Philipp Markert
I'm a former researcher at the Ruhr University Bochum in Germany. During my time in academia, I conducted research in computer security and human-computer interaction (HCI), focusing on usable security and authentication.
Peer-Reviewed Publications
2024
A Comparative Long-Term Study of Fallback Authentication Schemes
Leona Lassak, Philipp Markert, Maximilian Golla, Elizabeth Stobert, Markus Dürmuth
ACM Conference on Human Factors in Computing Systems (CHI '24)
Honolulu, Hawaii, USA · May 11–16, 2024 · Acceptance: 26.3%
Understanding Users' Interaction with Login Notifications
Philipp Markert, Leona Lassak, Maximilian Golla, Markus Dürmuth
ACM Conference on Human Factors in Computing Systems (CHI '24)
Honolulu, Hawaii, USA · May 11–16, 2024 · Acceptance: 26.3%
2023
“Someone Definitely Used 0000”: Strategies, Performance, and User Perception of Novice Smartphone-Unlock PIN-Guessers
Daniel V. Bailey, Collins W. Munyendo, Hunter A. Dyer, Miles Grant, Philipp Markert, Adam J. Aviv
European Symposium on Usable Security (EuroUSEC '23)
Copenhagen, Denmark · October 16–17, 2023 · Acceptance: 43.6%
Usability and Security of Risk-based Authentication
Philipp Markert
Ruhr University Bochum (RUB)
Bochum, Germany · July 28, 2023
A Transcontinental Analysis of Account Remediation Protocols of Popular Websites
Philipp Markert, Andrick Adhikari, Sanchari Das
Symposium on Usable Security and Privacy (USEC '23)
San Diego, California, USA · February 27, 2023
2022
Where You're Logged In: Analyzing the Usability of Device Activity Pages (Work-in-Progress)
Angel N. Fernandes, Philipp Markert, Sanchari Das
Annual Computer Security Applications Conference (ACSAC '22)
Austin, Texas, USA · December 5–9, 2022
“It's Just a Lot of Prerequisites”: A User Perception and Usability Analysis of the German ID Card as a FIDO2 Authenticator
Markus Keil, Philipp Markert, Markus Dürmuth
European Symposium on Usable Security (EuroUSEC '22)
Karlsruhe, Germany · September 29–30, 2022 · Acceptance: 31.2% · Best Paper Award
“The Same PIN, Just Longer”: On the (In)Security of Upgrading PINs from 4 to 6 Digits
Collins W. Munyendo, Philipp Markert, Alexandra Nisenoff, Miles Grant, Elena Korkes, Blase Ur, Adam J. Aviv
USENIX Security Symposium (SSYM '22)
Boston, Massachusetts, USA · August 10–12, 2022 · Acceptance: 18.1%
“As soon as it's a risk, I want to require MFA”: How Administrators Configure Risk-based Authentication
Philipp Markert, Theodor Schnitzler, Maximilian Golla, Markus Dürmuth
Symposium on Usable Privacy and Security (SOUPS '22)
Boston, Massachusetts, USA · August 7–9, 2022 · Acceptance: 27.8%
2021
Towards Quantum Large-Scale Password Guessing on Real-World Distributions
Markus Dürmuth, Maximilian Golla, Philipp Markert, Alexander May, Lars Schlieper
International Conference on Cryptology and Network Security (CANS '21)
Virtual Conference · December 13–15, 2021 · Acceptance: 32.9%
On the Security of Smartphone Unlock PINs
Philipp Markert, Daniel V. Bailey, Maximilian Golla, Markus Dürmuth, Adam J. Aviv
ACM Transactions on Privacy and Security (TOPS '21)
Volume 24, Issue 4 · November, 2021 · Impact Factor (2020): 1.909
“I have no idea what they’re trying to accomplish” Enthusiast and Casual Signal Users' Understanding of Signal PINs
Daniel V. Bailey, Philipp Markert, Adam J. Aviv
Symposium on Usable Privacy and Security (SOUPS '21)
Virtual Conference · August 8–10, 2021 · Acceptance: 26.5%
Using a Blocklist to Improve the Security of User Selection of Android Patterns
