Behavioural Security Research Group
Behavioural Security Research Group
Home
Projects
Publications
Courses
For Students
Team
Publications
Type
Uncategorized
Conference paper
Journal article
Book section
Date
2023
2022
2021
2020
2019
2018
2017
2016
2015
2014
2013
2012
2023
SoK: I Have the (Developer) Power! Sample Size Estimation for Fishers Exact, Chi-Squared, McNemars, Wilcoxon Rank-Sum, Wilcoxon Signed-Rank and t-tests in Developer-Centered Usable Security
Anna-Marie Ortloff
,
Christian Tiefenau
,
Matthew Smith
In
Nineteenth Symposium on Usable Privacy and Security (SOUPS 2023)
PDF
Cite
URL
Evolution of Password Expiry in Companies: Measuring the Adoption of Recommendations by the German Federal Office for Information Security
Eva Gerlitz
,
Maximilian Häring
,
Matthew Smith
,
Christian Tiefenau
In
Nineteenth Symposium on Usable Privacy and Security (SOUPS 2023)
PDF
Cite
URL
Adventures in Recovery Land: Testing the Account Recovery of Popular Websites When the Second Factor is Lost
Eva Gerlitz
,
Maximilian Häring
,
Charlotte Theresa Mädler
,
Matthew Smith
,
Christian Tiefenau
In
Nineteenth Symposium on Usable Privacy and Security (SOUPS 2023)
PDF
Cite
URL
Attitudes towards Client-Side Scanning for CSAM, Terrorism, Drug Trafficking, Drug Use and Tax Evasion in Germany
Lisa Geierhaas
,
Fabian Otto
,
Maximilian Häring
,
Matthew Smith
In
2023 IEEE Symposium on Security and Privacy (SP)
PDF
Cite
DOI
Less About Privacy: Revisiting a Survey about the German COVID-19 Contact Tracing App
Maximilian Häring
,
Eva Gerlitz
,
Matthew Smith
,
Christian Tiefenau
In
Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems
PDF
Cite
DOI
URL
Different Researchers, Different Results? Analyzing the Influence of Researcher Experience and Data Type During Qualitative Analysis of an Interview and Survey Study on Security Advice
Anna-Marie Ortloff
,
Matthias Fassl
,
Alexander Ponticello
,
Florin Martius
,
Anne Mertens
,
Katharina Krombholz
,
Matthew Smith
In
Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems
PDF
Cite
DOI
URL
Privacy Research on the Pulse of Time: COVID-19 Contact-Tracing Apps
Eva Gerlitz
,
Maximilian Häring
In
Human Factors in Privacy Research
PDF
Cite
DOI
URL
2022
Privacy at a Glance: A Process to Learn Modular Privacy Icons During Web Browsing
Maximiliane Windl
,
Anna-Marie Ortloff
,
Niels Henze
,
Valentin Schwind
In
Proceedings of the Conference on Human Information Interaction and Retrieval
PDF
Cite
DOI
Let's Hash: Helping Developers with Password Security
Lisa Geierhaas
,
Anna-Marie Ortloff
,
Matthew Smith
,
Alena Naiakshina
In
Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022)
PDF
Cite
URL
2021
Werkzeuge für Usable (Cyber-)Security
Luigi Lo Iacono
,
Matthew Smith
,
Peter Leo Gorski
In
Sicherheitskritische Mensch-Computer-Interaktion
Cite
DOI
The Effect of Nudges and Boosts on Browsing Privacy in a Naturalistic Environment
Anna-Marie Ortloff
,
Steven Zimmerman
,
David Elsweiler
,
Niels Henze
In
Proceedings of the 2021 Conference on Human Information Interaction and Retrieval
PDF
Cite
DOI
Replication: Measuring User Perceptions in Smartphone Security and Privacy in Germany
Maxim Schessler
,
Eva Gerlitz
,
Maximilian Häring
,
Matthew Smith
In
Proceedings of the European Symposium on Usable Security 2021
PDF
Cite
DOI
Replicating a Study of Ransomware in Germany
Anna-Marie Ortloff
,
Maike Vossen
,
Christian Tiefenau
In
Proceedings of the European Symposium on Usable Security 2021
PDF
Cite
DOI
Please do not use !?_ or your License Plate Number: Analyzing Password Policies in German Companies
Eva Gerlitz
,
Maximilian Häring
,
Matthew Smith
In
Proceedings of the Symposium On Usable Privacy and Security
