Andreas Gutmann

t in

I'm a Marie Sklodowska-Curie Action Fellow, a PhD Student in the Information Security Research Group of the Department of Computer Science at University College London (UCL) and a researcher at OneSpan's Cambridge Innovation Centre. My research interest is at the intersection of FinTech, usability, security, and privacy. My PhD research is focused on authentication. I'm part of the Privacy&Us Marie Sklodowska-Curie Innovative Training Network. My supervisor is Dr. Steven J. Murdoch.

I occasionally write about my research on OneSpan's Reflections about online security blog and UCL's Bentham's Gaze blog.

I've been a visiting researcher in academia at University of Glasgow (2015, 2016), University of Tokyo (2016), Karlstad University (2016), and Goethe University Frankfurt (2017) and in industry at USECON – Experience design & consulting (2017). Previously, I've worked at Technische Universität Darmstadt and was a student assistant at Secorvo Security Consulting GmbH.

My work is supported by the EU Horizon 2020 Marie Sklodowska-Curie Innovative Training Network [grant number project 675730].


Warner, M., Gutmann, A., Sasse, M. A., Blandford, A., 2018. ``Privacy Unraveling Around Explicit HIV Status Disclosure Fields in the Online Geosocial Hookup App Grindr''. In Proceedings of the 21st ACM Conference on Computer-Supported Cooperative Work and Social Computing (CSCW 2018).

Volkamer, M., Gutmann, A., Renaud, K., Gerber, P. and Mayer, P., 2018. ``Replication Study: A Cross-Country Field Observation Study of Real World PIN Usage at ATMs and in Various Electronic Payment Scenarios''. In Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018).

Gutmann, A., Volkamer, M. and Renaud, K., 2016. ``Memorable And Secure: How Do You Choose Your PIN?''. In Proceedings of the Tenth International Symposium on Human Aspects of Information Security & Assurance (HAISA), pp. 156-166.

Gutmann, A., Renaud, K., Maguire, J., Mayer, P., Volkamer, M., Matsuura, K., and Müller-Quade, J., 2016. ``ZeTA - Zero-Trust Authentication: Relying on Innate Human Ability, Not Technology''. In 1st IEEE European Symposium on Security and Privacy (EuroS&P), pp. 357-371. IEEE.

Marky, K., Gutmann, A., Rack, P. and Volkamer, M., 2016. ``Privacy Friendly Apps-Making Developers Aware of Privacy Violations''. In 1st International Workshop on Innovations in Mobile Privacy and Security (IMPS), pp. 46-48.

Gutmann, A., Renaud, K., and Volkamer, K., 2015. ``Nudging Bank Account Holders Towards More Secure PIN Management''. Journal of Internet Technology and Secured Transaction (JITST), Vol. 4, No. 2, pp. 380-386.

Media and talks

Blog posts by me

New iOS 12 Feature Risks Exposing Users to Online Banking Fraud
Blog of OneSpan Inc. June, 27th 2018.

Security code AutoFill: is this new iOS feature a security risk for online banking?
Blog of the UCL Information Security Research Group. June, 8th 2018.

Selected media

Neues iOS 12 Feature bringt Bankkunden in Gefahr
Print edition Manage IT magazine (German), edition 7-8 2018, pp.48-49.

One of iOS 12's New Features Is Causing Concerns Over Online Banking Fraud
Where Consumers Come First Tech News. July, 3rd 2018.

iOS 12: Sicherheitsexperte warnt vor neuer SMS-Autofill-Funktion
Heise Online News (German). July, 3rd 2018.

iOS 12验证码自动填充很方便 但它安全吗? WeiPhone News (Chinese). July, 3rd 2018.

Researcher expresses concerns over iOS 12's new security code auto-fill feature
9to5mac Apple News. July, 2nd 2018.

Perverse Vulnerability from Interaction between 2-Factor Authentication and iOS AutoFill
Schneier on Security Blog by Bruce Schneier. June, 20th 2018.


Memorable And Secure: How Do You Choose Your PIN?. Tenth International Symposium on Human Aspects of Information Security & Assurance. July, 21st 2016.

Human Factors in PIN Security. Social ICT Research Center at University of Tokyo, Japan, (Japanese). June, 22th 2016.

ZeTA - Zero-Trust Authentication: Relying on Innate Human Ability, not Technology. European Symposium on Security and Privacy (EuroS&P 2016). March, 24th 2016.

Teaching and supervision

University College London

Master-Thesis co-supervisior of Xiaofei Hu: `Gamification of running Tor server' (2018, UCL)

Master-Thesis co-supervisior of Sabina Sandia: `Payment Fraud Evaluation Platform' (2018, UCL)

University of Darmstadt

Organiser and primary lecturer of seminar 'Security, Usability and Society' (WS 2015/16, University of Darmstadt)

Guest speaker at seminar of Constantin A. Rothkopf 'Forschungs- und Anwedungsgebiete von Psychologie in IT' (WS 2015/16, University of Darmstadt)

Bachelor-Thesis co-supervisior of Sergej Reißig: `Sicherheits- und Benutzbarkeitsuntersuchungen von Strategien zum Merken von Passwörtern' (2015, University of Darmstadt)

University of Glasgow

Guest speaker on Insecure Communications during lecture 'Human Centred Security' by Joseph Maguire (Session 2015-2016, University of Glasgow)

Academic services

Reviewer for several journals and conferences.