Sascha Fahl

Orcid: 0000-0002-5644-3316

Affiliations:
  • Leibniz University Hannover, Germany
  • CISPA Helmholtz Center for Information Security, Saarbrücken, Germany


According to our database1, Sascha Fahl authored at least 85 papers between 2011 and 2025.

Collaborative distances:

Timeline

Legend:

Book 
In proceedings 
Article 
PhD thesis 
Dataset
Other 

Links

Online presence:

On csauthors.net:

Bibliography

2025
"It's Not My Data Anymore": Exploring Non-Users' Privacy Perceptions of Medical Data Donation Apps.
Proc. Priv. Enhancing Technol., 2025

2024
Unraveling Challenges with Supply-Chain Levels for Software Artifacts (SLSA) for Securing the Software Supply Chain.
CoRR, 2024

How the Future Works at SOUPS: Analyzing Future Work Statements and Their Impact on Usable Security and Privacy Research.
CoRR, 2024

"You Received $100,000 From Johnny": A Mixed-Methods Study on Push Notification Security and Privacy in Android Apps.
IEEE Access, 2024

"You have to read 50 different RFCs that contradict each other": An Interview Study on the Experiences of Implementing Cryptographic Standards.
Proceedings of the 33rd USENIX Security Symposium, 2024

A Mixed-Methods Study on User Experiences and Challenges of Recovery Codes for an End-to-End Encrypted Service.
Proceedings of the 33rd USENIX Security Symposium, 2024

The Challenges of Bringing Cryptography from Research Papers to Products: Results from an Interview Study with Experts.
Proceedings of the 33rd USENIX Security Symposium, 2024

Everyone for Themselves? A Qualitative Study about Individual Security Setups of Open Source Software Contributors.
Proceedings of the IEEE Symposium on Security and Privacy, 2024

Committed to Trust: A Qualitative Study on Security and Trust in Open Source Software Projects.
Proceedings of the Software Engineering 2024, Fachtagung des GI-Fachbereichs Softwaretechnik, Linz, Austria, February 26, 2024

Always Contribute Back: A Qualitative Study on Security Challenges of the Open Source Supply Chain.
Proceedings of the Software Engineering 2024, Fachtagung des GI-Fachbereichs Softwaretechnik, Linz, Austria, February 26, 2024

Analyzing Security and Privacy Advice During the 2022 Russian Invasion of Ukraine on Twitter.
Proceedings of the CHI Conference on Human Factors in Computing Systems, 2024

Mental Models, Expectations and Implications of Client-Side Scanning: An Interview Study with Experts.
Proceedings of the CHI Conference on Human Factors in Computing Systems, 2024

Skipping the Security Side Quests: A Qualitative Study on Security Practices and Challenges in Game Development.
Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, 2024

Using AI Assistants in Software Development: A Qualitative Study on Security Practices and Concerns.
Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, 2024

2023
Securing Your Crypto-API Usage Through Tool Support - A Usability Study.
Dataset, September, 2023

Privacy Rarely Considered: Exploring Considerations in the Adoption of Third-Party Services by Websites.
Proc. Priv. Enhancing Technol., January, 2023

A Viewpoint on Human Factors in Software Supply Chain Security: A Research Agenda.
IEEE Secur. Priv., 2023

Lost and not Found: An Investigation of Recovery Methods for Multi-Factor Authentication.
CoRR, 2023

"Security is not my field, I'm a stats guy": A Qualitative Root Cause Analysis of Barriers to Adversarial Machine Learning Defenses in Industry.
Proceedings of the 32nd USENIX Security Symposium, 2023

Pushed by Accident: A Mixed-Methods Study on Strategies of Handling Secret Information in Source Code Repositories.
Proceedings of the 32nd USENIX Security Symposium, 2023

"I wouldn't want my unsafe code to run my pacemaker": An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust.
Proceedings of the 32nd USENIX Security Symposium, 2023

It's like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security.
Proceedings of the 44th IEEE Symposium on Security and Privacy, 2023

Privacy Mental Models of Electronic Health Records: A German Case Study.
Proceedings of the Nineteenth Symposium on Usable Privacy and Security, 2023

"Would You Give the Same Priority to the Bank and a Game? I Do Not!" Exploring Credential Management Strategies and Obstacles during Password Manager Setup.
Proceedings of the Nineteenth Symposium on Usable Privacy and Security, 2023

