About

I’m a PhD student in IT Security (Data- and Application Security Group, TH Köln) supervised by Luigi Lo Iacono and Markus Dürmuth. My current research spans areas of Authentication and Usability. Among other things, I am researching how to improve the security of passwords without reducing usability.

I also co-wrote the book “Programmieren trainieren” (Exercise programming) which was released in the Hanser Verlag.

Research interests

  • Risk-based Authentication
  • Usable Security
  • Mobile Authentication
  • Usable Passwords
  • Developer-Centered Security
  • Human-Computer-Interaction (HCI)

Awards

RISE Germany Scholarship 2019, 2020
Granted by: German Academic Exchange Service (DAAD)
Best Graduate of the Year 2018/2019, Master Media Technology
Granted by: TH Köln - University of Applied Sciences

Selected Publications


Evaluation of Risk-based Re-Authentication Methods ()
and 35th IFIP TC-11 International Conference on Information Security and Privacy Protection (IFIP SEC 2020). Springer International Publishing.
@inproceedings{article_ifipsec2020_wiefling,
	title = { {Evaluation} of {Risk-based} {Re}-{Authentication} {Methods}},
	booktitle = {35th {IFIP} {TC}-11 {International} {Conference} on {Information} {Security} and {Privacy} {Protection} ({IFIP} {SEC} 2020)},
	series = {\{IFIP} {Advances} in {Information} and {Communication} {Technology}},
	author = {Wiefling, Stephan and Patil, Tanvi and D\"{u}rmuth, Markus and Lo Iacono, Luigi },
	publisher = {Springer International Publishing},
	location = {Maribor, Slovenia},
	month = may,
	year = {2020},
	url = {https://sec2020.um.si/call-for-papers/accepted-papers/},
}

Programmieren trainieren - Mit über 130 Workouts in Java und Python (2. Auflage) [Exercise programming - With over 130 workouts in Java and Python (2nd Edition)] ()
and Carl Hanser Verlag GmbH & Co. KG.
Website
@book{book_hanser2020_LoIacono,
  title = {Programmieren trainieren - Mit über 130 Workouts in Java und Python (2. Auflage)},
  author = {Lo Iacono, Luigi and Wiefling, Stephan and Schneider, Michael},
  year = {2020},
  publisher = {Carl Hanser Verlag GmbH & Co. KG},
  url = {https://www.hanser-fachbuch.de/buch/Programmieren+trainieren/9783446459113}
}

Even Turing Should Sometimes Not Be Able To Tell: Mimicking Humanoid Usage Behavior for Exploratory Studies of Online Services ()
and 24th Nordic Conference on Secure IT Systems (NordSec 2019). Springer Nature.
PDF PDF [Publisher] Slides Website
@inproceedings{article_nordsec2019_wiefling,
  title = {Even {Turing} {Should} {Sometimes} {Not} {Be} {Able} {To} {Tell}: {Mimicking} {Humanoid} {Usage} {Behavior} for {Exploratory} {Studies} of {Online} {Services}},
  booktitle = {24th {Nordic} {Conference} on {Secure} {IT} {Systems} ({NordSec} 2019)},
  series = { {Lecture} {Notes} in {Computer} {Science}},
  author = {Wiefling, Stephan and Gruschka, Nils and Lo Iacono, Luigi},
  volume = {11875},
  pages = {188--203},
  isbn = {978-3-030-35055-0},
  doi = {10.1007/978-3-030-35055-0_12},
  publisher = {Springer Nature},
  location = {Aalborg, Denmark},
  month = nov,
  year = {2019}
}

Is This Really You? An Empirical Study on Risk-Based Authentication Applied in the Wild ()
and 34th IFIP TC-11 International Conference on Information Security and Privacy Protection (IFIP SEC 2019). Springer International Publishing.
PDF Slides Talk Website
@inproceedings{article_ifipsec2019_wiefling,
  title = {Is {This} {Really} {You}? {An} {Empirical} {Study} on {Risk}-{Based} {Authentication} {Applied} in the {Wild}},
  booktitle = {34th {IFIP} {TC}-11 {International} {Conference} on {Information} {Security} and {Privacy} {Protection} ({IFIP} {SEC} 2019)},
  series = { {IFIP} {Advances} in {Information} and {Communication} {Technology}},
  author = {Wiefling, Stephan and Lo Iacono, Luigi and D\"{u}rmuth, Markus},
  volume = {562},
  pages = {134--148},
  isbn = {978-3-030-22311-3},
  doi = {10.1007/978-3-030-22312-0_10},
  publisher = {Springer International Publishing},
  location = {Lisbon, Portugal},
  month = jun,
  year = {2019}
}

Warn if Secure or How to Deal with Security by Default in Software Development? ()
and 12th International Symposium on Human Aspects of Information Security and Assurance (HAISA 2018).
PDF
@inproceedings{article_haisa2018_gorski,
  author = {Gorski, {Peter Leo} and {Lo Iacono}, Luigi and Wiefling, Stephan and M{\"o}ller, Sebastian},
  title = {Warn if Secure or How to Deal with Security by Default in Software Development?},
  booktitle = {12th International Symposium on Human Aspects of Information Security and Assurance (HAISA 2018)},
  year = {2018},
  isbn = {978-0-244-40254-9},
  url = {https://www.cscan.org/?page=openaccess&eid=20&id=388}
}

Anwendung der Blockchain außerhalb von Geldwährungen [Applying Blockchain outside of Crypto Currencies] ()
and DuD - Datenschutz und Datensicherheit.
PDF PDF [Publisher]
@article{journals_dud41.2_wiefling,
  author = {Wiefling, Stephan and Lo Iacono, Luigi and Sandbrink, Frederik},
  year = {2017},
  pages = {482-486},
  volume = {41},
  number = {8},
  doi = {10.1007/s11623-017-0816-x},
  journal = {DuD - Datenschutz und Datensicherheit},
  url = {https://doi.org/10.1007/s11623-017-0816-x},
}