Florian AltUniversität der Bundeswehr München · Forschungsinstitut CODE
Florian Alt
Ph.D.
About
318
Publications
122,751
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
8,693
Citations
Introduction
Florian Alt is a Professor for Computer Science at the Bundeswehr University Munich. He is head of the Usable Security and Privacy Group, which is part of the Research Institute CODE.
Florian is interested in how secure systems can be designed that blend with the way in which users interact with computing devices. In particular, his research focuses on understanding users’ behavior in security critical contexts, in building security mechanisms based on users’ behavior (behavioral biometrics), in leveraging users’ physiology to both enhance existing security mechanisms as well as build novel security mechanisms (physiological security) and in understanding and investigating threats that emerge from novel ubiquitous technologies (ubiquitous security).
Skills and Expertise
Publications
Publications (318)
In this paper we assess how well users know biometric authentication methods, how they perceive them, and if they have misconceptions about them. We present the results of an online survey that we conducted in two rounds (2019, N=57; and 2023, N=47) to understand the impact of the increasing availability of biometrics on their use and perception. T...
We developed an Android phone unlock mechanism utilizing facial recognition and specific mimics to access a specially secured portion of the device, designed for plausible deniability. The widespread adoption of biometric authentication methods, such as fingerprint and facial recognition, has revolutionized mobile device security, offering enhanced...
Many important decisions in our everyday lives, such as authentication via biometric models, are made by Artificial Intelligence (AI) systems. These can be in poor alignment with human expectations, and testing them on clear-cut existing data may not be enough to uncover those cases. We propose a method to find samples in the latent space of a gene...
Current phishing countermeasures depend strongly on vision, often inadequate for screen reader users. We conducted 10 semistructured interviews and 14 lab-based sessions with screen reader users to understand their phishing experiences and defenses.
Discussions on the “Metaverse” today more often than not home is on the question of when this vision is going to become a reality—rather than questioning whether this will ever happen. In addition, there is agreement among experts that head-mounted mixed reality (XR) displays will become the main pervasive technology enabling participation in the m...
Persistent digital identities allow individuals to prove who they are across the Internet. For decades, individuals have relied on large identity providers (e. g., Google and Facebook). In recent years, the advent of so-called self-sovereign identities (SSI) has increasingly been approved by national governments. This decentralized approach provide...
A substantial number of Virtual Reality (VR) users (studies report 30–80%) suffer from cyber sickness, a negative experience caused by a sensory mismatch of real and virtual stimuli. Prior research proposed different mitigation strategies. Yet, it remains unclear how effectively they work, considering users’ real-world susceptibility to motion sick...
Passwords are a popular means of authentication for online accounts, but users struggle to compose and remember numerous passwords, resorting to insecure coping strategies. Prior research on graphical authentication schemes showed that modifying the interface can encourage more secure passwords. In this study (\(N=59\)), we explored the use of impl...
How can we design the user interfaces for augmented reality (AR) so that we can interact as simple, flexible and expressive as we can with smartphones in one hand? To explore this question, we propose PalmGazer as an interaction concept integrating eye-hand interaction to establish a singlehandedly operable menu system. In particular, PalmGazer is...
Users are the last line of defense as phishing emails pass filter mechanisms. At the same time, phishing emails are designed so that they are challenging to identify by users. To this end, attackers employ techniques, such as eliciting stress, targeting helpfulness, or exercising authority, due to which users often miss being manipulated out of mal...
We kindly want to invite you to our course at CHI 2023. Authentication through Behavioral Biometrics promises to form the future of Human-to-Machine authentication. Our course at CHI introduces the topic, methodology, and helps in creating novel academic works. More information at www.Behavioral-Biometrics.org
In this work, we explore the use of force induced through electromagnets to influence finger movement while using a keyboard. To achieve this we generate a magnetic field below a keyboard and place a permanent magnet on the user’s finger as a minimally invasive approach to dynamically induce variable force. Contrary to other approaches our setup ca...
We propose a novel method for seamlessly identifying users by combining thermal and visible feet features. While it is known that users’ feet have unique characteristics, these have so far been underutilized for biometric identification, as observing those features often requires the removal of shoes and socks. As thermal cameras are becoming ubiqu...
In this paper, we investigate the impact of avatar personalization on perceived emotions. Avatar embodiment is a crucial aspect of collaborative and social virtual reality (VR) systems. Previous research found that avatar appearance impacts the acceptability of the virtual body and changes users’ behavior. While virtual embodiment has been extensiv...
Blockchain technology is believed to have a potential for innovation comparable to the early internet. However, it is difficult to understand, learn, and use. A particular challenge for teaching software engineering of blockchain applications is identifying suitable use cases: When does a decentralized application running on smart contracts offer a...
User studies on human augmentation nowadays frequently involve virtual reality (VR) technology. This is because VR studies allow augmentations of the human body or senses to be evaluated virtually without having to develop elaborate physical prototypes. However, there are many challenges in VR studies that stem from a multitude of factors. In this...
