Blog
Making Science Accessible: My Research as Blog Posts
For many years, I’ve published scientific articles on various topics. And now, it’s time to make them more accessible for everyone. ...
A Privacy Measure Turned Upside Down? Investigating the Use of HTTP Client Hints on the Web
Abstract: HTTP client hints are a set of standardized HTTP request headers designed to modernize and potentially replace the traditional user agent string. While the user agent string exposes a......
Is It Really You Who Forgot the Password? When Account Recovery Meets Risk-Based Authentication
Abstract: Risk-based authentication (RBA) is used in online services to protect user accounts from unauthorized takeover. RBA commonly uses contextual features that indicate a suspicious login attempt when the characteristic......
Risk-Based Authentication for OpenStack: A Fully Functional Implementation and Guiding Example
Abstract: Online services have difficulties to replace passwords with more secure user authentication mechanisms, such as Two-Factor Authentication (2FA). This is partly due to the fact that users tend to......
Achieving Usable Security and Privacy Through Human-Centered Design
Scope and Motivation Numerous examples show that cybersecurity and data protection measures need to be designed in such a way that end users can interact safely with digital systems (e.g.,......
Data Protection Officers' Perspectives on Privacy Challenges in Digital Ecosystems
Abstract: Digital ecosystems are driving the digital transformation of business models. Meanwhile, the associated processing of personal data within these complex systems poses challenges to the protection of individual privacy.......
Pump Up Password Security! Evaluating and Enhancing Risk-Based Authentication on a Real-World Large-Scale Online Service
Abstract: Risk-based authentication (RBA) aims to protect users against attacks involving stolen passwords. RBA monitors features during login, and requests re-authentication when feature values widely differ from those previously observed.......
What's in Score for Website Users: A Data-Driven Long-Term Study on Risk-Based Authentication Characteristics
Abstract: Risk-based authentication (RBA) aims to strengthen password-based authentication rather than replacing it. RBA does this by monitoring and recording additional features during the login process. If feature values at......
Privacy Considerations for Risk-Based Authentication Systems
Abstract: Risk-based authentication (RBA) extends authentication mechanisms to make them more robust against account takeover attacks, such as those using stolen passwords. RBA is recommended by NIST and NCSC to......
"I just looked for the solution!" On Integrating Security-Relevant Information in Non-Security API Documentation to Support Secure Coding Practices
Abstract—Software developers build complex systems using plenty of third-party libraries. Documentation is key to understand and use the functionality provided via the libraries’ APIs. Therefore, functionality is the main focus......
Evaluation of Account Recovery Strategies with FIDO2-based Passwordless Authentication
Abstract: Threats to passwords are still very relevant due to attacks like phishing or credential stuffing. One way to solve this problem is to remove passwords completely. User studies on......
Verify It's You: How Users Perceive Risk-based Authentication
Abstract: Risk-based authentication (RBA) is an adaptive security measure to strengthen password-based authentication against account takeover attacks. Our study on 65 participants shows that users find RBA more usable than......
More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication
Abstract: Risk-based Authentication (RBA) is an adaptive security measure to strengthen password-based authentication. RBA monitors additional features during login, and when observed feature values differ significantly from previously seen ones,......
Evaluation of Risk-based Re-Authentication Methods
Abstract: Risk-based Authentication (RBA) is an adaptive security measure that improves the security of password-based authentication by protecting against credential stuffing, password guessing, or phishing attacks. RBA monitors extra features......
Even Turing Should Sometimes Not Be Able To Tell: Mimicking Humanoid Usage Behavior for Exploratory Studies of Online Services
Abstract: Online services such as social networks, online shops, and search engines deliver different content to users depending on their location, browsing history, or client device. Since these services have......
Is This Really You? An Empirical Study on Risk-Based Authentication Applied in the Wild
Abstract: Risk-based authentication (RBA) is an adaptive security measure to strengthen password-based authentication. RBA monitors additional implicit features during password entry such as device or geolocation information, and requests additional......
Warn if Secure or How to Deal with Security by Default in Software Development?
Abstract: Software development is a complex task. Merely focussing on functional requirements is not sufficient any more. Developers are responsible to take many non-functional requirements carefully into account. Security is......
Anwendung der Blockchain außerhalb von Geldwährungen
Zusammenfassung: Die Blockchain ist nicht nur im Bereich der Finanzwelt angekommen, auch andere Branchen versuchen sich an ihrer Anwendung. In diesem Artikel werden Konzepte und Modelle von Blockchain-Anwendungen außerhalb des......