Cite
Never ever or no matter what: Investigating Adoption Intentions and Misconceptions about the Corona-Warn-App in Germany
Maximilian Häring
,
Eva Gerlitz
,
Christian Tiefenau
,
Yasemin Acar
,
Sascha Fahl
,
Matthew Smith
,
Dominik Wermke
In
Proceedings of the Seventeenth Symposium on Usable Privacy and Security
PDF
Cite
Do you Really Code? Designing and Evaluating Screening Questions for Online Surveys with Programmers
Anastasia Danilova
,
Alena Naiakshina
,
Stefan Horstmann
,
Matthew Smith
In
Proceedings of the International Conference on Software Engineering
PDF
Cite
DOI
Code Reviewing as Methodology for Online Security Studies with Developers - A Case Study with Freelancers on Password Storage
Anastasia Danilova
,
Alena Naiakshina
,
Anna Rasgauski
,
Matthew Smith
In
Proceedings of the Seventeenth Symposium on Usable Privacy and Security
PDF
Cite
Behavioral responses to a cyber attack in a hospital environment
Markus Willing
,
Christian Dresen
,
Eva Gerlitz
,
Maximilian Häring
,
Matthew Smith
,
Carmen Binnewies
,
Tim Guess
,
Uwe Haverkamp
,
Sebastian Schinzel
PDF
Cite
DOI
A Qualitative Usability Evaluation of the Clang Static Analyzer and libFuzzer with CS Students and CTF Players
Stephan Plöger
,
Mischa Meier
,
Matthew Smith
In
USENIX Association
PDF
Cite
2020
Security, Availability, and Multiple Information Sources: Exploring Update Behavior of System Administrators
Christian Tiefenau
,
Maximilian Häring
,
Katharina Krombholz
,
Emanuel von Zezschwitz
In
Proceedings of Sixteenth Symposium on Usable Privacy and Security
PDF
Cite
Replication: On the Ecological Validity of Online Security Developer Studies: Exploring Deception in a Password-Storage Study with Freelancers
Anastasia Danilova
,
Alena Naiakshina
,
Johanna Deuter
,
Matthew Smith
In
Proceedings of the Sixteenth Symposium on Usable Privacy and Security
PDF
Cite
On Conducting Security Developer Studies with CS Students: Examining a Password-Storage Study with CS Students, Freelancers, and Company Developers
Alena Naiakshina
,
Anastasia Danilova
,
Eva Gerlitz
,
Matthew Smith
In
Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems
PDF
Cite
Implementation and In Situ Assessment of Contextual Privacy Policies
Anna-Marie Ortloff
,
Maximiliane Windl
,
Valentin Schwind
,
Niels Henze
In
Proceedings of the 2020 ACM Designing Interactive Systems Conference
PDF
Cite
DOI
2019
\"If HTTPS Were Secure, I Wouldn't Need 2FA\" - End User and Administrator Mental Models of HTTPS
Katharina Krombholz
,
Karoline Busse
,
Katharina Pfeffer
,
Matthew Smith
,
Emanuel von Zezschwitz
In
Proceedings of the Symposium on Security and Privacy
PDF
Cite
DOI
Vision: I don’t want to use my Phone! A Cognitive Walkthrough for YubiKeys
Claudia Bischoff
,
Eva Gerlitz
,
Matthew Smith
In
Proceedings of the 2020 IEEE European Symposium on Security and Privacy Workshops
PDF
Cite
DOI
Towards a Graphical User Interface for Quantitative Analysis in Digital Musicology
Anna-Marie Ortloff
,
Maximiliane Windl
,
Lydia Güntner
,
Thomas Schmidt
In
Proceedings of Mensch und Computer 2019
PDF
Cite
DOI
SentiBooks: Enhancing Audiobooks via Affective Computing and Smart Light Bulbs
Anna-Marie Ortloff
,
Lydia Güntner
,
Maximiliane Windl
,
Thomas Schmidt
,
Martin Kocur
,
Christian Wolff
In
Proceedings of Mensch und Computer 2019
PDF
Cite
DOI
Replication: No One Can Hack My Mind Revisiting a Study on Expert and Non-Expert Security Practices and Advice
Karoline Busse
,
Julia Schäfer
,
Matthew Smith
In
Proceedings of Symposium on Usable Privacy and Security
PDF
Cite
Making Privacy Graspable: Can we Nudge Users to use Privacy Enhancing Techniques?