An increasing number of devices and sensors in the environments we access daily are capable of collecting personal data about us. Surveillance cameras in public spaces, smart speakers in friends’ living rooms, or smartphones carried by individuals are just a few examples. At the same time, many users are unaware of sensors being in place, in partic...
Video-based online meetings and, ultimately, the amount of private information that is shared – intentionally or accidentally – increased as a result of the COVID-19 pandemic. For example, online teaching might reveal lecturers’ private environment to students or business meetings might provide insights about employees’ family relationships. This r...
Existing software-based smart home privacy mechanisms are frequently indirect and cumbersome to use. We developed PriKey, a tangible privacy mechanism for smart homes that offers intuitive, device-independent, sensor-based, and user-centric privacy control. To render our concept comprehensible, we implemented a demonstration consisting of Wizard-of...
Cryptocurrencies have the potential to improve financial inclusion. However, the technology is complex to understand and difficult to use. Human-Computer-Interaction (HCI) can play a vital role in improving accessibility by identifying and overcoming challenges that hold users back. However, most HCI studies have focused only on Bitcoin and Ethereu...
There is an increasingly diverse range of smart-contract blockchains on which decentralized applications (dApps) are built. However, HCI research has so far failed to address them, focusing primarily on Bitcoin and Ethereum. This is problematic as these new blockchains come with an increasingly diverse set of properties that influence the usability...
The increasing number of smart devices installed in our homes poses privacy risks for inhabitants and visitors. However, individuals face difficulties counteracting privacy intrusions due to missing controls, incorrect mental models, and limitations in their level of expertise. We present PriKey, a concept for device-independent and easy-to-use tan...
The growing use of supervised machine learning in research and industry has increased the need for labeled datasets. Crowdsourcing has emerged as a popular method to create data labels. However, working on large batches of tasks leads to worker fatigue, negatively impacting labeling quality. To address this, we present TruEyes, a collaborative crow...
This paper contributes to our understanding of user-centered attacks on smartphones. In particular, we investigate the likelihood of so-called shoulder surfing attacks during touch-based unlock events and provide insights into users’ views and perceptions. To do so, we ran a two-week in-the-wild study (N=12) in which we recorded images with a 180-d...
Augmented Reality (AR), Virtual Reality (VR), Mixed Reality, and Extended Reality (often – misleadingly – abbreviated as XR) are commonly used terms to describe how technologies generate or modify reality. However, academics and professionals have been inconsistent in their use of these terms. This has led to conceptual confusion and unclear demarc...
We introduce a novel one-handed input technique for mobile devices that is not based on pointing, but on motion matching -where users select a target by mimicking its unique animation. Our work is motivated by the findings of a survey (N=201) on current mobile use, from which we identify lingering opportunities for one-handed input techniques. We f...
Thermal cameras are becoming a widely available consumer technology. Several smartphones are already equipped with thermal cameras, and integration with personal devices is expected. This will enable compelling application areas for consumers, such as in-home security, energy-saving, non-invasive ways of child care, and home maintenance. However, t...
Handheld mobile devices store a plethora of sensitive data, such as private emails, personal messages, photos, and location data. Authentication is essential to protect access to sensitive data. However, the majority of mobile devices are currently secured by singlemodal authentication schemes which are vulnerable to shoulder surfing, smudge attack...
The ongoing Covid-19 pandemic has impacted our everyday lives and demands everyone to take countermeasures such as wearing masks or disinfecting their hands. However, while previous work suggests that these countermeasures may profoundly impact biometric authentication, an investigation of the actual impact is still missing. Hence, in this work, we...
The COVID-19 pandemic created unprecedented questions for touch-based public displays regarding hygiene, risks, and general awareness. We study how people perceive and consider hygiene on shared touchscreens, and how touchscreens could be improved through hygiene-related functions. First, we report the results from an online survey (n = 286). Secon...
Visitors in smart homes might want to use certain device features, as far as permitted by the device owner (e.g., streaming music on a smart speaker). At the same time, protecting access to features from attackers is crucial, motivating a need for authentication. However, it is unclear if and how smart home visitors should authenticate as they usua...
We present a systematic literature review of cryptocurrency and blockchain research in Human-Computer Interaction (HCI) published between 2014 and 2021. We aim to provide an overview of the field, consolidate existing knowledge, and chart paths for future research. Our analysis of 99 articles identifies six major themes: (1) the role of trust, (2)...
The voluntary carbon market is an important building block in the fight against climate change. However, it is not trivial for consumers to verify whether carbon offset projects deliver what they promise. While technical solutions for measuring their impact are emerging, there is a lack of understanding of how to translate this data into interface...
We explore how attackers behave during shoulder surfing. Unfortunately, such behavior is challenging to study as it is often opportunistic and can occur wherever potential attackers can observe other
people’s private screens. Therefore, we investigate shoulder surfing
using virtual reality (VR). We recruited 24 participants and observed
their behav...
We investigate opportunities and challenges of running virtual reality (VR) studies remotely. Today, many consumers own head-mounted displays (HMDs), allowing them to participate in scientific studies from their homes using their own equipment. Researchers can benefit from this approach by being able to recruit study populations normally out of the...
