The research group SECUSO (Security • Usability • Society) belongs to the Institute of Applied Informatics and Formal Description Methods (AIFB) of the Karlsruhe Institute of Technology (KIT). The group was founded in 2011 by Prof. Dr. Melanie Volkamer at the TU Darmstadt. SECUSO moved to the Karlsruhe Institute of Technology at the beginning of 2018. SECUSO is a member of Kastel, K-CIST and KD²Lab.

Paper accepted at SOUPS (26-05-2025)

The paper "'The more accounts I use, the less I have to think': A Longitudinal Study on the Usability of Password Managers for Novice Users" by Patricia Arias Cabarcos and Peter Mayer has been accepted for publication in the proceedings of the Twenty-First Symposium on Usable Privacy and Security (SOUPS 2025). The paper presents the results of a longitudinal study of the usability of password managers. SOUPS will take place August 10-12, 2025 in Seattle, WA, USA.

SOUPS 2025
SECUSO supports German HCI Event auf CHI 2025 (26-05-2025)

As one of more than 30 research groups, SECUSO supported this year's German HCI event at the conference Computer and Human Interaction (CHI 2025). This event is held every year in conjunction with the CHI conference, this year was no different and the event was held, on 30th April 2025 at the YOKOHAMA COAST garage+ in Yokohama, Japan. The event allowed participants of all academic levels as well as from industry and public organisations to network in an informal setting. Thanks a lot to the volunteers who made this great event possible.

About German HCI
Article accepted for publication in DuD (22-05-2025)

The article “Schwer erreichbar: security.txt an deutsche Hochschulen bringen" (Hard to reach: bringing security.txt to German universities) by Finn Eckstein, Ria Rosenauer, Pascal Huppert, Melanie Volkamer, and Dominik Herrmann has been accepted for publication in the journal Datenschutz und Datensicherheit (DuD). The article examines the use of the RFC 9116 standard at German universities. With the implementation of the standard, website operators can provide contact details for reporting security vulnerabilities. By notifying universities that have not implemented security.txt, the provision tripled, albeit at a very low level. The framing of the notification had no effect on the implementation. The article will appear in issue 8 of DuD.

About the journal
Playing your way to better cyber security: Digital card games at ZKM (21-05-2025)

How do you protect yourself online? The Digiloglounge N°4 exhibition, which took place from September 25, 2024 to January 5, 2025 at the ZKM (Center for Art and Media) Karlsruhe, provided answers to this question in an interactive way. The SECUSO research group presented two digital card games on the topics of phishing and password security. Visitors were able to try out the games on a large touch display. In the phishing game, they learn what to look out for in suspicious messages by combining parts of sentences. The password game enables users to choose a secure password for a work account by correctly matching suggestions and their security ratings. The interactive offers have already met with lively interest: The password game has been played 268 times and the phishing game 224 times. The aim of the games is to impart knowledge about how to deal with digital threats in a playful way.

More information on the exhibition