Christian Tiefenau
,
Maximilian Häring
,
Eva Gerlitz
,
Emanuel von Zezschwitz
PDF
Cite
In Encryption We Don’t Trust: The Effect of End-to-End Encryption to the Masses on User Perception
Sergej Dechand
,
Alena Naiakshina
,
Anastasia Danilova
,
Matthew Smith
In
Proceedings of the 2019 IEEE European Symposium on Security and Privacy
PDF
Cite
DOI
Empirical Evaluation of Secure Development Processes (Dagstuhl Seminar 19231)
Adam Shostack
,
Matthew Smith
,
Sam Weber
,
Mary Ellen Zurko
PDF
Cite
DOI
A Usability Evaluation of Let's Encrypt and Certbot: Usable Security Done Right
Christian Tiefenau
,
Emanuel von Zezschwitz
,
Maximilian Häring
,
Katharina Krombholz
,
Matthew Smith
In
Proceedings of the 2019 ACM Special Interest Group on Security, Audit and Control Conference on Computer and Communications Security
PDF
Cite
DOI
A Case Study on (Security) Update Processes in Working Environments: Understanding the Context
Maximilian Häring
,
Christian Tiefenau
,
Eva Gerlitz
,
Ronald Brenner
,
Emanuel von Zezschwitz
PDF
Cite
\"Please enter your PIN\" -- On the Risk of Bypass Attacks on Biometric Authentication on Mobile Devices
Christian Tiefenau
,
Maximilian Häring
,
Mohamed Khamis
,
Emanuel von Zezschwitz
PDF
Cite
\"If you want, I can store the encrypted password\": A Password-Storage Field Study with Freelance Developers
Alena Naiakshina
,
Anastasia Danilova
,
Eva Gerlitz
,
Emanuel von Zezschwitz
,
Matthew Smith
In
Proceedings of the Conference on Human Factors in Computing Systems
PDF
Cite
DOI
2018
Evaluation kontextueller Datenschutzerklärungen
Anna-Marie Ortloff
,
Lydia Güntner
,
Maximiliane Windl
,
Denis Feth
,
Svenja Polst
In
Proceedings of Mensch und Computer 2018 - Workshopband
PDF
Cite
DOI
Deception Task Design in Developer Password Studies: Exploring a Student Sample
Alena Naiakshina
,
Anastasia Danilova
,
Christian Tiefenau
,
Matthew Smith
In
Proceedings of the Fourteenth Symposium on Usable Privacy and Security
PDF
Cite
2017
Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study
Alena Naiakshina
,
Anastasia Danilova
,
Christian Tiefenau
,
Marco Herzog
,
Sergej Dechand
,
Matthew Smith
In
Proceedings of the Special Interest Group on Security, Audit and Control
PDF
Cite
DOI
Obstacles to the Adoption of Secure Communication Tools
Ruba Abu-Salma
,
M. Angela Sasse
,
Joseph Bonneau
,
Anastasia Danilova
,
Alena Naiakshina
,
Matthew Smith
In
Proceedings of the 2017 IEEE Symposium on Security and Privacy
PDF
Cite
DOI
Exploring Design Directions for Wearable Privacy
Katharina Krombholz
,
Adrian Dabrowski
,
Matthew Smith
,
Edgar Weippl
In
Proceedings of Usable Security
PDF
Cite
2016
Usable Security—The Source Awakens
Matthew Smith
Cite
The Security-Usability Tradeoff Myth [Guest editors' introduction]
M. Angela Sasse
,
Matthew Smith
In
IEEE Security Privacy
PDF
Cite
DOI
SoK: Lessons Learned from Android Security Research for Appified Software Platforms
Yasemin Acar
,
Michael Backes
,
Sven Bugiel
,
Sascha Fahl
,
Patrick McDaniel
,
Matthew Smith
In
Proceedings of the 2016 IEEE Symposium on Security and Privacy
