About
I’m a postdoctoral researcher in the field of Cyber Security. My current research spans areas of Authentication and Usability, and Privacy. Among other things, I am researching how to improve the security of passwords without reducing usability. My work was featured in Schneier on Security, The Daily Swig, t-online.de, GIGA.de, Heise, Golem.de, Kölner Stadtanzeiger, and other media outlets.
Besides that, I already contributed my expertise in Usable Security & Privacy to the industry (e.g., Meta, Telenor). I also work as a Senior Expert DevSecOps at Vodafone.
I also co-wrote the book Programmieren trainieren (Exercise programming) which was released in the Hanser Verlag.
Research Interests
- Risk-Based Authentication
- Usable Security and Privacy
- Cyber Security Education
- Mobile Authentication
- Usable Passwords
- Privacy Dashboards
- Developer-Centered Security
- Human-Computer-Interaction (HCI)
Awards
Top Talent FY23/24, Accelerated Talent FY24/25
Granted by: Vodafone
Granted by: Vodafone
Open Data Impact Award 2022
Granted by: Stifterverband für die Deutsche Wissenschaft e.V.
Granted by: Stifterverband für die Deutsche Wissenschaft e.V.
Best ACSAC Video Production 2020
Granted by: Annual Computer Security Applications Conference (ACSAC)
Granted by: Annual Computer Security Applications Conference (ACSAC)
RISE Germany Scholarship 2019, 2020
Granted by: German Academic Exchange Service (DAAD)
Granted by: German Academic Exchange Service (DAAD)
Best Graduate of the Year 2018/2019, Master Media Technology
Granted by: TH Köln - University of Applied Sciences
Granted by: TH Köln - University of Applied Sciences
Education
Computer Science (Dr.-Ing.)
Ruhr University Bochum, Horst Görtz Institute for IT Security (2018 - 2023)
Reviewed by Markus Dürmuth, Martina Angela Sasse, and Luigi Lo Iacono
Thesis Defense Slides
Ruhr University Bochum, Horst Görtz Institute for IT Security (2018 - 2023)
Reviewed by Markus Dürmuth, Martina Angela Sasse, and Luigi Lo Iacono
Thesis Defense Slides
Certified Information Systems Security Professional (CISSP)
International Information System Security Certification Consortium (2024)
International Information System Security Certification Consortium (2024)
Media Technology (M. Sc.)
TH Köln - University of Applied Sciences (2015 - 2018)
TH Köln - University of Applied Sciences (2015 - 2018)
Media Technology (B. Eng.)
Cologne University of Applied Sciences (2011 - 2015)
Cologne University of Applied Sciences (2011 - 2015)
Selected Publications
A Privacy Measure Turned Upside Down? Investigating the Use of HTTP Client Hints on the Web (2024)
Stephan Wiefling, Marian Hönscheid and Luigi Lo Iacono. ARES ’24. ACM.
@inproceedings{article_ares2024_wiefling,
author = {Wiefling, Stephan and Hönscheid, Marian and {Lo Iacono}, Luigi},
title = {A {Privacy Measure Turned Upside Down? Investigating the Use of HTTP Client Hints on the Web}},
booktitle = {19th {International} {Conference} on {Availability}, {Reliability} and {Security}},
series = {A{RES} '24},
location = {Vienna, Austria},
doi = {10.1145/3664476.3664478},
publisher = {ACM},
month = aug,
year = {2024},
} Is It Really You Who Forgot the Password? When Account Recovery Meets Risk-Based Authentication (2024)
Andre Büttner, Andreas Thue Pedersen, Stephan Wiefling, Nils Gruschka and Luigi Lo Iacono. UbiSec ’23. Springer.
PDF Website
@inproceedings{article_ubisec2023_buettner,
author = {Büttner, Andre and Pedersen, Andreas Thue and Wiefling, Stephan and Gruschka, Nils and {Lo Iacono}, Luigi},
title = {Is {It Really You Who Forgot the Password? When Account Recovery Meets Risk-Based Authentication}},
booktitle = {Ubi{Sec} '23},
location = {Exeter, United Kingdom},
doi = {10.1007/978-981-97-1274-8_26},
publisher = {Springer},
month = mar,
year = {2024},
} Risk-Based Authentication for OpenStack: A Fully Functional Implementation and Guiding Example (2023)
Vincent Unsel, Stephan Wiefling, Nils Gruschka and Luigi Lo Iacono. CODASPY ’23. ACM.