Securing Your Crypto-API Usage Through Tool Support - A Usability Study.
Proceedings of the IEEE Secure Development Conference, 2023

"Make Them Change it Every Week!": A Qualitative Exploration of Online Developer Advice on Usable and Secure Authentication.
Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023

"We've Disabled MFA for You": An Evaluation of the Security and Usability of Multi-Factor Authentication Recovery Deployments.
Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023

2022
They Would Do Better If They Worked Together: Interaction Problems Between Password Managers and the Web.
IEEE Secur. Priv., 2022

Committed by Accident: Studying Prevention and Remediation Strategies Against Secret Leakage in Source Code Repositories.
CoRR, 2022

"Please help share!": Security and Privacy Advice on Twitter during the 2022 Russian Invasion of Ukraine.
CoRR, 2022

Where to Recruit for Security Development Studies: Comparing Six Software Developer Samples.
Proceedings of the 31st USENIX Security Symposium, 2022

Committed to Trust: A Qualitative Study on Security & Trust in Open Source Software Projects.
Proceedings of the 43rd IEEE Symposium on Security and Privacy, 2022

27 Years and 81 Million Opportunities Later: Investigating the Use of Email Encryption for an Entire University.
Proceedings of the 43rd IEEE Symposium on Security and Privacy, 2022

How Does Usable Security (Not) End Up in Software Products? Results From a Qualitative Interview Study.
Proceedings of the 43rd IEEE Symposium on Security and Privacy, 2022

If You Can't Get Them to the Lab: Evaluating a Virtual Study Environment with Security Information Workers.
Proceedings of the Eighteenth Symposium on Usable Privacy and Security, 2022

2021
Why Eve and Mallory Still Love Android: Revisiting TLS (In)Security in Android Applications.
Proceedings of the 30th USENIX Security Symposium, 2021

A Large-Scale Interview Study on Information Security in and Attacks against Small and Medium-sized Enterprises.
Proceedings of the 30th USENIX Security Symposium, 2021

They Would do Better if They Worked Together: The Case of Interaction Problems Between Password Managers and Websites.
Proceedings of the 42nd IEEE Symposium on Security and Privacy, 2021

On the Limited Impact of Visualizing Encryption: Perceptions of E2E Messaging Security.
Proceedings of the Seventeenth Symposium on Usable Privacy and Security, 2021

Never ever or no matter what: Investigating Adoption Intentions and Misconceptions about the Corona-Warn-App in Germany.
Proceedings of the Seventeenth Symposium on Usable Privacy and Security, 2021

2020
From Needs to Actions to Secure Apps? The Effect of Requirements and Developer Practices on App Security.
Proceedings of the 29th USENIX Security Symposium, 2020

Cloudy with a Chance of Misconceptions: Exploring Users' Perceptions and Expectations of Security and Privacy in Cloud Office Suites.
Proceedings of the Sixteenth Symposium on Usable Privacy and Security, 2020

Listen to Developers! A Participatory Design Study on Security Warnings for Cryptographic APIs.
Proceedings of the CHI '20: CHI Conference on Human Factors in Computing Systems, 2020

2019
(Un)informed Consent: Studying GDPR Consent Notices in the Field.
Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, 2019

2018
Your Secrets Are Safe: How Browsers' Explanations Impact Misconceptions About Private Browsing Mode.
Proceedings of the 2018 World Wide Web Conference on World Wide Web, 2018

Better managed than memorized? Studying the Impact of Managers on Password Strength and Reuse.
Proceedings of the 27th USENIX Security Symposium, 2018

The Rise of the Citizen Developer: Assessing the Security Impact of Online App Generators.
Proceedings of the 2018 IEEE Symposium on Security and Privacy, 2018

Developers Deserve Security Warnings, Too: On the Effect of Integrated Security Advice on Cryptographic API Misuse.
Proceedings of the Fourteenth Symposium on Usable Privacy and Security, 2018

A Large Scale Investigation of Obfuscation Use in Google Play.
Proceedings of the 34th Annual Computer Security Applications Conference, 2018

