The tandem “URIA” (Usability of Risk-based Implicit Authentication) deals with the widespread password-based authentication – be it in e-mail services, online shops or online banking. Everyone knows the agony of choosing and, above all, remembering good passwords. In addition, password-protected systems harbor high security risks because they can be “cracked” quickly. Password-based authentication therefore not only has weaknesses in usability but also in security. Risk-based authentication, on the other hand, has the potential to increase security without compromising usability.
A presentation of the tandem can be found here.
Principle Investigators (PIs)
Prof. Dr. Markus Dürmuth
Lehrstuhl für Mobile Security
Horst Görtz Institut für IT Sicherheit
Ruhr-Universität Bochum
Prof. Dr.-Ing. Luigi Lo Iacano
Fakultät für Informations-, Medien- und Elektrotechnik
Institut für Medien- und Phototechnik (IMP)
Technische Hochschule Köln
PhD Students
Philipp Markert
Lehrstuhl für Mobile Security
Horst Görtz Institut für IT Sicherheit
Ruhr-Universität Bochum
@Philipp_Markert
Stephan Wiefling
Fakultät für Informations-, Medien- und Elektrotechnik
Institut für Medien- und Phototechnik (IMP)
Technische Hochschule Köln
https://orcid.org/0000-0001-7917-6065
@SWiefling
Publications
- Wiefling, Stephan, Jan Tolsdorf, and Luigi Lo Iacono: Privacy Considerations for Risk-Based Authentication Systems. In: 2021 International Workshop on Privacy Engineering (IWPE ’21), co-located with 6th IEEE European Symposium on Security and Privacy (EuroS&P), September 2021
- Wiefling, Stephan, Markus Dürmuth and Luigi Lo Iacono: Verify It’s You: How Users Perceive Risk-based Authentication. In: IEEE Security & Privacy. Volume 19, Issue 6 (November/December 2021). IEEE. DOI: 10.1109/MSEC.2021.3077954
- Wiefling, Stephan, Markus Dürmuth, and Luigi Lo Iacono. “What’s in Score for Website Users: A Data-Driven Long-Term Study on Risk-Based Authentication Characteristics.” In Financial Crpyto and Data Security (FC) 2021.
- Wiefling, Stephan, Luigi Lo Iacono, and Markus Dürmuth. “More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-Based Authentication.” ACSAC 2020
- Farke, Florian M., Lennart Lorenz, Theodor Schnitzler, Philipp Markert, and Markus Dürmuth. “‘You Still Use the Password after All’ – Exploring FIDO2 Security Keys in a Small Company.” SOUPS 2020
- Markert, Philipp, Daniel V. Bailey, Maximilian Golla, Markus Durmuth, and Adam J. AviG. “This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs.” IEEE Symposium on Security and Privacy (SP) 2020.
- Samuel, Raina, Philipp Markert, Adam J. Aviv, and Iulian Neamtiu. “Knock, Knock. Who’s There? On the Security of LG’s Knock Codes.” SOUPS 2020.
- Wiefling, Stephan., Tanvi Patil, Markus Dürmuth, and Luigi Lo Iacono. “Evaluation of Risk-based Re-Authentication Methods”. IFIP SEC 2020.
- Wiefling, Stephan, Luigi Lo Iacono, and Markus Dürmuth. “Is This Really You? An Empirical Study OnRisk-Based Authentication Applied in the Wild,” IFIP SEC 2019.
- Wiefling, Stephan, Gruschka, N., & Lo Iacono, L. (2019). Even Turing Should Sometimes Not Be Able To Tell: Mimicking Humanoid Usage Behavior for Exploratory Studies of Online Services.
- Wiefling, Stephan: Usability, Sicherheit und Privatsphäre von risikobasierter Authentifizierung. In:Sicherheit 2020, Lecture Notes in Informatics (LNI), Gesellschaft für Informatik, Bonn 2020. doi:10.18420/sicherheit2020_15