PDF
Cite
DOI
Helping Johnny to Analyze Malware: A Usability-Optimized Decompiler and Malware Analysis User Study
Khaled Yakdan
,
Sergej Dechand
,
Elmar Gerhards-Padilla
,
Matthew Smith
In
Proceedings of the Symposium on Security and Privacy
PDF
Cite
DOI
Developers are Not the Enemy!: The Need for Usable Security APIs
Matthew Green
,
Matthew Smith
PDF
Cite
DOI
2015
Where Have You Been? Using Location-Based Security Questions for Fallback Authentication
Alina Hang
,
Alexander De Luca
,
Matthew Smith
,
Michael Richter
,
Heinrich Hussmann
In
Proceedings of the Eleventh Symposium On Usable Privacy and Security
PDF
Cite
VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits
Henning Perl
,
Sergej Dechand
,
Matthew Smith
,
Daniel Arp
,
Fabian Yamaguchi
,
Konrad Rieck
,
Sascha Fahl
,
Yasemin Acar
In
Proceedings of Special Interest Group on Security, Audit and Control
PDF
Cite
DOI
To Pin or Not to Pin—Helping App Developers Bullet Proof Their TLS Connections
Marten Oltrogge
,
Yasemin Acar
,
Sergej Dechand
,
Matthew Smith
,
Sascha Fahl
In
Proceedings of the 24th USENIX Security Symposium
PDF
Cite
SoK: Secure Messaging
Nik Unger
,
Sergej Dechand
,
Joseph Bonneau
,
Sascha Fahl
,
Henning Perl
,
Ian Goldberg
,
Matthew Smith
In
Proceedings of the 2015 IEEE Symposium on Security and Privacy
PDF
Cite
DOI
Participatory Design for Security-Related User Interfaces – NDSS Symposium
Susanne Weber
,
Marian Harbach
,
Matthew Smith
In
Proceedings of the 2015 Network and Distributed System Security Symposium
PDF
Cite
DOI
Ok Glass, Leave Me Alone: Towards a Systematization of Privacy Enhancing Technologies for Wearable Computing
Katharina Krombholz
,
Adrian Dabrowski
,
Matthew Smith
,
Edgar Weippl
In
Proceedings of Financial Cryptography and Data Security
PDF
Cite
DOI
No More Gotos: Decompilation Using Pattern-Independent Control-Flow Structuring and Semantics-Preserving Transformations – NDSS Symposium
Khaled Yakdan
,
Sebastian Eschweiler
,
Elmar Gerhards-Padilla
,
Matthew Smith
In
Proceedings of the 2015 Network and Distributed System Security Symposium
PDF
Cite
DOI
Developers Are Users Too: Designing Crypto and Security APIs That Busy Engineers and Sysadmins Can Use Securely
Matthew Green
,
Matthew Smith
In
USENIX Association
Cite
2014
You Won’t Be Needing These Any More: On Removing Unused Certificates from Trust Stores
Henning Perl
,
Sascha Fahl
,
Matthew Smith
In
Proceedings of Financial Cryptography and Data Security
PDF
Cite
DOI
Why eve and mallory (also) love webmasters: a study on the root causes of SSL misconfigurations
Sascha Fahl
,
Yasemin Acar
,
Henning Perl
,
Matthew Smith
In
Proceedings of the 9th symposium on Information, computer and communications security
PDF
Cite
DOI
Who's Afraid of Which Bad Wolf? A Survey of IT Security Risk Awareness
Marian Harbach
,
Sascha Fahl
,
Matthew Smith
In
Proceedings of the 27th Computer Security Foundations Symposium
PDF
Cite
DOI
Using personal examples to improve risk communication for security & privacy decisions
Marian Harbach
,
Markus Hettig
,
Susanne Weber
