The 5th European Workshop on Usable Security
June 15, 2020 September 7, 2020 - Genova, Italy Online

June 19 updates: As previously announced, the 2020 IEEE European Symposium on Security and Privacy (EuroS&P) and all co-located workshops, including EuroUSEC 2020, have been rescheduled to September 7-11, 2020, with EuroUSEC being held on September 7th. While originally scheduled to take place in Genova, Italy, it was recently announced that EuroS&P and all associated workshops will be held entirely online on the scheduled days.

This year saw a record number of 44 unique submissions across the two submission deadlines offered. A total of 18 papers (6 submitted to the first deadline and 12 submitted to the second) have been accepted. As the authors submit their final versions in the coming days, we will update this website to contain PDFs of all accepted papers and a timeline/full schedule of the workshop day. Registration for EuroUSEC will be handled as part of the EuroS&P registration process (we are a pre-conference workshop). At the time we are writing this, the online registration system has not yet opened.

COVID-19 Update (May 17): As previously announced, the 2020 IEEE European Symposium on Security and Privacy and all co-located workshops, including EuroUSEC 2020, have been rescheduled to September 7-11, 2020 in Genova, Italy. Due to the global pandemic and the workshop being rescheduled, we are continuing to offer a second submission deadline that requires mandatory paper registration by June 2nd, 2020, with paper submission by June 5th, 2020. The submission system is now open for the June deadline. For reference, 6 of the 19 submissions to our first deadline were accepted.

As with the organizers of most events, we are closely monitoring the evolution of the pandemic. While the event is still scheduled to be held in person in September as of now, we are also making contingency plans. If the event is indeed held in person, we will offer the opportunity for remote presentations and remote attendance. That is, anyone who does not feel comfortable attending in person will be able to attend virtually. If it becomes clear that it is infeasible to hold an event in person, we would decide to hold a synchronous remote workshop on the scheduled day, though we have not yet made such a decision.

March 17th update: We have confirmed that papers accepted through our supplemental deadline in June will also be published through IEEE. We have received 19 submissions to the first deadline, and we are looking forward to receiving additional submissions to the supplemental deadline.

The 2020 IEEE European Symposium on Security and Privacy (including EuroUSEC 2020 and all other co-located workshops) is being rescheduled to September 7-11, 2020 in Genova, Italy. IEEE has been monitoring the developing COVID-19. The safety and well-being of IEEE European Symposium on Security and Privacy 2020 conference participants is our priority. After studying and evaluating the announcements, guidance, and news released by relevant national departments, we are rescheduling the conference dates from June 16-18, 2020 in Genova, Italy to September 7-11, 2020 in Genova, Italy. We thank you for your understanding.

March 12th update: We know that the worldwide COVID-19 situation is causing stress and disruption for many of you. We have decided to announce that we will be offering a second submission deadline for EuroUSEC 2020 on June 5th, 2020. Papers submitted to the first deadline (March 16th) will continue to receive decisions and publication on the originally announced schedule. This second deadline is a supplemental deadline for authors whose plans to submit to the original deadline have been disrupted. Papers accepted to the first deadline will continue to be published through IEEE. Since we have not yet received confirmation from IEEE or the EuroS&P chairs that the later publication schedule is permissible, we cannot guarantee that papers accepted through the second deadline will also be published through IEEE. If they do not grant our request, we will find a publisher of comparable stature (i.e., one whose publications are indexed by a major academic portal) to publish the additional proceedings. In all cases, we will publish preprints (with authors' permission) on this website.

The European Workshop on Usable Security (EuroUSEC) serves as a European forum for research and discussion in the area of human factors in security and privacy. EuroUSEC 2019 will be co-located with the 5th IEEE European Symposium on Security and Privacy (EuroS&P 2020) and it will be held in Genova, Italy online on June 15, 2020 September 7, 2020.

EuroUSEC solicits previously unpublished work offering novel research contributions or clearly articulated research visions in any aspect of human-centered security and privacy. The aim of this workshop is to bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. Participants are researchers and practitioners from domains including computer science, engineering, psychology, the social sciences, and economics.

Accepted Papers

The following 18 papers have been accepted to EuroUSEC 2020 our of 44 unique submissions.

