Publications



Attitudes towards Client-Side Scanning for CSAM, Terrorism, Drug Trafficking, Drug Use and Tax Evasion in Germany

Geierhaas, L.; Otto, F.; Häring, M.; Smith, M.
2023 IEEE Symposium on Security and Privacy (SP)


Different Researchers, Different Results? Analyzing the Influence of Researcher Experience and Data Type During Qualitative Analysis of an Interview and Survey Study on Security Advice

Ortloff, A.; Fassl, M.; Ponticello, A.; Martius, F.; Mertens, A.; Krombholz, K.; Smith, M.
Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems


Less About Privacy: Revisiting a Survey about the German COVID-19 Contact Tracing App

Häring, M.; Gerlitz, E.; Smith, M.; Tiefenau, C.
Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems



Evolution of Password Expiry in Companies: Measuring the Adoption of Recommendations by the German Federal Office for Information Security

Gerlitz, E.; Häring, M.; Smith, M.; Tiefenau, C.
Nineteenth Symposium on Usable Privacy and Security (SOUPS 2023)


Privacy Research on the Pulse of Time: COVID-19 Contact-Tracing Apps

Gerlitz, E.; Häring, M.; Gerber, N.; Stöver, A.; Marky, K.


Let's Hash: Helping Developers with Password Security

Geierhaas, L.; Ortloff, A.; Smith, M.; Naiakshina, A.
Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022)


Privacy at a Glance: A Process to Learn Modular Privacy Icons During Web Browsing

Windl, M.; Ortloff, A.; Henze, N.; Schwind, V.
Proceedings of the Conference on Human Information Interaction and Retrieval


Behavioral responses to a cyber attack in a hospital environment

Willing, M.; Dresen, C.; Gerlitz, E.; Haering, M.; Smith, M.; Binnewies, C.; Guess, T.; Haverkamp, U.; Schinzel, S.
Nature Scientific Reports


Please do not use !?_ or your License Plate Number: Analyzing Password Policies in German Companies

Gerlitz, E.; Häring, M.; Smith, M.
Proceedings of the Symposium On Usable Privacy and Security


Never ever or no matter what: Investigating Adoption Intentions and Misconceptions about the Corona-Warn-App in Germany

Häring, M.; Gerlitz, E.; Tiefenau, C.; Acar, Y.; Fahl, S.; Smith, M.; Wermke, D.
Proceedings of the Seventeenth Symposium on Usable Privacy and Security


Do you Really Code? Designing and Evaluating Screening Questions for Online Surveys with Programmers

Danilova, A.; Naiakshina, A.; Horstmann, S.; Smith, M.
Proceedings of the International Conference on Software Engineering


Code Reviewing as Methodology for Online Security Studies with Developers - A Case Study with Freelancers on Password Storage

Danilova, A.; Naiakshina, A.; Rasgauski, A.; Smith, M.
Proceedings of the Seventeenth Symposium on Usable Privacy and Security



Werkzeuge für Usable (Cyber-)Security

Iacono, L. L.; Smith, M.; Gorski, P. L.; Reuter, C.


The Effect of Nudges and Boosts on Browsing Privacy in a Naturalistic Environment

Ortloff, A.; Zimmerman, S.; Elsweiler, D.; Henze, N.
Proceedings of the 2021 Conference on Human Information Interaction and Retrieval


Replication: Measuring User Perceptions in Smartphone Security and Privacy in Germany

Schessler, M.; Gerlitz, E.; Häring, M.; Smith, M.
Proceedings of the European Symposium on Usable Security 2021


Replicating a Study of Ransomware in Germany

Ortloff, A.; Vossen, M.; Tiefenau, C.
Proceedings of the European Symposium on Usable Security 2021


One size does not fit all: a grounded theory and online survey study of developer preferences for security warning types

Danilova, A.; Naiakshina, A.; Smith, M.
Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering


On Conducting Security Developer Studies with CS Students: Examining a Password-Storage Study with CS Students, Freelancers, and Company Developers

Naiakshina, A.; Danilova, A.; Gerlitz, E.; Smith, M.
Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems


Security, Availability, and Multiple Information Sources: Exploring Update Behavior of System Administrators

Tiefenau, C.; Häring, M.; Krombholz, K.; von Zezschwitz, E.
Proceedings of Sixteenth Symposium on Usable Privacy and Security


Replication: On the Ecological Validity of Online Security Developer Studies: Exploring Deception in a Password-Storage Study with Freelancers

Danilova, A.; Naiakshina, A.; Deuter, J.; Smith, M.
Proceedings of the Sixteenth Symposium on Usable Privacy and Security


Implementation and In Situ Assessment of Contextual Privacy Policies

Ortloff, A.; Windl, M.; Schwind, V.; Henze, N.
Proceedings of the 2020 ACM Designing Interactive Systems Conference


"If HTTPS Were Secure, I Wouldn't Need 2FA" - End User and Administrator Mental Models of HTTPS

Krombholz, K.; Busse, K.; Pfeffer, K.; Smith, M.; von Zezschwitz, E.
Proceedings of the Symposium on Security and Privacy