@inproceedings{article_codaspy2023_unsel,
title = {Risk-{Based Authentication for OpenStack: A Fully Functional Implementation and Guiding Example}},
author = {Unsel, Vincent and Wiefling, Stephan and Gruschka, Nils and {Lo Iacono}, Luigi},
booktitle = {13th {ACM Conference on Data and Application Security and Privacy}},
year = {2023},
series = {C{ODASPY} '23},
location = {Charlotte, NC, USA},
publisher = {ACM},
doi = {10.1145/3577923.3583634},
month = apr,
year = {2023}
} Data Protection Officers’ Perspectives on Privacy Challenges in Digital Ecosystems (2023)
Stephan Wiefling, Jan Tolsdorf and Luigi Lo Iacono. SPOSE ’22. Springer.
PDF PDF [Publisher]
@inproceedings{article_spose2022_wiefling,
author = {Wiefling, Stephan and Tolsdorf, Jan and Lo Iacono, Luigi},
title = {Data {Protection} {Officers}' {Perspectives} on {Privacy} {Challenges} in {Digital} {Ecosystems}},
booktitle = {4th {Workshop} on {Security}, {Privacy}, {Organizations}, and {Systems} {Engineering}},
series = {SPOSE '22},
location = {Copenhagen, Denmark},
doi = {10.1007/978-3-031-25460-4_13},
publisher = {Springer},
year = {2023}
} Pump Up Password Security! Evaluating and Enhancing Risk-Based Authentication on a Real-World Large-Scale Online Service (2023)
Stephan Wiefling, Paul René Jørgensen, Sigurd Thunem and Luigi Lo Iacono. ACM TOPS. ACM.
@article{article_tops2023_wiefling,
author = {Wiefling, Stephan and Jørgensen, Paul René and Thunem, Sigurd and {Lo Iacono}, Luigi},
title = {Pump {Up} {Password} {Security}! {Evaluating} and {Enhancing} {Risk}-{Based} {Authentication} on a {Real}-{World} {Large}-{Scale} {Online} {Service}},
journal = { {ACM} {Transactions} on {Privacy} and {Security}},
doi = {10.1145/3546069},
publisher = {ACM},
volume = {26},
number = {1},
articleno = {6},
issn = {2471-2566},
month = {feb},
year = {2023}
} Privacy Considerations for Risk-Based Authentication Systems (2021)
Stephan Wiefling, Jan Tolsdorf and Luigi Lo Iacono. IWPE ’21. IEEE.
@inproceedings{article_iwpe2021_wiefling,
author = {Wiefling, Stephan and Tolsdorf, Jan and Lo Iacono, Luigi},
title = {Privacy {Considerations} for {Risk}-{Based} {Authentication} {Systems}},
booktitle = {2021 {International} {Workshop} on {Privacy} {Engineering}},
series = {IWPE '21},
location = {Vienna, Austria},
doi = {10.1109/EuroSPW54576.2021.00040},
pages = {320--327},
publisher = {IEEE},
month = sep,
year = {2021}
} "I just looked for the solution!" - On Integrating Security-Relevant Information in Non-Security API Documentation to Support Secure Coding Practices (2021)
Peter Leo Gorski, Sebastian Möller, Stephan Wiefling and Luigi Lo Iacono. IEEE TSE. IEEE.
@article{journals_tse2021_gorski,
author = {Gorski, Peter Leo and Möller, Sebastian and Wiefling, Stephan and Lo Iacono, Luigi},
journal = {IEEE Transactions on Software Engineering},
title = {"I just looked for the solution!" - On Integrating Security-Relevant Information in Non-Security API Documentation to Support Secure Coding Practices},
year = {2021},
publisher = {IEEE},
doi = {10.1109/TSE.2021.3094171}
} Verify It’s You: How Users Perceive Risk-based Authentication (2021)
Stephan Wiefling, Markus Dürmuth and Luigi Lo Iacono. IEEE Security & Privacy. IEEE.
@article{journals_spm2021_wiefling,
title = {Verify {It}'s {You}: {How} {Users} {Perceive} {Risk}-based {Authentication}},
journal = {IEEE Security & Privacy},
author = {Wiefling, Stephan and Dürmuth, Markus and Lo Iacono, Luigi},
month = nov,
volume = {19},
number = {6},
pages = {47--57},
year = {2021},
publisher = {IEEE},
doi = {10.1109/MSEC.2021.3077954}
} What’s in Score for Website Users: A Data-Driven Long-Term Study on Risk-Based Authentication Characteristics (2021)
Stephan Wiefling, Markus Dürmuth and Luigi Lo Iacono. FC ’21. Springer.
