Über mich
Ich bin promovierter Forscher im Bereich der IT-Sicherheit. Aktuell forsche ich in Bereichen der Authentifizierung, Usability und Privacy. Unter anderem erforsche ich, wie man die Sicherheit von Passwörtern verbessern kann, ohne die Usability dadurch zu verringern. Über meine Arbeit wurde in Schneier on Security, The Daily Swig, t-online.de, GIGA.de, Heise, Golem.de, Kölner Stadtanzeiger und anderen Medien berichtet.
Meine Expertise im Bereich der Usable Security & Privacy habe ich bereits erfolgreich in die Industrie einbringen dürfen (z.B. Meta, Telenor). Darüber hinaus arbeite ich als Senior Software Engineer bei Vodafone.
Außerdem habe ich am Buch Programmieren trainieren mitgeschrieben, welches im Hanser Verlag erschienen ist.
Forschungsinteressen
- Risikobasierte Authentifizierung
- Usable Security and Privacy
- Mobile Authentifizierung
- Gebrauchstaugliche Passwörter
- Privacy Dashboards
- Developer-Centered Security
- Mensch-Computer-Interaktion
Auszeichnungen
Open Data Impact Award 2022
Verliehen von: Stifterverband für die Deutsche Wissenschaft e.V.
Verliehen von: Stifterverband für die Deutsche Wissenschaft e.V.
Best ACSAC Video Production 2020
Verliehen von: Annual Computer Security Applications Conference (ACSAC)
Verliehen von: Annual Computer Security Applications Conference (ACSAC)
RISE Germany Scholarship 2019, 2020
Verliehen von: Deutscher Akademischer Austauschdienst (DAAD)
Verliehen von: Deutscher Akademischer Austauschdienst (DAAD)
Jahrgangsbester 2018/2019, Master Medientechnologie
Verliehen von: Technische Hochschule Köln
Verliehen von: Technische Hochschule Köln
Ausbildung
Informatik (Dr.-Ing.)
Ruhr-Universität Bochum, Horst-Görtz-Institut für IT-Sicherheit (2018 - 2023)
Begutachtet von Markus Dürmuth, Martina Angela Sasse und Luigi Lo Iacono
Dissertation Verteidigungsfolien
Ruhr-Universität Bochum, Horst-Görtz-Institut für IT-Sicherheit (2018 - 2023)
Begutachtet von Markus Dürmuth, Martina Angela Sasse und Luigi Lo Iacono
Dissertation Verteidigungsfolien
Medientechnologie (M. Sc.)
Technische Hochschule Köln (2015 - 2018)
Technische Hochschule Köln (2015 - 2018)
Medientechnik (B. Eng.)
Fachhochschule Köln (2011 - 2015)
Fachhochschule Köln (2011 - 2015)
Ausgewählte Publikationen
A Privacy Measure Turned Upside Down? Investigating the Use of HTTP Client Hints on the Web (2024)
Stephan Wiefling, Marian Hönscheid und Luigi Lo Iacono. ARES ’24. ACM.
@inproceedings{article_ares2024_wiefling,
author = {Wiefling, Stephan and Hönscheid, Marian and {Lo Iacono}, Luigi},
title = {A {Privacy Measure Turned Upside Down? Investigating the Use of HTTP Client Hints on the Web}},
booktitle = {19th {International} {Conference} on {Availability}, {Reliability} and {Security}},
series = {A{RES} '24},
location = {Vienna, Austria},
doi = {10.1145/3664476.3664478},
publisher = {ACM},
month = aug,
year = {2024},
} Is It Really You Who Forgot the Password? When Account Recovery Meets Risk-Based Authentication (2024)
Andre Büttner, Andreas Thue Pedersen, Stephan Wiefling, Nils Gruschka und Luigi Lo Iacono. UbiSec ’23. Springer.
PDF Website
@inproceedings{article_ubisec2023_buettner,
author = {Büttner, Andre and Pedersen, Andreas Thue and Wiefling, Stephan and Gruschka, Nils and {Lo Iacono}, Luigi},
title = {Is {It Really You Who Forgot the Password? When Account Recovery Meets Risk-Based Authentication}},
booktitle = {Ubi{Sec} '23},
location = {Exeter, United Kingdom},
doi = {10.1007/978-981-97-1274-8_26},
publisher = {Springer},
month = mar,
year = {2024},
} Risk-Based Authentication for OpenStack: A Fully Functional Implementation and Guiding Example (2023)
Vincent Unsel, Stephan Wiefling, Nils Gruschka und Luigi Lo Iacono. CODASPY ’23. ACM.