Accepted papers
A Cross-Platform Evaluation of User Online Privacy [PDF]
Maryam Mehrnezhad (Newcastle University)
Analysis of Publicly Available Anti-Phishing Webpages: Contradicting Information, Lack of Concrete Advice and Very Narrow Attack Vector [PDF]
Mattia Mossano (Karlsruhe Institute of Technology), Kami Vaniea (University of Edinburgh), Lukas Aldag (Karlsruhe Institute of Technology), Reyhan Duzgun (Karlsruhe Institute of Technology), Peter Mayer (Karlsruhe Institute of Technology), Melanie Volkamer (Karlsruhe Institute of Technology)
Cash, Cards or Cryptocurrencies? A Study of Payment Culture in Four Countries [PDF]
Karoline Busse (University of Bonn), Mohammad Tahaei (University of Edinburgh), Katharina Krombholz (CISPA Helmholtz Center for Information Security), Emanuel von Zezschwitz (University of Bonn), Matthew Smith (University of Bonn/Fraunhofer FKIE), Jing Tian (Zhejiang University), Wenyuan Xu (Zhejiang University)
Data Sharing in Mobile Apps — User Privacy Expectations in Europe [PDF]
Nils Quermann (Ruhr-Universitat Bochum), Martin Degeling (Ruhr-Universitat Bochum)
Do Women in Conservative Societies (Not) Follow Smartphone Security Advice? A Case Study of Saudi Arabia and Pakistan [PDF]
Elham Al Qahtani (UNC Charlotte), Yousra Javed (National University of Sciences & Technology), Heather Lipford (UNC Charlotte), Mohamed Shehab (UNC Charlotte)
End User and Expert Perceptions of Threats and Potential Countermeasures [PDF]
Simon Anell (CISPA Helmholtz Center for Information Security), Lea Grober (CISPA Helmholtz Center for Information Security), Katharina Krombholz (CISPA Helmholtz Center for Information Security)
GDPR Reality Check – Claiming and Investigating Personally Identifiable Data from Companies [PDF]
Fatemeh Alizadeh (University of Siegen); Timo Jakobi (University of Siegen); Alexander Boden (Fraunhofer Institute for Applied Information Technology); Gunnar Stevens (University of Siegen); Jens Boldt (University of Siegen)
Improving Non-Experts' Understanding of End-to-End Encryption: An Exploratory Study [PDF]
Wei Bai (University of Maryland), Michael Pearson (University of Maryland), Patrick Gage Kelley (Google), Michelle L. Mazurek (University of Maryland)
Investigating Teenagers' Ability to Detect Phishing Messages [PDF]
James Nicholson (Northumbria University), Yousra Javed (National University of Sciences and Technology), Matt Dixon (Northumbria University), Lyne Coventry (Northumbria University), Opeyemi Dele Ajayi (Northumbria University), Philip Anderson (Northumbria University)
Making Encryption Feel Secure: Investigating how Descriptions of Encryption Impact Perceived Security [PDF]
Verena Distler (University of Luxembourg); Carine Lallemand (University of Luxembourg / Eindhoven University of Technology); Vincent Koenig (University of Luxembourg)
"Security Should Be There By Default": Investigating How Journalists Perceive and Respond to Risks From the Internet of Things [PDF]
Anjuli R. K. Shere (University of Oxford); Jason R. C. Nurse (University of Kent); Ivan Flechais (University of Oxford)
Simulating the Effects of Social Presence on Trust, Privacy Concerns & Usage Intentions in Automated Bots for Finance [PDF]
Magdalene Ng (Newcastle University), Kovila P.L. Coopamootoo (Newcastle University), Ehsan Toreini (Newcastle University), Mhairi Aitken (Newcastle University), Karen Elliot (Newcastle University), Aad van Moorsel (Newcastle University)
Tech Pains: Characterizations of Lived Cybersecurity Experiences [PDF]
Huixin Tian (Indiana University Bloomington), Chris Kanich (University of Illinois, Chicago), Jason Polakis (University of Illinois, Chicago), Sameer Patil (Indiana University Bloomington)
Vision: I Don't Want to Use My Phone! A Cognitive Walkthrough for YubiKeys [PDF]
Claudia Bischoff (University of Bonn); Eva Gerlitz (Fraunhofer FKIE); Matthew Smith (University of Bonn / Fraunhofer FKIE)
Vision: Investigating Web API Developer Experience in Relation to Terms of Service and Privacy Policies [PDF]
Aidah Ichario (Heriot-Watt University), Manuel Maarek (Heriot-Watt University)
Vision: Shred If Insecure – Persuasive Message Design as a Lesson and Alternative to Previous Approaches to Usable Secure Email Interfaces [PDF]
Jan Tolsdorf (TH Köln - University of Applied Sciences); Luigi Lo Iacono (Hochschule Bonn-Rhein-Sieg)
Vision: What If They All Die? Crypto Requirements For Key People [PDF]
Chan Nam Ngo (University of Trento); Daniele Friolo (Sapienza University of Rome); Fabio Massacci (University of Trento); Daniele Venturi (Sapienza University of Rome); Ettore Battaiola (Cassa Centrale Banca)
Vision: Why Johnny Can't Configure Smart Home? A Behavioural Framework for Smart Home Privacy Configuration [PDF]
Joseph Shams (King's College London), Nalin A. G. Arachchilage (La Trobe University), Jose M. Such (King's College London)

Call for Papers

We invite you to submit a paper and join us at the EuroUSEC workshop, which will be held on June 15, 2020 September 7, 2020 in Genova, Italy online. The workshop will be co-located with the 5th IEEE European Symposium on Security and Privacy (EuroS&P). The EuroUSEC 2020 website is at

We are excited to welcome original work describing research, visions, or experiences in all areas of usable security and privacy. We welcome a variety of research methods, including both qualitative and quantitative approaches.

We accept both longer papers on mature/completed work in a research track, as well as shorter papers on work in progress or work that has yet to begin in a vision track. This decision to accept both types of submissions, which started with EuroUSEC 2019, aims to include researchers at all stages of their career and at all stages of their projects. We especially encourage submissions to the vision track.

