Luigi and Schmitt, Hartmut},
  editor = {Gerber, Nina and Stöver, Alina and Marky, Karola},
  year = {2023},
  doi = {10.1007/978-3-031-28643-8_5},
  pages = {83--113},
}

Risk-Based Authentication for OpenStack: A Fully Functional Implementation and Guiding Example ()
and CODASPY ’23. ACM.
PDF
@inproceedings{inproceedings_codaspy2023_unsel,
  title = {Risk-{Based Authentication for OpenStack: A Fully Functional Implementation and Guiding Example}},
  author = {Unsel, Vincent and Wiefling, Stephan and Gruschka, Nils and {Lo Iacono}, Luigi},
  booktitle = {13th {ACM Conference on Data and Application Security and Privacy}},
  year = {2023},
  series = {C{ODASPY} '23},
  location = {Charlotte, NC, USA},
  publisher = {ACM},
  doi = {10.1145/3577923.35836},
  month = apr,
  year = {2023}
}

Data Protection Officers’ Perspectives on Privacy Challenges in Digital Ecosystems ()
and SPOSE ’22. Springer.
PDF PDF [Publisher]
@inproceedings{article_spose2022_wiefling,
  author = {Wiefling, Stephan and Tolsdorf, Jan and Lo Iacono, Luigi},
  title = {Data {Protection} {Officers}' {Perspectives} on {Privacy} {Challenges9 in {Digital} {Ecosystems}},
  booktitle = {4th {Workshop} on {Security}, {Privacy}, {Organizations}, and {Systems} {Engineering}},
  series = {SPOSE '22},
  location = {Copenhagen, Denmark},
  doi = {10.1007/978-3-031-25460-4_13},
  publisher = {Springer},
  year = {2023}
}

Pump Up Password Security! Evaluating and Enhancing Risk-Based Authentication on a Real-World Large-Scale Online Service ()
and ACM TOPS. ACM.
PDF
@article{article_tops2023_wiefling,
  author = {Wiefling, Stephan and Jørgensen, Paul René and Thunem, Sigurd and {Lo Iacono}, Luigi},
  title  = {Pump {Up} {Password} {Security}! {Evaluating} and {Enhancing} {Risk}-{Based} {Authentication} on a {Real}-{World} {Large}-{Scale} {Online} {Service}},
  journal = { {ACM} {Transactions} on {Privacy} and {Security}},
  doi = {10.1145/3546069},
  publisher = {ACM},
  volume = {26},
  number = {1},
  articleno = {6},
  issn = {2471-2566},
  month = {feb},
  year   = {2023}
}

Privacy Considerations for Risk-Based Authentication Systems ()
and IWPE ’21. IEEE.
PDF
@inproceedings{article_iwpe2021_wiefling,
  author = {Wiefling, Stephan and Tolsdorf, Jan and Lo Iacono, Luigi},
  title = {Privacy {Considerations} for {Risk}-{Based} {Authentication} {Systems}},
  booktitle = {2021 {International} {Workshop} on {Privacy} {Engineering}},
  series = {IWPE '21},
  location = {Vienna, Austria},
  doi = {10.1109/EuroSPW54576.2021.00040},
  pages = {320--327},
  publisher = {IEEE},
  month = sep,
  year = {2021}
}

"I just looked for the solution!" - On Integrating Security-Relevant Information in Non-Security API Documentation to Support Secure Coding Practices ()
and IEEE TSE. IEEE.
PDF
@article{journals_tse2021_gorski,
  author = {Gorski, Peter Leo and Möller, Sebastian and Wiefling, Stephan and Lo Iacono, Luigi},
  journal = {IEEE Transactions on Software Engineering},
  title = {"I just looked for the solution!" - On Integrating Security-Relevant Information in Non-Security API Documentation to Support Secure Coding Practices},
  year = {2021},
  publisher = {IEEE},
  doi = {10.1109/TSE.2021.3094171}
}

Verify It’s You: How Users Perceive Risk-based Authentication ()
and IEEE Security & Privacy. IEEE.
PDF
@article{journals_spm2021_wiefling,
  title = {Verify {It}'s {You}: {How} {Users} {Perceive} {Risk}-based {Authentication}},
  journal = {IEEE Security & Privacy},
  author = {Wiefling, Stephan and Dürmuth, Markus and Lo Iacono, Luigi},
  month = nov,
  volume = {19},
  number = {6},
  pages = {47--57},
  year = {2021},
  publisher = {IEEE},
  doi = {10.1109/MSEC.2021.3077954}
}