2017
How Internet Resources Might Be Helping You Develop Faster but Less Securely.
IEEE Secur. Priv., 2017

Studying the Impact of Managers on Password Strength and Reuse.
CoRR, 2017

Lessons Learned from Using an Online Platform to Conduct Large-Scale, Online Controlled Security Experiments with Software Developers.
Proceedings of the 10th USENIX Workshop on Cyber Security Experimentation and Test, 2017

Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security.
Proceedings of the 2017 IEEE Symposium on Security and Privacy, 2017

Comparing the Usability of Cryptographic APIs.
Proceedings of the 2017 IEEE Symposium on Security and Privacy, 2017

Security Developer Studies with GitHub Users: Exploring a Convenience Sample.
Proceedings of the Thirteenth Symposium on Usable Privacy and Security, 2017

Developers Need Support, Too: A Survey of Security Advice for Software Developers.
Proceedings of the IEEE Cybersecurity Development, SecDev 2017, Cambridge, MA, USA, 2017

A Stitch in Time: Supporting Android Developers in WritingSecure Code.
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017

Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android.
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017

Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors.
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017

2016
On the importance of ecologically valid usable security research for end users and IT workers.
PhD thesis, 2016

An Empirical Study of Textual Key-Fingerprint Representations.
Proceedings of the 25th USENIX Security Symposium, 2016

You Get Where You're Looking for: The Impact of Information Sources on Code Security.
Proceedings of the IEEE Symposium on Security and Privacy, 2016

SoK: Lessons Learned from Android Security Research for Appified Software Platforms.
Proceedings of the IEEE Symposium on Security and Privacy, 2016

You are Not Your Developer, Either: A Research Agenda for Usable Security and Privacy Research Beyond End Users.
Proceedings of the IEEE Cybersecurity Development, 2016

2015
To Pin or Not to Pin-Helping App Developers Bullet Proof Their TLS Connections.
Proceedings of the 24th USENIX Security Symposium, 2015

SoK: Secure Messaging.
Proceedings of the 2015 IEEE Symposium on Security and Privacy, 2015

VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits.
Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015

2014
You Won't Be Needing These Any More: On Removing Unused Certificates from Trust Stores.
Proceedings of the Financial Cryptography and Data Security, 2014

Who's Afraid of Which Bad Wolf? A Survey of IT Security Risk Awareness.
Proceedings of the IEEE 27th Computer Security Foundations Symposium, 2014

Hey, NSA: Stay Away from my Market! Future Proofing App Markets against Powerful Attackers.
Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 2014

Why eve and mallory (also) love webmasters: a study on the root causes of SSL misconfigurations.
Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, 2014

2013
On the ecological validity of a password study.
Proceedings of the Symposium On Usable Privacy and Security, 2013

On the Acceptance of Privacy-Preserving Authentication Technology: The Curious Case of National Identity Cards.
Proceedings of the Privacy Enhancing Technologies - 13th International Symposium, 2013

Sorry, I Don't Get It: An Analysis of Warning Message Texts.
Proceedings of the Financial Cryptography and Data Security, 2013

Hey, You, Get Off of My Clipboard - On How Usability Trumps Security in Android Password Managers.
Proceedings of the Financial Cryptography and Data Security, 2013

Rethinking SSL development in an appified world.
Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, 2013

2012
All our messages are belong to us: usable confidentiality in social networks.
Proceedings of the 21st World Wide Web Conference, 2012

Confidentiality as a Service - Usable Security for the Cloud.
Proceedings of the 11th IEEE International Conference on Trust, 2012

Helping Johnny 2.0 to encrypt his Facebook conversations.
Proceedings of the Symposium On Usable Privacy and Security, 2012

Towards privacy-preserving access control with hidden policies, hidden credentials and hidden decisions.
Proceedings of the Tenth Annual International Conference on Privacy, Security and Trust, 2012

TrustSplit: usable confidentiality for social network messaging.
Proceedings of the 23rd ACM Conference on Hypertext and Social Media, 2012

Human-centric visual access control for clinical data management.
Proceedings of the 6th IEEE International Conference on Digital Ecosystems and Technologies, 2012

Towards measuring warning readability.
Proceedings of the ACM Conference on Computer and Communications Security, 2012

Why eve and mallory love android: an analysis of android SSL (in)security.
Proceedings of the ACM Conference on Computer and Communications Security, 2012

2011
TrustBox: A Security Architecture for Preventing Data Breaches.
Proceedings of the 19th International Euromicro Conference on Parallel, 2011


  Loading...