Usable Security Katharina Krombholz


Aktuell gibt es keine Neuigkeiten

[Advanced Lecture] Usable Security


In this lecture, you will learn about human-centric aspects of IT security. Besides research and design methods, you will learn about hot topics in usable security such as authentication, encryption and privacy. In particular, you will learn to

  • design user studies to study how humans interact with security & privacy technology with respect to threat models, 
  • collect, understand, evaluate qualitative & quantitative data,
  • interpret results and draw conclusions based on your data,
  • design new security and privacy technology that is better tied to the users' needs and values.

Prerequisites: CySec1/CySec2 or Security, Statistics. If you have not yet completed any security courses BUT have a strong background in human-computer interaction, psychology, or design you are still welcome to attend this interdisciplinary lecture. In that case, please contact us to directly to discuss whether this is the right course for you. 

Registration: 5 May - 14 May 19 May 2020, CMS (The registration has been extended due to the high demand and an additional 5 places are available on a first come first serve basis.)


When & Where?

The lecture will take place every Monday from 10.00-12.00, starting May 4th.
Location: (until further notice). Physical presence is not required during the semester, except for the final exam (see details below).



In total, you can reach 100 points in the course of this lecture: you may reach up to 50 points for solving graded assignments (see more information below) and 50 points for the exam. Additionally, you may collect 5 extra bonus points through mini assignments. Hence, your overall grade will consist of
  • graded assignments (50 points in total),
  • a written exam at the end of the semester (50 points),
  • and 3 mini-assignments to collect 5 extra points.

Minimum requirements to pass:

  • You need to receive a minimum of 26 points from the exam and 26 points from the 4 assignments.
  • Bonus points can be used to jump grades higher than 4.0. Note that you need to have a minimum of 52 points without bonus points to pass this course.

Graded Assignments 

You are expected to solve four assignments to deepen your knowledge from the lecture. Note that you need to receive a minimum of 26 points to be admitted to the written exam. The solutions must be submitted via CMS prior to the (sharp) deadline; assignments will cover the following topics:

  • Qualitative research methods (11.05 - 25.05)
  • Quantitative research methods (25.05 - 08.06)
  • User study design (15.06 - 29.06)
  • Design (29.06 - 13.07)


You are encouraged to discuss exercise sheets and ask us and other students for help if necessary. However, do not actually show your resulting work to each other if we did not explicitly tell you to do that.

Written Exam

The end of term exam will take place between July 20 and Aug 7 (which is the officially announced end of term exam period), the exact exam date will be announced in the coming weeks. Please note that physical presence is required! This may be subject to change if we cannot have written exams with physical presence!


The exam will consist of knowledge questions and scenarios that you are expected to solve. Those who fail the written exam will be able to take a re-take exam. You cannot take the re-exam if you have already passed final exam.


Lecture Overview & Topics

Please note that this a tentative timetable. Changes will be announced as news posts.

Date Topic Collaborative CryptPad
04.05.2020 Introduction and Organizational Aspects  
11.05.2020 Qualitative Methods​
18.05.2020 Quantitative Methods & Statistics 1​
(self study) Statistics Crash Course  
25.05.2020 Quantitative Methods & Statistics 2​
08.06.2020 User Study Design and Ethics  
15.06.2020 Measuring Humans, Bias  
22.06.2020 Design Methods  
29.06.2020 Authentication  
06.07.2020 Encryption  
13.07.2020 Privacy, Final Q&A  
TBA Written Exam  

Datenschutz | Impressum
Bei technischen Problemen wenden Sie sich bitte an die Administratoren