Evaluation of Account Recovery Strategies with FIDO2-based Passwordless Authentication ()
and OID ’21. Gesellschaft für Informatik e.V..
PDF Talk
@inproceedings{kunke_evaluation_2021,
  title = { {Evaluation} of {Account} {Recovery} {Strategies} with {FIDO2}-based {Passwordless} {Authentication}},
  author = {Kunke, Johannes and Wiefling, Stephan and Ullmann, Markus and Lo Iacono, Luigi},
  year = {2021},
  booktitle = { {Open} {Identity} {Summit} 2021 (OID '21)},
  series = {Lecture {Notes} in {Informatics} ({LNI})},
  publisher = {Gesellschaft für Informatik e.V.}
}

What’s in Score for Website Users: A Data-Driven Long-Term Study on Risk-Based Authentication Characteristics ()
and FC ’21. Springer.
PDF
@inproceedings{article_fc2021_wiefling,
  author = {Wiefling, Stephan and D\"{u}rmuth, Markus and Lo Iacono, Luigi},
  title = {What’s in {Score} for {Website} {Users}: {A} {Data}-{Driven} {Long}-{Term} {Study} on {Risk}-{Based} {Authentication} {Characteristics}},
  booktitle = {25th {International} {Conference} on {Financial} {Cryptography} and {Data} {Security} ({FC} '21)},
  pages = {361--381},
  location = {Grenada},
  month = mar,
  year = {2021}
  publisher = {Springer},
  doi = {10.1007/978-3-662-64331-0_19}
}

More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication ()
and ACSAC ’20. ACM.
PDF
@inproceedings{article_acsac2020_wiefling,
  title = {More {Than} {Just} {Good} {Passwords}? A {Study} on {Usability} and {Security} {Perceptions} of {Risk-based} {Authentication}},
  booktitle = {36th {Annual} {Computer} {Security} {Applications} {Conference} ({ACSAC} '20)},
  author = {Wiefling, Stephan and D\"{u}rmuth, Markus and Lo Iacono, Luigi},
  publisher = {ACM},
  location = {Austin, USA},
  month = dec,
  year = {2020},
  doi = {10.1145/3427228.3427243},
  pages = {203--218},
  isbn = {978-1-4503-8858-0/20/12},
}

Evaluation of Risk-based Re-Authentication Methods ()
and IFIP SEC ’20. Springer.
PDF
@inproceedings{article_ifipsec2020_wiefling,
  title = { {Evaluation} of {Risk-based} {Re}-{Authentication} {Methods}},
  booktitle = {35th {IFIP} {TC}-11 {International} {Conference} on {Information} {Security} and {Privacy} {Protection} ({IFIP} {SEC} 2020)},
  series = { {IFIP} {Advances} in {Information} and {Communication} {Technology}},
  author = {Wiefling, Stephan and Patil, Tanvi and D\"{u}rmuth, Markus and Lo Iacono, Luigi },
  publisher = {Springer International Publishing},
  location = {Maribor, Slovenia},
  volume = {580},
  pages = {280--294},
  isbn = {978-3-030-58200-5},
  doi = {10.1007/978-3-030-58201-2_19},
  month = sep,
  year = {2020},
}

Usability, Sicherheit und Privatsphäre von risikobasierter Authentifizierung [Usability, Security, and Privacy of Risk-based Authentication] ()
Sicherheit 2020. Gesellschaft für Informatik e.V..
PDF
@inproceedings{wiefling_usability_2020,
  title = {Usability, {Sicherheit} und {Privatsphäre} von risikobasierter {Authentifizierung}},
  language = {de},
  booktitle = {Sicherheit 2020},
  series = {Lecture {Notes} in {Informatics} ({LNI})},
  author = {Wiefling, Stephan},
  pages = {129--134},
  doi = {10.18420/sicherheit2020_12},
  publisher = {Gesellschaft für Informatik e.V.},
  address = {Bonn},
  month = mar,
  year = {2020}
}

Programmieren trainieren - Mit über 130 Workouts in Java und Python (2. Auflage) [Exercise programming - With over 130 workouts in Java and Python (2nd Edition)] ()
and Carl Hanser Verlag.
PDF [Preview] Website
@book{book_hanser2020_LoIacono,
  title = {Programmieren trainieren - Mit über 130 Workouts in Java und Python (2. Auflage)},
  author = {Lo Iacono, Luigi and Wiefling, Stephan and Schneider, Michael},
  year = {2020},
  publisher = {Carl Hanser Verlag GmbH & Co. KG},
  url = {https://www.hanser-fachbuch.de/buch/Programmieren+trainieren/9783446459113}
}