@inproceedings{article_codaspy2023_unsel,
title = {Risk-{Based Authentication for OpenStack: A Fully Functional Implementation and Guiding Example}},
author = {Unsel, Vincent and Wiefling, Stephan and Gruschka, Nils and {Lo Iacono}, Luigi},
booktitle = {13th {ACM Conference on Data and Application Security and Privacy}},
year = {2023},
series = {C{ODASPY} '23},
location = {Charlotte, NC, USA},
publisher = {ACM},
doi = {10.1145/3577923.3583634},
month = apr,
year = {2023}
} Data Protection Officers’ Perspectives on Privacy Challenges in Digital Ecosystems (2023)
Stephan Wiefling, Jan Tolsdorf und Luigi Lo Iacono. SPOSE ’22. Springer.
PDF PDF [Verlag]
@inproceedings{article_spose2022_wiefling,
author = {Wiefling, Stephan and Tolsdorf, Jan and Lo Iacono, Luigi},
title = {Data {Protection} {Officers}' {Perspectives} on {Privacy} {Challenges} in {Digital} {Ecosystems}},
booktitle = {4th {Workshop} on {Security}, {Privacy}, {Organizations}, and {Systems} {Engineering}},
series = {SPOSE '22},
location = {Copenhagen, Denmark},
doi = {10.1007/978-3-031-25460-4_13},
publisher = {Springer},
year = {2023}
} Pump Up Password Security! Evaluating and Enhancing Risk-Based Authentication on a Real-World Large-Scale Online Service (2023)
Stephan Wiefling, Paul René Jørgensen, Sigurd Thunem und Luigi Lo Iacono. ACM TOPS. ACM.
@article{article_tops2023_wiefling,
author = {Wiefling, Stephan and Jørgensen, Paul René and Thunem, Sigurd and {Lo Iacono}, Luigi},
title = {Pump {Up} {Password} {Security}! {Evaluating} and {Enhancing} {Risk}-{Based} {Authentication} on a {Real}-{World} {Large}-{Scale} {Online} {Service}},
journal = { {ACM} {Transactions} on {Privacy} and {Security}},
doi = {10.1145/3546069},
publisher = {ACM},
volume = {26},
number = {1},
articleno = {6},
issn = {2471-2566},
month = {feb},
year = {2023}
} Privacy Considerations for Risk-Based Authentication Systems (2021)
Stephan Wiefling, Jan Tolsdorf und Luigi Lo Iacono. IWPE ’21. IEEE.
@inproceedings{article_iwpe2021_wiefling,
author = {Wiefling, Stephan and Tolsdorf, Jan and Lo Iacono, Luigi},
title = {Privacy {Considerations} for {Risk}-{Based} {Authentication} {Systems}},
booktitle = {2021 {International} {Workshop} on {Privacy} {Engineering}},
series = {IWPE '21},
location = {Vienna, Austria},
doi = {10.1109/EuroSPW54576.2021.00040},
pages = {320--327},
publisher = {IEEE},
month = sep,
year = {2021}
} "I just looked for the solution!" - On Integrating Security-Relevant Information in Non-Security API Documentation to Support Secure Coding Practices (2021)
Peter Leo Gorski, Sebastian Möller, Stephan Wiefling und Luigi Lo Iacono. IEEE TSE. IEEE.
@article{journals_tse2021_gorski,
author = {Gorski, Peter Leo and Möller, Sebastian and Wiefling, Stephan and Lo Iacono, Luigi},
journal = {IEEE Transactions on Software Engineering},
title = {"I just looked for the solution!" - On Integrating Security-Relevant Information in Non-Security API Documentation to Support Secure Coding Practices},
year = {2021},
publisher = {IEEE},
doi = {10.1109/TSE.2021.3094171}
} Verify It’s You: How Users Perceive Risk-based Authentication (2021)
Stephan Wiefling, Markus Dürmuth und Luigi Lo Iacono. IEEE Security & Privacy. IEEE.
@article{journals_spm2021_wiefling,
title = {Verify {It}'s {You}: {How} {Users} {Perceive} {Risk}-based {Authentication}},
journal = {IEEE Security & Privacy},
author = {Wiefling, Stephan and Dürmuth, Markus and Lo Iacono, Luigi},
month = nov,
volume = {19},
number = {6},
pages = {47--57},
year = {2021},
publisher = {IEEE},
doi = {10.1109/MSEC.2021.3077954}
} What’s in Score for Website Users: A Data-Driven Long-Term Study on Risk-Based Authentication Characteristics (2021)
Stephan Wiefling, Markus Dürmuth und Luigi Lo Iacono. FC ’21. Springer.
