On Monday, April 7, 2025, guests from the Baden-Württemberg State Office for the Protection of the Constitution (LfV) visited the SECUSO research group. A lively exchange took place on the topics of phishing awareness, phishing reporting by employees, and vulnerability notifications. While SECUSO presented current research results from these areas, the guests reported on their practical experiences. Thank you for the interesting exchange!

The call for papers for this year’s European Symposium on Usable Security (EuroUSEC 2025) is published. Current contributions from the area of usable security have to be registered until Monday May 05, 2024. Submission deadline is Firday May, 09, 2025. As in previous years, EuroUSEC will be an independent event without affiliation to any conference. Accepted contributions will be published as part of the International Conference Proceeding Series (ICPS) by ACM. EuroUSEC 2025 will take place September 10 & 11, 2025 in Manchester, UK. Again, Anne Hennig supports the conference as member of the program commitee.

The technical project report "Project Report HSF Research Area 4 -Graphical Authentication on Augmented Reality" by Melanie Volkamer, Reyhan Duzgun, Tobias Hilt, Philipp Matheis and Peter Mayer has been published. In a between-subjects lab study with 126 participants, three different combinations of grid size and secret length for the “Things” authentication scheme were examined. While a two-row layout with a total of 10 images showed slight advantages over the other variants, the qualitative feedback indicates that the optimal user experience can be achieved by allowing users to adjust the grid size individually. This technical project report was written as part of the subtopic ‘Methods for Engineering Secure Systems’ of the Helmholtz Topic ‘Engineering Secure Systems (ESS)’.

On Wednesday, April 2, 2025, an awareness day on cybersecurity will take place at the TU Bergakademie Freiberg. Materials from the SECUSO research group on the topic of phishing will be used for the event. Our NoPhish materials were developed to help users better understand attacks in the form of fraudulent messages and learn how to protect themselves. NoPhish introduces the topic of phishing and shows how to recognize implausible, fraudulent messages, messages with dangerous links and messages with dangerous attachments.