[firstname] (a) swiefling.de | |
@swiefling@hci.social | |
Stephan Wiefling | |
Stephan Wiefling |
About
I’m a postdoctoral researcher in the field of Cyber Security. My current research spans areas of Authentication and Usability, and Privacy. Among other things, I am researching how to improve the security of passwords without reducing usability. My work was featured in Schneier on Security, The Daily Swig, t-online.de, GIGA.de, Heise, Golem.de, Kölner Stadtanzeiger, and other media outlets.
Besides that, I already contributed my expertise in Usable Security & Privacy to the industry (e.g., Meta, Telenor). I also work as a senior software engineer at Vodafone.
I also co-wrote the book Programmieren trainieren (Exercise programming) which was released in the Hanser Verlag.
Research Interests
- Risk-Based Authentication
- Usable Security and Privacy
- Mobile Authentication
- Usable Passwords
- Privacy Dashboards
- Developer-Centered Security
- Human-Computer-Interaction (HCI)
Awards
Open Data Impact Award 2022
Granted by: Stifterverband für die Deutsche Wissenschaft e.V.
Granted by: Stifterverband für die Deutsche Wissenschaft e.V.
Best ACSAC Video Production 2020
Granted by: Annual Computer Security Applications Conference (ACSAC)
Granted by: Annual Computer Security Applications Conference (ACSAC)
RISE Germany Scholarship 2019, 2020
Granted by: German Academic Exchange Service (DAAD)
Granted by: German Academic Exchange Service (DAAD)
Best Graduate of the Year 2018/2019, Master Media Technology
Granted by: TH Köln - University of Applied Sciences
Granted by: TH Köln - University of Applied Sciences
Education
Computer Science (Dr.-Ing.)
Ruhr University Bochum, Horst Görtz Institute for IT Security (2018 - 2023)
Reviewed by Markus Dürmuth, Martina Angela Sasse, and Luigi Lo Iacono
Thesis Defense Slides
Ruhr University Bochum, Horst Görtz Institute for IT Security (2018 - 2023)
Reviewed by Markus Dürmuth, Martina Angela Sasse, and Luigi Lo Iacono
Thesis Defense Slides
Media Technology (M. Sc.)
TH Köln - University of Applied Sciences (2015 - 2018)
TH Köln - University of Applied Sciences (2015 - 2018)
Media Technology (B. Eng.)
Cologne University of Applied Sciences (2011 - 2015)
Cologne University of Applied Sciences (2011 - 2015)
Selected Publications
A Privacy Measure Turned Upside Down? Investigating the Use of HTTP Client Hints on the Web (2024)
Stephan Wiefling, Marian Hönscheid and Luigi Lo Iacono. ARES ’24. ACM.
@inproceedings{article_ares2024_wiefling, author = {Wiefling, Stephan and Hönscheid, Marian and {Lo Iacono}, Luigi}, title = {A {Privacy Measure Turned Upside Down? Investigating the Use of HTTP Client Hints on the Web}}, booktitle = {19th {International} {Conference} on {Availability}, {Reliability} and {Security}}, series = {A{RES} '24}, location = {Vienna, Austria}, doi = {10.1145/3664476.3664478}, publisher = {ACM}, month = aug, year = {2024}, }
Is It Really You Who Forgot the Password? When Account Recovery Meets Risk-Based Authentication (2024)
Andre Büttner, Andreas Thue Pedersen, Stephan Wiefling, Nils Gruschka and Luigi Lo Iacono. UbiSec ’23. Springer.
PDF Website
@inproceedings{article_ubisec2023_buettner, author = {Büttner, Andre and Pedersen, Andreas Thue and Wiefling, Stephan and Gruschka, Nils and {Lo Iacono}, Luigi}, title = {Is {It Really You Who Forgot the Password? When Account Recovery Meets Risk-Based Authentication}}, booktitle = {Ubi{Sec} '23}, location = {Exeter, United Kingdom}, doi = {10.1007/978-981-97-1274-8_26}, publisher = {Springer}, month = mar, year = {2024}, }
Risk-Based Authentication for OpenStack: A Fully Functional Implementation and Guiding Example (2023)
Vincent Unsel, Stephan Wiefling, Nils Gruschka and Luigi Lo Iacono. CODASPY ’23. ACM.