Replication: No One Can Hack My Mind Revisiting a Study on Expert and Non-Expert Security Practices and Advice

Busse, K.; Schäfer, J.; Smith, M.
Proceedings of Symposium on Usable Privacy and Security



A Usability Evaluation of Let's Encrypt and Certbot: Usable Security Done Right

Tiefenau, C.; von Zezschwitz, E.; Häring, M.; Krombholz, K.; Smith, M.
Proceedings of the 2019 ACM Special Interest Group on Security, Audit and Control Conference on Computer and Communications Security


"If you want, I can store the encrypted password": A Password-Storage Field Study with Freelance Developers

Naiakshina, A.; Danilova, A.; Gerlitz, E.; von Zezschwitz, E.; Smith, M.
Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems


Vision: I don’t want to use my Phone! A Cognitive Walkthrough for YubiKeys

Bischoff, C.; Gerlitz, E.; Smith, M.
Proceedings of the 2020 IEEE European Symposium on Security and Privacy Workshops


SentiBooks: Enhancing Audiobooks via Affective Computing and Smart Light Bulbs

Ortloff, A.; Güntner, L.; Windl, M.; Schmidt, T.; Kocur, M.; Wolff, C.
Proceedings of Mensch und Computer 2019


Towards a Graphical User Interface for Quantitative Analysis in Digital Musicology

Ortloff, A.; Windl, M.; Güntner, L.; Schmidt, T.
Proceedings of Mensch und Computer 2019


"Please enter your PIN" -- On the Risk of Bypass Attacks on Biometric Authentication on Mobile Devices

Tiefenau, C.; Häring, M.; Khamis, M.; von Zezschwitz, E.
15th Symposium on Usable Privacy and Security


Making Privacy Graspable: Can we Nudge Users to use Privacy Enhancing Techniques?

Tiefenau, C.; Häring, M.; Gerlitz, E.; von Zezschwitz, E.
15th Symposium on Usable Privacy and Security


In Encryption We Don’t Trust: The Effect of End-to-End Encryption to the Masses on User Perception

Dechand, S.; Naiakshina, A.; Danilova, A.; Smith, M.
Proceedings of the 2019 IEEE European Symposium on Security and Privacy


A Case Study on (Security) Update Processes in Working Environments: Understanding the Context

Häring, M.; Tiefenau, C.; Gerlitz, E.; Brenner, R.; von Zezschwitz, E.
15th Symposium on Usable Privacy and Security


Evaluation kontextueller Datenschutzerklärungen

Ortloff, A.; Güntner, L.; Windl, M.; Feth, D.; Polst, S.
Proceedings of Mensch und Computer 2018 - Workshopband


Deception Task Design in Developer Password Studies: Exploring a Student Sample

Naiakshina, A.; Danilova, A.; Tiefenau, C.; Smith, M.
Proceedings of the Fourteenth Symposium on Usable Privacy and Security



Exploring Design Directions for Wearable Privacy

Krombholz, K.; Dabrowski, A.; Smith, M.; Weippl, E.
Proceedings of Usable Security


Obstacles to the Adoption of Secure Communication Tools

Abu-Salma, R.; Sasse, M. A.; Bonneau, J.; Danilova, A.; Naiakshina, A.; Smith, M.
Proceedings of the 2017 IEEE Symposium on Security and Privacy


Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study

Naiakshina, A.; Danilova, A.; Tiefenau, C.; Herzog, M.; Dechand, S.; Smith, M.
Proceedings of the Special Interest Group on Security, Audit and Control


Debunking Security-Usability Tradeoff Myths

Sasse, M. A.; Smith, M.; Herley, C.; Lipford, H.; Vaniea, K.
IEEE Security & Privacy


Developers are Not the Enemy!: The Need for Usable Security APIs

Green, M.; Smith, M.
IEEE Security & Privacy Magazine


Usable Security—The Source Awakens

Smith, M.
USENIX Enigma


Helping Johnny to Analyze Malware: A Usability-Optimized Decompiler and Malware Analysis User Study

Yakdan, K.; Dechand, S.; Gerhards-Padilla, E.; Smith, M.
Proceedings of the Symposium on Security and Privacy


SoK: Lessons Learned from Android Security Research for Appified Software Platforms

Acar, Y.; Backes, M.; Bugiel, S.; Fahl, S.; McDaniel, P.; Smith, M.
Proceedings of the 2016 IEEE Symposium on Security and Privacy


The Security-Usability Tradeoff Myth [Guest editors' introduction]

Sasse, M. A.; Smith, M.
IEEE Security Privacy



Ok Glass, Leave Me Alone: Towards a Systematization of Privacy Enhancing Technologies for Wearable Computing

Krombholz, K.; Dabrowski, A.; Smith, M.; Weippl, E.
Proceedings of Financial Cryptography and Data Security


No More Gotos: Decompilation Using Pattern-Independent Control-Flow Structuring and Semantics-Preserving Transformations – NDSS Symposium