Collins W. Munyendo, Miles Grant, Philipp Markert, Timothy J. Forman, Adam J. Aviv
Symposium on Usable Privacy and Security (SOUPS '21)
Virtual Conference · August 8–10, 2021 · Acceptance: 26.5%
My Account Is Compromised – What Do I Do? Towards an Intercultural Analysis of Account Remediation for Websites
Kathryn Walsh, Faiza Tazi, Philipp Markert, Sanchari Das
Workshop on Inclusive Privacy and Security (WIPS ’21)
Virtual Conference · August 7–8, 2021
2020
Knock, Knock. Who's There? On the Security of LG's Knock Codes
Raina Samuel, Philipp Markert, Adam J. Aviv, Iulian Neamtiu
Symposium on Usable Privacy and Security (SOUPS '20)
Virtual Conference · August 7–11, 2020 · Acceptance: 19.8%
“You still use the password after all” – Exploring FIDO2 Security Keys in a Small Company
Florian M. Farke, Lennart Lorenz, Theodor Schnitzler, Philipp Markert, Markus Dürmuth
Symposium on Usable Privacy and Security (SOUPS '20)
Virtual Conference · August 7–11, 2020 · Acceptance: 19.8%
This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs
Philipp Markert, Daniel V. Bailey, Maximilian Golla, Markus Dürmuth, Adam J. Aviv
IEEE Symposium on Security and Privacy (SP '20)
Virtual Conference · May 18–20, 2020 · Acceptance: 11.7%
2019
View The Email to Get Hacked: Attacking SMS-Based Two-Factor Authentication
Philipp Markert, Florian M. Farke, Markus Dürmuth
Who Are You?! Adventures in Authentication (WAY '19)
Santa Clara, California, USA · August 11, 2019
Work in Progress: A Comparative Long-Term Study of Fallback Authentication
Philipp Markert, Maximilian Golla, Elizabeth Stobert, Markus Dürmuth
Workshop on Usable Security and Privacy (USEC '19)
San Diego, California, USA · February 24, 2019
Miscellaneous
Selected Media Coverage
For “‘You still use the password after all’ – Exploring FIDO2 Security Keys in a Small Company”
- Profit – WDR 5 (May 6, 2022): Handys: In Zukunft keine Passwörter mehr?
- ZEIT ONLINE (March 29, 2022): Der Traum vom passwortlosen Leben
For “Knock, Knock. Who’s There? On the Security of LG's Knock Codes”
- Fast Company (July 15, 2020): This technique was supposed to replace passwords. Turns out it's surprisingly easy to hack
- Deutschlandfunk Nova (July 15, 2020): Displaysperren: Knock Codes sind leicht zu knacken
For “This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs”
- Wer weiß denn sowas? – Das Erste (December 8, 2020): featured as quiz question in TV show
- Computer und Kommunikation – Deutschlandfunk (May 30, 2020): Smartphone-PINs sind viel zu oft einfach zu erraten
- Forbes (March 14, 2020): Warning: Are You Using One Of These 20 Dangerous Smartphone PINs?
- Süddeutsche Zeitung (March 13, 2020): Sechsstellige PINs sind nicht automatisch sicherer als vierstellige
- ZDNet (March 11, 2020): This Raspberry Pi-powered LEGO robot brute-force attacked an iPhone to find out what PIN codes are blacklisted
- Wired (March 7, 2020): Why you should never use pattern passwords on your phone
Invited Talks & Guest Lectures
- PasswordsCon (May 15, 2023): Something Is Rotten in the State of
DenmarkCalifornia – Understanding Users' Interaction with Login Notifications - Guest Lecture – Ruhr University Bochum (January 26, 2023): FIDO Authentication – Just a Passwordless Vision?
- Guest Lecture – Denver University (January 11, 2023): Understanding Users' Interaction with Login Notifications – An Ethical Persepective
- BLUES Lab Meeting (March 03, 2022): A Multi-Year Study on Fallback Authentication and Account Recovery
- PasswordsCon (November 23, 2020): Everything You Always Wanted to Know About PINs* (*But Were Afraid to Ask)