Paper accepted at IEEE S&P 2019

“If HTTPS Were Secure, I Wouldn’t Need 2FA – End User and Administrator Mental Models of HTTPS” by Katharina Krombholz (CISPA Helmholtz Center (i.G.)), Karoline Busse (University of Bonn), Katharina Pfeffer (SBA Research), Matthew Smith (University of Bonn) and Emanuel von Zezschwitz (University of Bonn) has been accepted at the 40th IEEE Symposium on Security and Privacy (IEEE S&P 2019). The paper investigates users’ and administrators’ mental models of HTTPS and how these interfere with secure configurations and usage behavior. The conference will be held from May 20-22, 2019 in San Francisco, CA.