,
Matthew Smith
In
Proceedings of the Special Interest Group on Computer–Human Interaction Conference
PDF
Cite
DOI
Privacy/performance trade-off in private search on bio-medical data
H. Perl
,
Y. Mohammed
,
M. Brenner
,
M. Smith
In
Future Generation Computer Systems
PDF
Cite
DOI
On the Awareness, Control and Privacy of Shared Photo Metadata
Benjamin Henne
,
Maximilian Koch
,
Matthew Smith
In
Proceedings of Financial Cryptography and Data Security
PDF
Cite
DOI
Now you see me, now you don't: protecting smartphone authentication from shoulder surfers
Alexander De Luca
,
Marian Harbach
,
Emanuel von Zezschwitz
,
Max-Emanuel Maurer
,
Bernhard Ewald Slawik
,
Heinrich Hussmann
,
Matthew Smith
In
Proceedings of the Special Interest Group on Computer–Human Interaction Conference
PDF
Cite
DOI
It’s a Hard Lock Life: A Field Study of Smartphone (Un)Locking Behavior and Risk Perception
Marian Harbach
,
Emanuel von Zezschwitz
,
Andreas Fichtner
,
Alexander De Luca
,
Matthew Smith
In
Proceedings of the 10th Symposium On Usable Privacy and Security
PDF
Cite
Hey, NSA: Stay Away from my Market! Future Proofing App Markets against Powerful Attackers
Sascha Fahl
,
Sergej Dechand
,
Henning Perl
,
Felix Fischer
,
Jaromir Smrcek
,
Matthew Smith
In
Proceedings of the Conference on Computer and Communications Security
PDF
Cite
DOI
2013
Sorry, I Don’t Get It: An Analysis of Warning Message Texts
Marian Harbach
,
Sascha Fahl
,
Polina Yakovleva
,
Matthew Smith
In
Proceedings of the Conference on Financial Cryptography and Data Security
PDF
Cite
DOI
Rethinking SSL development in an appified world
Sascha Fahl
,
Marian Harbach
,
Henning Perl
,
Markus Koetter
,
Matthew Smith
In
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
PDF
Cite
DOI
On the ecological validity of a password study
Sascha Fahl
,
Marian Harbach
,
Yasemin Acar
,
Matthew Smith
In
Proceedings of the Ninth Symposium on Usable Privacy and Security
PDF
Cite
DOI
On the Acceptance of Privacy-Preserving Authentication Technology: The Curious Case of National Identity Cards
Marian Harbach
,
Sascha Fahl
,
Matthias Rieger
,
Matthew Smith
In
Privacy Enhancing Technologies
PDF
Cite
DOI
Hey, You, Get Off of My Clipboard
Sascha Fahl
,
Marian Harbach
,
Marten Oltrogge
,
Thomas Muders
,
Matthew Smith
In
Proceedings of Financial Cryptography and Data Security
PDF
Cite
DOI
2012
Why eve and mallory love android: an analysis of android SSL (in)security
Sascha Fahl
,
Marian Harbach
,
Thomas Muders
,
Lars Baumgärtner
,
Bernd Freisleben
,
Matthew Smith
In
Proceedings of the Conference on Computer and communications security
PDF
Cite
DOI
Helping Johnny 2.0 to encrypt his Facebook conversations
Sascha Fahl
,
Marian Harbach
,
Thomas Muders
,
Matthew Smith
,
Uwe Sander
In
Proceedings of the Eighth Symposium on Usable Privacy and Security
PDF
Cite
DOI
Big data privacy issues in public social media
Matthew Smith
,
Christian Szongott
,
Benjamin Henne
,
Gabriele von Voigt
In
Proceedings of 2012 6th IEEE International Conference on Digital Ecosystems and Technologies
PDF
Cite
DOI
Cite
×