• Home
  • Stephan Wiefling
Stephan Wiefling

Stephan Wiefling

Doctor of Engineering
You can access all my publications (full-text PDFs) at stephanwiefling.de

About

63
Publications
11,349
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
303
Citations
Introduction
Stephan Wiefling is a researcher of H-BRS University of Applied Sciences. He has a doctor of engineering (Dr.-Ing.) from Ruhr University Bochum. Stephan's current research spans areas of Authentication, Usability, and Privacy.

Publications

Publications (63)
Conference Paper
Full-text available
Risk-based authentication (RBA) is an adaptive security measure to strengthen password-based authentication. RBA monitors additional implicit features during password entry such as device or geolocation information, and requests additional authentication factors if a certain risk level is detected. RBA is recommended by the NIST digital identity gu...
Conference Paper
Full-text available
Risk-based Authentication (RBA) is an adaptive security measure that improves the security of password-based authentication by protecting against credential stuffing, password guessing, or phishing attacks. RBA monitors extra features during login and requests for an additional authentication step if the observed feature values deviate from the usu...
Conference Paper
Risk-based Authentication (RBA) is an adaptive security measure to strengthen password-based authentication. RBA monitors additional features during login, and when observed feature values differ significantly from previously seen ones, users have to provide additional authentication factors such as a verification code. RBA has the potential to off...
Chapter
Full-text available
Risk-based authentication (RBA) aims to strengthen password-based authentication rather than replacing it. RBA does this by monitoring and recording additional features during the login process. If feature values at login time differ significantly from those observed before, RBA requests an additional proof of identification. Although RBA is recomm...
Article
Full-text available
Risk-based authentication (RBA) aims to protect users against attacks involving stolen passwords. RBA monitors features during login, and requests re-authentication when feature values widely differ from those previously observed. It is recommended by various national security organizations, and users perceive it more usable than and equally secure...
Preprint
Full-text available
HTTP client hints are a set of standardized HTTP request headers designed to modernize and potentially replace the traditional user agent string. While the user agent string exposes a wide range of information about the client's browser and device, client hints provide a controlled and structured approach for clients to selectively disclose their c...
Conference Paper
Risk-based authentication (RBA) is used in online services to protect user accounts from unauthorized takeover. RBA commonly uses contextual features that indicate a suspicious login attempt when the characteristic attributes of the login context deviate from known and thus expected values. Previous research on RBA and anomaly detection in authenti...
Thesis
Full-text available
Weaknesses in password-based authentication have always shaken password security, especially with the rise of data breaches. Credential stuffing and password spraying attacks automatically enter leaked login credentials (username and password) on literally all websites worldwide, in the hope that users re-used them. Other attacks involving machine...
Preprint
Online services have difficulties to replace passwords with more secure user authentication mechanisms, such as Two-Factor Authentication (2FA). This is partly due to the fact that users tend to reject such mechanisms in use cases outside of online banking. Relying on password authentication alone, however, is not an option in light of recent attac...
Chapter
Full-text available
Users should always play a central role in the development of (software) solutions. The human-centered design (HCD) process in the ISO 9241-210 standard proposes a procedure for systematically involving users. However, due to its abstraction level, the HCD process provides little guidance for how it should be implemented in practice. In this chapte...
Chapter
Digital ecosystems are driving the digital transformation of business models. Meanwhile, the associated processing of personal data within these complex systems poses challenges to the protection of individual privacy. In this paper, we explore these challenges from the perspective of digital ecosystems’ platform providers. To this end, we present...
Preprint
Full-text available
Risk-based authentication (RBA) extends authentication mechanisms to make them more robust against account takeover attacks, such as those using stolen passwords. RBA is recommended by NIST and NCSC to strengthen password-based authentication, and is already used by major online services. Also, users consider RBA to be more usable than two-factor a...
Preprint
Full-text available
Risk-based authentication (RBA) aims to protect users against attacks involving stolen passwords. RBA monitors features during login, and requests re-authentication when feature values widely differ from previously observed ones. It is recommended by various national security organizations, and users perceive it more usable and equally secure than...
Conference Paper
Risk-based authentication (RBA) extends authentication mechanisms to make them more robust against account takeover attacks, such as those using stolen passwords. RBA is recommended by NIST and NCSC to strengthen password-based authentication, and is already used by major online services. Also, users consider RBA to be more usable than two-factor a...
Article
