Team
IT security is an important topic for the general public as well as organizations, and a wide range of cryptographic primitives, protocols, and tools have been developed and applied in practice for this purpose.
However, even systems that are technologically secure can become insecure when used incorrectly: Systems impose requirements on users that they cannot meet (e.g., memorability of strong passwords), interfaces that are poorly adapted to users (e.g., certificate warnings with high false-positive rates), or when users' mental models do not align with reality (e.g., misunderstandings of public-key cryptography in email encryption), and more. It is necessary to close this gap and make security-relevant software easier to use to achieve effective security for everyone.
Our work covers various topics in the field of Usable Security and Privacy, at the intersection of IT security, IT privacy, and the human factor. Particularly interesting are:
- how users interact with and utilize security-relevant software,
- how IT security and privacy software and tools are perceived,
- how software and tools can be designed to better align with users' abilities and goals, and
- developing new methods with better security and usability.