Yakdan, K.; Eschweiler, S.; Gerhards-Padilla, E.; Smith, M.
Proceedings of the 2015 Network and Distributed System Security Symposium


Participatory Design for Security-Related User Interfaces – NDSS Symposium

Weber, S.; Harbach, M.; Smith, M.
Proceedings of the 2015 Network and Distributed System Security Symposium


Where Have You Been? Using Location-Based Security Questions for Fallback Authentication

Hang, A.; Luca, A. D.; Smith, M.; Richter, M.; Hussmann, H.
Proceedings of the Eleventh Symposium On Usable Privacy and Security


VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits

Perl, H.; Dechand, S.; Smith, M.; Arp, D.; Yamaguchi, F.; Rieck, K.; Fahl, S.; Acar, Y.
Proceedings of Special Interest Group on Security, Audit and Control


To Pin or Not to Pin—Helping App Developers Bullet Proof Their TLS Connections

Oltrogge, M.; Acar, Y.; Dechand, S.; Smith, M.; Fahl, S.
Proceedings of the 24th USENIX Security Symposium


SoK: Secure Messaging

Unger, N.; Dechand, S.; Bonneau, J.; Fahl, S.; Perl, H.; Goldberg, I.; Smith, M.
Proceedings of the 2015 IEEE Symposium on Security and Privacy


It’s a Hard Lock Life: A Field Study of Smartphone ( Un)Locking Behavior and Risk Perception

Harbach, M.; Zezschwitz, E. v.; Fichtner, A.; Luca, A. D.; Smith, M.
Proceedings of the 10th Symposium On Usable Privacy and Security


Now you see me, now you don't: protecting smartphone authentication from shoulder surfers

De Luca, A.; Harbach, M.; von Zezschwitz, E.; Maurer, M.; Slawik, B. E.; Hussmann, H.; Smith, M.
Proceedings of the Special Interest Group on Computer–Human Interaction Conference


You Won’t Be Needing These Any More: On Removing Unused Certificates from Trust Stores

Perl, H.; Fahl, S.; Smith, M.
Proceedings of Financial Cryptography and Data Security


Why eve and mallory (also) love webmasters: a study on the root causes of SSL misconfigurations

Fahl, S.; Acar, Y.; Perl, H.; Smith, M.
Proceedings of the 9th symposium on Information, computer and communications security


Who's Afraid of Which Bad Wolf? A Survey of IT Security Risk Awareness

Harbach, M.; Fahl, S.; Smith, M.
Proceedings of the 27th Computer Security Foundations Symposium


Using personal examples to improve risk communication for security & privacy decisions

Harbach, M.; Hettig, M.; Weber, S.; Smith, M.
Proceedings of the Special Interest Group on Computer–Human Interaction Conference


Privacy/performance trade-off in private search on bio-medical data

Perl, H.; Mohammed, Y.; Brenner, M.; Smith, M.
Future Generation Computer Systems


On the Awareness, Control and Privacy of Shared Photo Metadata

Henne, B.; Koch, M.; Smith, M.; Christin, N.; Safavi-Naini, R.
Proceedings of Financial Cryptography and Data Security


Hey, NSA: Stay Away from my Market! Future Proofing App Markets against Powerful Attackers

Fahl, S.; Dechand, S.; Perl, H.; Fischer, F.; Smrcek, J.; Smith, M.
Proceedings of the Conference on Computer and Communications Security


Rethinking SSL development in an appified world

Fahl, S.; Harbach, M.; Perl, H.; Koetter, M.; Smith, M.
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security


Sorry, I Don’t Get It: An Analysis of Warning Message Texts

Harbach, M.; Fahl, S.; Yakovleva, P.; Smith, M.; Adams, A. A.; Brenner, M.; Smith, M.
Proceedings of the Conference on Financial Cryptography and Data Security


On the ecological validity of a password study

Fahl, S.; Harbach, M.; Acar, Y.; Smith, M.
Proceedings of the Ninth Symposium on Usable Privacy and Security


On the Acceptance of Privacy-Preserving Authentication Technology: The Curious Case of National Identity Cards

Harbach, M.; Fahl, S.; Rieger, M.; Smith, M.; De Cristofaro, E.; Wright, M.
Privacy Enhancing Technologies


Hey, You, Get Off of My Clipboard

Fahl, S.; Harbach, M.; Oltrogge, M.; Muders, T.; Smith, M.; Sadeghi, A.
Proceedings of Financial Cryptography and Data Security


Helping Johnny 2.0 to encrypt his Facebook conversations

Fahl, S.; Harbach, M.; Muders, T.; Smith, M.; Sander, U.
Proceedings of the Eighth Symposium on Usable Privacy and Security


Big data privacy issues in public social media

Smith, M.; Szongott, C.; Henne, B.; von Voigt, G.
Proceedings of 2012 6th IEEE International Conference on Digital Ecosystems and Technologies


Why eve and mallory love android: an analysis of android SSL (in)security

Fahl, S.; Harbach, M.; Muders, T.; Baumgärtner, L.; Freisleben, B.; Smith, M.
Proceedings of the Conference on Computer and communications security



Wird geladen