@inproceedings{article_codaspy2023_unsel, title = {Risk-{Based Authentication for OpenStack: A Fully Functional Implementation and Guiding Example}}, author = {Unsel, Vincent and Wiefling, Stephan and Gruschka, Nils and {Lo Iacono}, Luigi}, booktitle = {13th {ACM Conference on Data and Application Security and Privacy}}, year = {2023}, series = {C{ODASPY} '23}, location = {Charlotte, NC, USA}, publisher = {ACM}, doi = {10.1145/3577923.3583634}, month = apr, year = {2023} }
Data Protection Officers’ Perspectives on Privacy Challenges in Digital Ecosystems (2023)
Stephan Wiefling, Jan Tolsdorf and Luigi Lo Iacono. SPOSE ’22. Springer.
PDF PDF [Publisher]
@inproceedings{article_spose2022_wiefling, author = {Wiefling, Stephan and Tolsdorf, Jan and Lo Iacono, Luigi}, title = {Data {Protection} {Officers}' {Perspectives} on {Privacy} {Challenges} in {Digital} {Ecosystems}}, booktitle = {4th {Workshop} on {Security}, {Privacy}, {Organizations}, and {Systems} {Engineering}}, series = {SPOSE '22}, location = {Copenhagen, Denmark}, doi = {10.1007/978-3-031-25460-4_13}, publisher = {Springer}, year = {2023} }
Pump Up Password Security! Evaluating and Enhancing Risk-Based Authentication on a Real-World Large-Scale Online Service (2023)
Stephan Wiefling, Paul René Jørgensen, Sigurd Thunem and Luigi Lo Iacono. ACM TOPS. ACM.
@article{article_tops2023_wiefling, author = {Wiefling, Stephan and Jørgensen, Paul René and Thunem, Sigurd and {Lo Iacono}, Luigi}, title = {Pump {Up} {Password} {Security}! {Evaluating} and {Enhancing} {Risk}-{Based} {Authentication} on a {Real}-{World} {Large}-{Scale} {Online} {Service}}, journal = { {ACM} {Transactions} on {Privacy} and {Security}}, doi = {10.1145/3546069}, publisher = {ACM}, volume = {26}, number = {1}, articleno = {6}, issn = {2471-2566}, month = {feb}, year = {2023} }
Privacy Considerations for Risk-Based Authentication Systems (2021)
Stephan Wiefling, Jan Tolsdorf and Luigi Lo Iacono. IWPE ’21. IEEE.
@inproceedings{article_iwpe2021_wiefling, author = {Wiefling, Stephan and Tolsdorf, Jan and Lo Iacono, Luigi}, title = {Privacy {Considerations} for {Risk}-{Based} {Authentication} {Systems}}, booktitle = {2021 {International} {Workshop} on {Privacy} {Engineering}}, series = {IWPE '21}, location = {Vienna, Austria}, doi = {10.1109/EuroSPW54576.2021.00040}, pages = {320--327}, publisher = {IEEE}, month = sep, year = {2021} }
"I just looked for the solution!" - On Integrating Security-Relevant Information in Non-Security API Documentation to Support Secure Coding Practices (2021)
Peter Leo Gorski, Sebastian Möller, Stephan Wiefling and Luigi Lo Iacono. IEEE TSE. IEEE.
@article{journals_tse2021_gorski, author = {Gorski, Peter Leo and Möller, Sebastian and Wiefling, Stephan and Lo Iacono, Luigi}, journal = {IEEE Transactions on Software Engineering}, title = {"I just looked for the solution!" - On Integrating Security-Relevant Information in Non-Security API Documentation to Support Secure Coding Practices}, year = {2021}, publisher = {IEEE}, doi = {10.1109/TSE.2021.3094171} }
Verify It’s You: How Users Perceive Risk-based Authentication (2021)
Stephan Wiefling, Markus Dürmuth and Luigi Lo Iacono. IEEE Security & Privacy. IEEE.
@article{journals_spm2021_wiefling, title = {Verify {It}'s {You}: {How} {Users} {Perceive} {Risk}-based {Authentication}}, journal = {IEEE Security & Privacy}, author = {Wiefling, Stephan and Dürmuth, Markus and Lo Iacono, Luigi}, month = nov, volume = {19}, number = {6}, pages = {47--57}, year = {2021}, publisher = {IEEE}, doi = {10.1109/MSEC.2021.3077954} }
What’s in Score for Website Users: A Data-Driven Long-Term Study on Risk-Based Authentication Characteristics (2021)
Stephan Wiefling, Markus Dürmuth and Luigi Lo Iacono. FC ’21. Springer.