Even Turing Should Sometimes Not Be Able To Tell: Mimicking Humanoid Usage Behavior for Exploratory Studies of Online Services ()
and NordSec ’19. Springer Nature.
PDF
@inproceedings{article_nordsec2019_wiefling,
  title = {Even {Turing} {Should} {Sometimes} {Not} {Be} {Able} {To} {Tell}: {Mimicking} {Humanoid} {Usage} {Behavior} for {Exploratory} {Studies} of {Online} {Services}},
  booktitle = {24th {Nordic} {Conference} on {Secure} {IT} {Systems} ({NordSec} 2019)},
  series = { {Lecture} {Notes} in {Computer} {Science}},
  author = {Wiefling, Stephan and Gruschka, Nils and Lo Iacono, Luigi},
  volume = {11875},
  pages = {188--203},
  isbn = {978-3-030-35055-0},
  doi = {10.1007/978-3-030-35055-0_12},
  publisher = {Springer Nature},
  location = {Aalborg, Denmark},
  month = nov,
  year = {2019}
}

Is This Really You? An Empirical Study on Risk-Based Authentication Applied in the Wild ()
and IFIP SEC ’19. Springer.
PDF
@inproceedings{article_ifipsec2019_wiefling,
  title = {Is {This} {Really} {You}? {An} {Empirical} {Study} on {Risk}-{Based} {Authentication} {Applied} in the {Wild}},
  booktitle = {34th {IFIP} {TC}-11 {International} {Conference} on {Information} {Security} and {Privacy} {Protection} ({IFIP} {SEC} 2019)},
  series = { {IFIP} {Advances} in {Information} and {Communication} {Technology}},
  author = {Wiefling, Stephan and Lo Iacono, Luigi and D\"{u}rmuth, Markus},
  volume = {562},
  pages = {134--148},
  isbn = {978-3-030-22311-3},
  doi = {10.1007/978-3-030-22312-0_10},
  publisher = {Springer International Publishing},
  location = {Lisbon, Portugal},
  month = jun,
  year = {2019}
}

Warn if Secure or How to Deal with Security by Default in Software Development? ()
and HAISA ’18.
PDF
@inproceedings{article_haisa2018_gorski,
  author = {Gorski, {Peter Leo} and {Lo Iacono}, Luigi and Wiefling, Stephan and M{\"o}ller, Sebastian},
  title = {Warn if Secure or How to Deal with Security by Default in Software Development?},
  booktitle = {12th International Symposium on Human Aspects of Information Security and Assurance (HAISA 2018)},
  year = {2018},
  isbn = {978-0-244-40254-9},
  url = {https://www.cscan.org/?page=openaccess&eid=20&id=388}
}

Programmieren trainieren - Mit über 120 Workouts in Java und Python [Exercise programming - With over 120 workouts in Java and Python] ()
and Carl Hanser Verlag.
PDF [Preview] Website
@book{book_hanser2018_LoIacono,
  title = {Programmieren trainieren - Mit über 120 Workouts in Java und Python},
  author = {Lo Iacono, Luigi and Wiefling, Stephan and Schneider, Michael},
  year = {2018},
  publisher = {Carl Hanser Verlag GmbH & Co. KG},
  url = {http://www.hanser-fachbuch.de/buch/Programmieren+trainieren/9783446454866}
}

Anwendung der Blockchain außerhalb von Geldwährungen [Applying Blockchain outside of Crypto Currencies] ()
and Datenschutz und Datensicherheit.
PDF PDF [Publisher]
@article{journals_dud41.2_wiefling,
  author = {Wiefling, Stephan and Lo Iacono, Luigi and Sandbrink, Frederik},
  year = {2017},
  pages = {482-486},
  volume = {41},
  number = {8},
  doi = {10.1007/s11623-017-0816-x},
  journal = {DuD - Datenschutz und Datensicherheit},
  url = {https://doi.org/10.1007/s11623-017-0816-x},
}

Perceptual Aspects of Dynamic Binaural Synthesis based on measured Omnidirectional Room Impulse Responses ()
and International Conference on Spatial Audio (ICSA ’15).
PDF
@inprocedings{article_icsa2015_poerschmann,
  author = {Christoph Pörschmann and Stephan Wiefling},
  year = {2015},
  booktitle = {International Conference on Spatial Audio - ICSA 2015},
  title = {Perceptual Aspects of Dynamic Binaural Synthesis based on measured Omnidirectional Room Impulse Responses},
  url = {https://www.tonmeister.de/index.php?p=veranstaltungen/icsa2015/program/abstracts&abstr_id=4}
}

Dynamische Binauralsynthese auf Basis gemessener einkanaliger Raumimpulsantworten ()
and German Annual Conference on Acoustics (DAGA ’15).
PDF
@inprocedings{article_daga2015_poerschmann,
  author = {Christoph Pörschmann and Stephan Wiefling},
  year = {2015},
  booktitle = {German Annual Conference on Acoustics (DAGA)},
  title = {Dynamische Binauralsynthese auf Basis gemessener einkanaliger Raumimpulsantworten},
}