Lydia Kraus
 Scholar    Office A402, FI MU

PV 206 Communication and Soft Skills

Scientific services
WAY 2017, 2018 (PC Member)
STAST 2017, 2018 (PC Member)
USEC 2017 (Reviewer)
EuroUSEC 2016, 2019, 2020, 2021 (Reviewer\ PC Member)
CT2CM 2012, 2013 (PC Member)
Privacy Berlin 2013-2017 (Organizing Committee Member)
Cyberspace 2019, 2021 (Usable Security Session Chair)

My projects
TLS Warning Collector
User management of multiple e-mail accounts

Dr.-Ing. Lydia Kraus

I'm a senior researcher at the Cyber Security Incident Response Team (CSIRT-MU) at the Institute of Computer Science at Masaryk University in Brno, Czech Prepublic. Before that, I was a postdoctoral researcher in usable security at the Centre for Research on Cryptography and Security at Masaryk University.

Current aim of my research

“I aim to design security solutions for end-users and developers that strike an optimal balance between security and usability and offer an added value in the everyday life of their users.”

I obtained my Doctor of Engineering (Dr.-Ing., Ph.D. equivalent) from Technical University of Berlin in 2017 with a thesis on the user experience with security and privacy mechanisms on smartphones. From 2013 to 2017, I was employed at Technical University of Berlin as a researcher at the Quality and Usability Lab which was also part of Telekom Innovation Labs. During this time, I was also a fellow of Software Campus, a professional development program for future IT executives (2015-2017). From 2010 to 2012, I had the pleasure to gain a lot of interesting impressions while living and working abroad as a researcher at the Mihajlo Pupin Institute in Belgrade, Serbia, in the field of IT-supported emergency management. I received my Diploma degree (Dipl.-Ing., M.Sc. equivalent) in Electrical engineering and Information Technology with a major in Communications engineering from Technical University of Munich (TUM) in 2009.

Experiences are episodes in our everyday life that help us to learn and make sense of the world. They usually go along with intense emotions - shaping us, our opinions, and our relationships with others. Using technology can provide people with experiences, too. In order to design technology in an optimal way, we need to understand which experiences people had and have with technology and how we can shape these experiences in a positive way.

My main interest is to understand users' and developers' experiences with security and privacy mechanisms. A focus of my work has been on smartphone security. Together with colleagues from TU Berlin and Ben Gurion University, Israel, we have investigated how users generally feel about smartphone security and privacy (see our paper, published at MoST 2015). To further understand what motivates users to deploy security and privacy mechanisms on their smartphone, we have investigated how psychological needs motivate usage and shape experiences (see our article, published in the Journal of Information Security and Applications, 2017). Together with colleagues from TU Berlin, Ulm University, and University of Michigan, we've further explored how Emoji-based mobile authentication performs in the wild (see our paper, published at IFIP SEC 2017; a short summary of the paper is also available in the Conversation). A survey about user experience in authentication research is also provided in our PQS 2016 paper.

I'm working with Martin Ukrop on investigating the usability of cryptographic APIs, thus exploring IT professionals as a user group. Besides that, we're building a tool for the automatic collection of browser warnings (see projects on the left). I'm further supervising a user research project on online account security and fallback authentication (updates will follow soon).


  • Even if users do not read security directives, their behavior is not so catastrophic
    Vashek Matyas, Kamil Malinka, Lydia Kraus, Lenka Knapova and Agata Kruzikova,
    Communications of the ACM, ACM, 2022, 37–40.
    Keywords: usablesec, directive, DOI website, BibTeX
  • Usability Insights from Establishing TLS Connections
    Lydia Kraus, Matej Grabovsky, Martin Ukrop, Katarina Galanska and Vashek Matyas,
    ICT Systems Security and Privacy Protection, Springer International Publishing, 2022.
    Keywords: usablesec, pre-print PDF, DOI website, BibTeX


  • How Do Users Chain Email Accounts Together?
    Lydia Kraus, Maria Svidronova and Elizabeth Stobert,
    IFIP International Conference on ICT Systems Security and Privacy Protection, Springer, Cham, 2021, .
    Keywords: usablesec, pre-print PDF, BibTeX


  • Evolution of SSL/TLS Indicators and Warnings in Web Browsers
    Lydia Kraus, Martin Ukrop, Vashek Matyas and Tobias Fiebig,
    27th International Workshop on Security Protocols (SPW 2019), Springer International Publishing, 2020, 267–280.
    Keywords: usablesec, pre-print PDF, DOI website, BibTeX
  • Will You Trust This TLS Certificate? Perceptions of People Working in IT (Extended Version)
    Martin Ukrop, Lydia Kraus and Vashek Matyas,
    Digital Threats: Research and Practice, Association for Computing Machinery, 2020.
    Keywords: usablesec, red-hat, pre-print PDF, DOI website, BibTeX


  • Will You Trust This TLS Certificate? Perceptions of People Working in IT
    Martin Ukrop, Lydia Kraus, Vashek Matyas and Heider Ahmad Mutleq Wahsheh,
    Proceedings of the 35rd Annual Computer Security Applications Conference (ACSAC'2019), ACM, 2019.
    Keywords: usablesec, red-hat, pre-print PDF, DOI website, BibTeX