@inproceedings{article_fc2021_wiefling,
author = {Wiefling, Stephan and D\"{u}rmuth, Markus and Lo Iacono, Luigi},
title = {What’s in {Score} for {Website} {Users}: {A} {Data}-{Driven} {Long}-{Term} {Study} on {Risk}-{Based} {Authentication} {Characteristics}},
booktitle = {25th {International} {Conference} on {Financial} {Cryptography} and {Data} {Security} ({FC} '21)},
pages = {361--381},
location = {Grenada},
month = mar,
year = {2021}
publisher = {Springer},
doi = {10.1007/978-3-662-64331-0_19}
} More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication (2020)
Stephan Wiefling, Markus Dürmuth und Luigi Lo Iacono. ACSAC ’20. ACM.
@inproceedings{article_acsac2020_wiefling,
title = {More {Than} {Just} {Good} {Passwords}? A {Study} on {Usability} and {Security} {Perceptions} of {Risk-based} {Authentication}},
booktitle = {36th {Annual} {Computer} {Security} {Applications} {Conference} ({ACSAC} '20)},
author = {Wiefling, Stephan and D\"{u}rmuth, Markus and Lo Iacono, Luigi},
publisher = {ACM},
location = {Austin, USA},
month = dec,
year = {2020},
doi = {10.1145/3427228.3427243},
pages = {203--218},
isbn = {978-1-4503-8858-0/20/12},
} Evaluation of Risk-based Re-Authentication Methods (2020)
Stephan Wiefling, Tanvi Patil, Markus Dürmuth und Luigi Lo Iacono. IFIP SEC ’20. Springer.
@inproceedings{article_ifipsec2020_wiefling,
title = { {Evaluation} of {Risk-based} {Re}-{Authentication} {Methods}},
booktitle = {35th {IFIP} {TC}-11 {International} {Conference} on {Information} {Security} and {Privacy} {Protection} ({IFIP} {SEC} 2020)},
series = { {IFIP} {Advances} in {Information} and {Communication} {Technology}},
author = {Wiefling, Stephan and Patil, Tanvi and D\"{u}rmuth, Markus and Lo Iacono, Luigi },
publisher = {Springer International Publishing},
location = {Maribor, Slovenia},
volume = {580},
pages = {280--294},
isbn = {978-3-030-58200-5},
doi = {10.1007/978-3-030-58201-2_19},
month = sep,
year = {2020},
} Even Turing Should Sometimes Not Be Able To Tell: Mimicking Humanoid Usage Behavior for Exploratory Studies of Online Services (2019)
Stephan Wiefling, Nils Gruschka und Luigi Lo Iacono. NordSec ’19. Springer Nature.
@inproceedings{article_nordsec2019_wiefling,
title = {Even {Turing} {Should} {Sometimes} {Not} {Be} {Able} {To} {Tell}: {Mimicking} {Humanoid} {Usage} {Behavior} for {Exploratory} {Studies} of {Online} {Services}},
booktitle = {24th {Nordic} {Conference} on {Secure} {IT} {Systems} ({NordSec} 2019)},
series = { {Lecture} {Notes} in {Computer} {Science}},
author = {Wiefling, Stephan and Gruschka, Nils and Lo Iacono, Luigi},
volume = {11875},
pages = {188--203},
isbn = {978-3-030-35055-0},
doi = {10.1007/978-3-030-35055-0_12},
publisher = {Springer Nature},
location = {Aalborg, Denmark},
month = nov,
year = {2019}
} Is This Really You? An Empirical Study on Risk-Based Authentication Applied in the Wild (2019)
Stephan Wiefling, Luigi Lo Iacono und Markus Dürmuth. IFIP SEC ’19. Springer.
@inproceedings{article_ifipsec2019_wiefling,
title = {Is {This} {Really} {You}? {An} {Empirical} {Study} on {Risk}-{Based} {Authentication} {Applied} in the {Wild}},
booktitle = {34th {IFIP} {TC}-11 {International} {Conference} on {Information} {Security} and {Privacy} {Protection} ({IFIP} {SEC} 2019)},
series = { {IFIP} {Advances} in {Information} and {Communication} {Technology}},
author = {Wiefling, Stephan and Lo Iacono, Luigi and D\"{u}rmuth, Markus},
volume = {562},
pages = {134--148},
isbn = {978-3-030-22311-3},
doi = {10.1007/978-3-030-22312-0_10},
publisher = {Springer International Publishing},
location = {Lisbon, Portugal},
month = jun,
year = {2019}
}