Topics include, but are not limited to:

  • innovative security or privacy functionality and design
  • new applications of existing models or technology
  • field studies of security or privacy technology
  • usability evaluations of new or existing security or privacy features
  • security testing of new or existing usability features
  • longitudinal studies of deployed security or privacy features
  • studies of administrators or developers and support for security and privacy
  • psychological, sociological, and economic aspects of security and privacy
  • the impact of organizational policy or procurement decisions
  • methodologies for usable security and privacy research
  • lessons learned from the deployment and use of usable privacy and security features
  • reports of replicating previously published studies and experiments
  • reports of failed usable privacy/security studies or experiments, with the focus on the lessons learned from such experience

We have observed that the most effective workshops are those that encourage discussion between attendees. Each paper presentation will be followed by about 15 minutes of discussion to promote engagement and helpful feedback.

For accepted papers, at least one author must attend the workshop.

Important Dates

Paper submission deadline:    Monday, March 16, 2020 (Anywhere on Earth)
Notification:Sunday, April 12, 2020
Camera ready:Friday, April 24, 2020 (encouraged for quicker dissemination), Wednesday, June 24, 2020 (required by IEEE)
Supplemental deadline due to COVID-19:
Paper registration deadline (mandatory):    Tuesday, June 2, 2020 (Anywhere on Earth)
Paper submission deadline:Friday, June 5, 2020 (Anywhere on Earth)
Notification:Thursday, June 18, 2020
Camera ready:Wednesday, June 24, 2020
Workshop:Monday, June 15, 2020  Monday, September 7, 2020

Submission Instructions

Papers must be written in English and must be anonymized for review. Please refer to your own related work in the third person, as though someone else had written it. This requirement also applies to data sets and artifacts. (For example, "We received data from the authors of Smith et al. [31] that we reused for this experiment.") Do not blind citations except in extraordinary circumstances.

In keeping with IEEE guidelines, all submissions must be original work. Authors must clearly document any overlap with previously published or simultaneously submitted papers from any of the authors. Simultaneous submission of the same paper to another venue with proceedings or a journal is not allowed. Serious infringements of these policies may cause the paper to be rejected from publication and the authors put on a warning list, even if the paper is initially accepted by the program committee. Contact the workshop chairs if there are questions about this policy.

Following the requirements of the main conference, papers must be typeset in A4 format (not "US Letter") using the IEEE conference proceeding LaTeX template we supply ( or the IEEE Word template (conference-template-a4.docx). We suggest you first compile the supplied LaTeX source as is, checking that you obtain the same PDF as the one supplied, and then write your paper into the LaTeX template, replacing the boilerplate text. Please do not use other IEEE templates. Failure to adhere to the page limit and formatting requirements can be grounds for rejection.

Research Track: The research track is intended to report on more mature work that has been completed. The goal of the workshop's research track is to disseminate results of interest to the broader usable security and privacy community. Papers must be up to 10 pages in length including the bibliography. Authors have the option to attach to their paper supplementary appendices containing study materials (e.g., survey instruments, interview guides, etc.) that would not otherwise fit within the body of the paper. Reviewers are not required to read any appendices, so your paper should be self-contained without them. Accepted papers will be published on the workshop website as pre-prints with their supplementary appendices included, but will be published in IEEE Xplore without these supplemental appendices.

Vision Track: The vision track is intended to report on work in progress or concrete ideas for work that has yet to begin. The focus in the vision track is to spark discussion with the goal to provide the authors helpful feedback, pointers to potentially related investigations, and new ideas to explore. Suitable submissions to the vision track include traditional work-in-progress pieces such as preliminary results of pre-studies, but also research proposals and position papers outlining future research. Papers must be up to 6 pages in length including the bibliography, and with no appendices. Submissions to the vision track should have a title beginning with the prefix "Vision: ".

Submission Site

Please upload your submission to our HotCRP instance, which is now open for paper registration and submissions for the June deadline.


The proceedings will be published by the IEEE in a volume accompanying the main IEEE EuroS&P 2020 proceedings and will be made available after the workshop in IEEE Xplore. To facilitate discussion at the workshop itself, we plan to post pre-prints on this webpage shortly before the workshop.

Program Committee Chairs

The chairs can be contacted at

Publicity Chairs

Program Committee

Steering Committee

Venue and Registration

The workshop is co-located with the 5th IEEE European Symposium on Security and Privacy (EuroS&P 2020). Registration details will be handled by the main conference and will be posted closer to the event itself on their website. EuroUSEC is one of the pre-conference workshops.

Social Contract

To make the workshop as effective as possible for everyone, we ask that all participants commit to our social contract: don't arrive late or leave early for individual talks; don't use electronics other than explicitly for engagement (live tweeting, following along in the paper); provide constructive and meaningful feedback for all papers. If you need to check your email or do some work (we know it happens!), please take a break for a particular paper or session and go do it, and then come back ready to engage again.
(Credit to the New Security Paradigms Workshop for the concept of the social contract.)