Software developers build complex systems using plenty of third-party libraries. Documentation is key to understand and use the functionality provided via the libraries APIs. Therefore, functionality is the main focus of contemporary API documentation, while cross-cutting concerns such as security are almost never considered at all, especially when...
Conference Paper
Full-text available
Threats to passwords are still very relevant due to attacks like phishing or credential stuffing. One way to solve this problem is to remove passwords completely. User studies on passwordless FIDO2 authentication using security tokens demonstrated the potential to replace passwords. However, widespread acceptance of FIDO2 depends, among other thing...
Article
Risk-based authentication (RBA) is an adaptive security measure used to strengthen password-based authentication against account takeover attacks. Our study on 65 participants shows that users find RBA more usable than two-factor authentication equivalents and more secure than password-only authentication.
Preprint
Full-text available
Threats to passwords are still very relevant due to attacks like phishing or credential stuffing. One way to solve this problem is to remove passwords completely. User studies on passwordless FIDO2 authentication using security tokens demonstrated the potential to replace passwords. However, widespread acceptance of FIDO2 depends, among other thing...
Conference Paper
Risk-based authentication (RBA) aims to strengthen password based authentication rather than replacing it. RBA does this by monitoring and recording additional features during the login process. If feature values at login time differ significantly from those observed before, RBA requests an additional proof of identification. Although RBA is recomm...
Preprint
Risk-based authentication (RBA) aims to strengthen password-based authentication rather than replacing it. RBA does this by monitoring and recording additional features during the login process. If feature values at login time differ significantly from those observed before, RBA requests an additional proof of identification. Although RBA is recomm...
Preprint
Risk-based Authentication (RBA) is an adaptive security measure to strengthen password-based authentication. RBA monitors additional features during login, and when observed feature values differ significantly from previously seen ones, users have to provide additional authentication factors such as a verification code. RBA has the potential to off...
Preprint
Full-text available
Risk-based Authentication (RBA) is an adaptive security measure that improves the security of password-based authentication by protecting against credential stuffing, password guessing, or phishing attacks. RBA monitors extra features during login and requests for an additional authentication step if the observed feature values deviate from the usu...
Preprint
Full-text available
Risk-based authentication (RBA) is an adaptive security measure to strengthen password-based authentication. RBA monitors additional implicit features during password entry such as device or geolocation information, and requests additional authentication factors if a certain risk level is detected. RBA is recommended by the NIST digital identity gu...
Conference Paper
Full-text available
Risikobasierte Authentifizierung (RBA) ist eine adaptive Sicherheitsmaßnahme zur Stärkung passwortbasierter Authentifizierung. Sie zeichnet Merkmale während des Logins auf und fordert zusätzliche Authentifizierung an, wenn sich Ausprägungen dieser Merkmale signifikant von den bisher bekannten unterscheiden. RBA bietet das Potenzial für gebrauchstau...
Conference Paper
Online services such as social networks, online shops, and search engines deliver different content to users depending on their location, browsing history, or client device. Since these services have a major influence on opinion forming, understanding their behavior from a social science perspective is of greatest importance. In addition, technical...
Conference Paper
Full-text available
Software development is a complex task. Merely focussing on functional requirements is not sufficient any more. Developers are responsible to take many non-functional requirements carefully into account. Security is amongst the most challenging, as getting it wrong will result in a large user-base being potentially at risk. A similar situation exis...
Article
Full-text available
Zusammenfassung Der Beitrag stellt Konzepte und Modelle von Blockchain-Anwendungen außerhalb des Finanzbereichs vor. Die Anwendungsgebiete reichen derzeit vom Schutz persönlicher Daten bis zur Sicherung und Überwachung von Nahrungsmittelproduktionsketten.
Article
Full-text available
Audio watermarking is a widely used technology to hide information about the reciever of an audiofile inside the time-or spectral components of the original audiosignal, with the aim of being imperceptible to the human auditory system. If the watermarked audiofile appears illegal on the Inter-net, the unauthorized circulator of the audiomaterial ca...
Conference Paper
Full-text available
The auralization of acoustic environments applying dynamic binaural synthesis can be used for multiple applications. Circular sets of binaural room impulse responses (BRIRs) are often acquired by performing measurements with rotated dummy heads. This procedure is rather costly and therefore not always feasible in practice. Recently, an approach to...
Conference Paper
Full-text available
Für viele Anwendungenim Bereich auditiver virtueller Umgebungenwerden Räume kopfhörerbasiert unter Nutzung der dynamischen Binauralsynthese auralisiert. Hierbei ist nicht immer eine authentische Darbie- tung notwendig, häufig reicht die Erzeugung eines plausiblen Höreindruckes aus. Die messtechnische Erfassung der hierfür erforderlichen Datensätze...

Network

Cited By