@inproceedings{article_fc2021_wiefling,
author = {Wiefling, Stephan and D\"{u}rmuth, Markus and Lo Iacono, Luigi},
title = {What’s in {Score} for {Website} {Users}: {A} {Data}-{Driven} {Long}-{Term} {Study} on {Risk}-{Based} {Authentication} {Characteristics}},
booktitle = {25th {International} {Conference} on {Financial} {Cryptography} and {Data} {Security} ({FC} '21)},
pages = {361--381},
location = {Grenada},
month = mar,
year = {2021}
publisher = {Springer},
doi = {10.1007/978-3-662-64331-0_19}
} More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication (2020)
Stephan Wiefling, Markus Dürmuth and Luigi Lo Iacono. ACSAC ’20. ACM.
@inproceedings{article_acsac2020_wiefling,
title = {More {Than} {Just} {Good} {Passwords}? A {Study} on {Usability} and {Security} {Perceptions} of {Risk-based} {Authentication}},
booktitle = {36th {Annual} {Computer} {Security} {Applications} {Conference} ({ACSAC} '20)},
author = {Wiefling, Stephan and D\"{u}rmuth, Markus and Lo Iacono, Luigi},
publisher = {ACM},
location = {Austin, USA},
month = dec,
year = {2020},
doi = {10.1145/3427228.3427243},
pages = {203--218},
isbn = {978-1-4503-8858-0/20/12},
} Evaluation of Risk-based Re-Authentication Methods (2020)
Stephan Wiefling, Tanvi Patil, Markus Dürmuth and Luigi Lo Iacono. IFIP SEC ’20. Springer.
@inproceedings{article_ifipsec2020_wiefling,
title = { {Evaluation} of {Risk-based} {Re}-{Authentication} {Methods}},
booktitle = {35th {IFIP} {TC}-11 {International} {Conference} on {Information} {Security} and {Privacy} {Protection} ({IFIP} {SEC} 2020)},
series = { {IFIP} {Advances} in {Information} and {Communication} {Technology}},
author = {Wiefling, Stephan and Patil, Tanvi and D\"{u}rmuth, Markus and Lo Iacono, Luigi },
publisher = {Springer International Publishing},
location = {Maribor, Slovenia},
volume = {580},
pages = {280--294},
isbn = {978-3-030-58200-5},
doi = {10.1007/978-3-030-58201-2_19},
month = sep,
year = {2020},
} Even Turing Should Sometimes Not Be Able To Tell: Mimicking Humanoid Usage Behavior for Exploratory Studies of Online Services (2019)
Stephan Wiefling, Nils Gruschka and Luigi Lo Iacono. NordSec ’19. Springer Nature.
@inproceedings{article_nordsec2019_wiefling,
title = {Even {Turing} {Should} {Sometimes} {Not} {Be} {Able} {To} {Tell}: {Mimicking} {Humanoid} {Usage} {Behavior} for {Exploratory} {Studies} of {Online} {Services}},
booktitle = {24th {Nordic} {Conference} on {Secure} {IT} {Systems} ({NordSec} 2019)},
series = { {Lecture} {Notes} in {Computer} {Science}},
author = {Wiefling, Stephan and Gruschka, Nils and Lo Iacono, Luigi},
volume = {11875},
pages = {188--203},
isbn = {978-3-030-35055-0},
doi = {10.1007/978-3-030-35055-0_12},
publisher = {Springer Nature},
location = {Aalborg, Denmark},
month = nov,
year = {2019}
} Is This Really You? An Empirical Study on Risk-Based Authentication Applied in the Wild (2019)
Stephan Wiefling, Luigi Lo Iacono and Markus Dürmuth. IFIP SEC ’19. Springer.
@inproceedings{article_ifipsec2019_wiefling,
title = {Is {This} {Really} {You}? {An} {Empirical} {Study} on {Risk}-{Based} {Authentication} {Applied} in the {Wild}},
booktitle = {34th {IFIP} {TC}-11 {International} {Conference} on {Information} {Security} and {Privacy} {Protection} ({IFIP} {SEC} 2019)},
series = { {IFIP} {Advances} in {Information} and {Communication} {Technology}},
author = {Wiefling, Stephan and Lo Iacono, Luigi and D\"{u}rmuth, Markus},
volume = {562},
pages = {134--148},
isbn = {978-3-030-22311-3},
doi = {10.1007/978-3-030-22312-0_10},
publisher = {Springer International Publishing},
location = {Lisbon, Portugal},
month = jun,
year = {2019}
}