Cryptocurrencies have gained popularity in recent years. However, for many users, keeping ownership of their cryptocurrency is a complex task. News reports frequently bear witness to scams, hacked exchanges, and fortunes beyond retrieval. However, we lack a systematic understanding of user-centered cryptocurrency threats, as causes leading to loss...
Augmented Reality (AR), Virtual Reality (VR), Mixed Reality (MR), and Extended Reality (often – misleadingly – abbreviated as XR) are terms commonly used to describe how technologies generate or modify reality. However, academics and professionals have been inconsistent in their use of these terms, which in turn has led to conceptual ambiguity and...
Virtual Reality (VR) remote collaboration is becoming more and more relevant in a wide range of scenarios, such as remote assistance or group work. A way to enhance the user experience is using haptic props that make virtual objects graspable. But physical objects are only present in one location and cannot be manipulated directly by remote users....
Shoulder surfing is an omnipresent risk for smartphone users. However, investigating these attacks in the wild is difficult because of either privacy concerns, lack of consent, or the fact that asking for consent would influence people’s behavior (e.g., they could try to avoid looking at smartphones). Thus, we propose utilizing 360-degree videos in...
Affective technology offers exciting opportunities to improve road safety by catering to human emotions. Modern car interiors enable the contactless detection of user states, paving the way for a systematic promotion of safe driver behavior through emotion regulation. We review the current literature regarding the impact of emotions on driver behav...
Wearables capture physiological user data, enabling novel user interfaces that can identify users, adapt to the user state, and contribute to the quantified self. At the same time, little is known about users’ perception of this new technology. In this paper, we present findings from a user study (N = 36) in which participants used an electromyogra...
This paper presents the results of an empirical study and a real-world deployment of a gaze-adaptive UI for Augmented Reality (AR). AR introduces an attention dilemma between focusing on the reality vs. on AR content. Past work suggested eye gaze as a technique to open information interfaces, however there is only little empirical work. We present...
In this paper, we explore how state-of-the-art methods of emotion elicitation can be adapted in virtual reality (VR). We envision that emotion research could be conducted in VR for various benefits, such as switching study conditions and settings on the fly, and conducting studies using stimuli that are not easily accessible in the real world such...
In this paper, we investigate how mismatches between biological gender and avatar gender affect interpersonal distance (IPD) in virtual reality (VR). An increasing number of VR experiences and online platforms like Rec Room and VRChat allow users to assume other genders through customized avatars. While the effects of acquaintanceship and gender ha...
In this paper, we investigate how changes in the saliency of the Virtual Environment (VE) affect our visual attention during different tasks. We investigate if users are attracted to the most salient regions in the VE. This knowledge will help researchers design optimal VR environments, purposefully direct the attention of users, and avoid unintent...
Cryptocurrencies have increasingly gained interest in practice and research alike. Current research in the HCI community predominantly focuses on understanding the behavior of existing cryptocurrency users. Little attention has been given to early users and the challenges they encounter. However, understanding how interfaces of cryptocurrency syste...
Engaging first-time users of mobile apps is challenging. Onboarding task flows are designed to minimize the drop out of users. To this point, there is little scientific insight into how to design these task flows. We explore this question with a specific focus on financial applications, which pose a particularly high hurdle and require significant...
We investigate the use of gaze behaviour as a means to assess password strength as perceived by users. We contribute to the effort of making users choose passwords that are robust against guessing-attacks. Our particular idea is to consider also the users’
understanding of password strength in security mechanisms. We demonstrate how eye tracking ca...
We investigate how problems in understanding text – specifically a
word or a sentence – while filling in questionnaires are reflected in
gaze behaviour. To identify text comprehension problems, while
filling a questionnaire, and their correlation with the gaze features,
we collected data from 42 participants. In a follow-up study (N=30),
we evoked...
Motor skills are omnipresent in our daily lives. Humans seek to learn new skills or improve existing ones. In this work, we explore how the actuation of the human body can be used to augment motor skills. We present GeniePutt, which augments the human performance via electrical muscle stimulation (EMS). We conducted a user study in which we control...
There are many situations where using personal devices is not socially acceptable, or where nearby people present a privacy risk. For these situations, we explore the concept of hidden interaction techniques through two prototype applications. HiddenHaptics allows users to receive information through vibrotactile cues on a smartphone, and HideWrite...
ActPad is a desk pad, capable of sensing capacitive touch input in desk setups. Our prototype can sense touches on both, its electrodes and on connected objects. ActPad’s interaction-space is customizable, allowing easy integration and extension of existing desk environments. In smart environments, users may interact with more than one device at th...
Virtual Reality (VR) is becoming increasingly popular both in the entertainment and professional domains. Behavioral biometrics have recently been investigated as a means to continuously and implicitly identify users in VR. VR applications can specifically benefit from this, for example, to adapt the environment and user interface as well as to aut...
We present a system, predicting the point in time when users of a public display are about to leave. The ability to react to users' intention to leave is valuable for researchers and practitioners alike: users can be presented additional content with the goal to maximize interaction times; they can be offered a discount coupon for redemption in a n...