@inproceedings{article_fc2021_wiefling, author = {Wiefling, Stephan and D\"{u}rmuth, Markus and Lo Iacono, Luigi}, title = {What’s in {Score} for {Website} {Users}: {A} {Data}-{Driven} {Long}-{Term} {Study} on {Risk}-{Based} {Authentication} {Characteristics}}, booktitle = {25th {International} {Conference} on {Financial} {Cryptography} and {Data} {Security} ({FC} '21)}, pages = {361--381}, location = {Grenada}, month = mar, year = {2021} publisher = {Springer}, doi = {10.1007/978-3-662-64331-0_19} }
More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication (2020)
Stephan Wiefling, Markus Dürmuth and Luigi Lo Iacono. ACSAC ’20. ACM.
@inproceedings{article_acsac2020_wiefling, title = {More {Than} {Just} {Good} {Passwords}? A {Study} on {Usability} and {Security} {Perceptions} of {Risk-based} {Authentication}}, booktitle = {36th {Annual} {Computer} {Security} {Applications} {Conference} ({ACSAC} '20)}, author = {Wiefling, Stephan and D\"{u}rmuth, Markus and Lo Iacono, Luigi}, publisher = {ACM}, location = {Austin, USA}, month = dec, year = {2020}, doi = {10.1145/3427228.3427243}, pages = {203--218}, isbn = {978-1-4503-8858-0/20/12}, }
Evaluation of Risk-based Re-Authentication Methods (2020)
Stephan Wiefling, Tanvi Patil, Markus Dürmuth and Luigi Lo Iacono. IFIP SEC ’20. Springer.
@inproceedings{article_ifipsec2020_wiefling, title = { {Evaluation} of {Risk-based} {Re}-{Authentication} {Methods}}, booktitle = {35th {IFIP} {TC}-11 {International} {Conference} on {Information} {Security} and {Privacy} {Protection} ({IFIP} {SEC} 2020)}, series = { {IFIP} {Advances} in {Information} and {Communication} {Technology}}, author = {Wiefling, Stephan and Patil, Tanvi and D\"{u}rmuth, Markus and Lo Iacono, Luigi }, publisher = {Springer International Publishing}, location = {Maribor, Slovenia}, volume = {580}, pages = {280--294}, isbn = {978-3-030-58200-5}, doi = {10.1007/978-3-030-58201-2_19}, month = sep, year = {2020}, }
Even Turing Should Sometimes Not Be Able To Tell: Mimicking Humanoid Usage Behavior for Exploratory Studies of Online Services (2019)
Stephan Wiefling, Nils Gruschka and Luigi Lo Iacono. NordSec ’19. Springer Nature.
@inproceedings{article_nordsec2019_wiefling, title = {Even {Turing} {Should} {Sometimes} {Not} {Be} {Able} {To} {Tell}: {Mimicking} {Humanoid} {Usage} {Behavior} for {Exploratory} {Studies} of {Online} {Services}}, booktitle = {24th {Nordic} {Conference} on {Secure} {IT} {Systems} ({NordSec} 2019)}, series = { {Lecture} {Notes} in {Computer} {Science}}, author = {Wiefling, Stephan and Gruschka, Nils and Lo Iacono, Luigi}, volume = {11875}, pages = {188--203}, isbn = {978-3-030-35055-0}, doi = {10.1007/978-3-030-35055-0_12}, publisher = {Springer Nature}, location = {Aalborg, Denmark}, month = nov, year = {2019} }
Is This Really You? An Empirical Study on Risk-Based Authentication Applied in the Wild (2019)
Stephan Wiefling, Luigi Lo Iacono and Markus Dürmuth. IFIP SEC ’19. Springer.
@inproceedings{article_ifipsec2019_wiefling, title = {Is {This} {Really} {You}? {An} {Empirical} {Study} on {Risk}-{Based} {Authentication} {Applied} in the {Wild}}, booktitle = {34th {IFIP} {TC}-11 {International} {Conference} on {Information} {Security} and {Privacy} {Protection} ({IFIP} {SEC} 2019)}, series = { {IFIP} {Advances} in {Information} and {Communication} {Technology}}, author = {Wiefling, Stephan and Lo Iacono, Luigi and D\"{u}rmuth, Markus}, volume = {562}, pages = {134--148}, isbn = {978-3-030-22311-3}, doi = {10.1007/978-3-030-22312-0_10}, publisher = {Springer International Publishing}, location = {Lisbon, Portugal}, month = jun, year = {2019} }