Phish in sheep's clothing: Exploring the authentication pitfalls of browser fingerprinting
As users navigate the web they face a multitude of threats; among them, attacks that result in
account compromise can be particularly devastating. In a world fraught with data breaches …
account compromise can be particularly devastating. In a world fraught with data breaches …
A {Two-Decade} Retrospective Analysis of a University's Vulnerability to Attacks Exploiting Reused Passwords
Credential-guessing attacks often exploit passwords that were reused across a user's online
accounts. To learn how organizations can better protect users, we retrospectively analyzed …
accounts. To learn how organizations can better protect users, we retrospectively analyzed …
Pump up password security! Evaluating and enhancing risk-based authentication on a real-world large-scale online service
S Wiefling, PR Jørgensen, S Thunem… - ACM Transactions on …, 2022 - dl.acm.org
Risk-based authentication (RBA) aims to protect users against attacks involving stolen
passwords. RBA monitors features during login, and requests re-authentication when …
passwords. RBA monitors features during login, and requests re-authentication when …
A Study of {Multi-Factor} and {Risk-Based} Authentication Availability
Password-based authentication (PBA) remains the most popular form of user authentication
on the web despite its long-understood insecurity. Given the deficiencies of PBA, many …
on the web despite its long-understood insecurity. Given the deficiencies of PBA, many …
Evaluation of account recovery strategies with FIDO2-based passwordless authentication
J Kunke, S Wiefling, M Ullmann, LL Iacono - arXiv preprint arXiv …, 2021 - arxiv.org
Threats to passwords are still very relevant due to attacks like phishing or credential stuffing.
One way to solve this problem is to remove passwords completely. User studies on …
One way to solve this problem is to remove passwords completely. User studies on …
Evaluating the Security Posture of Real-World FIDO2 Deployments
FIDO2 is a suite of protocols that combines the usability of local authentication (eg,
biometrics) with the security of public-key cryptography to deliver passwordless …
biometrics) with the security of public-key cryptography to deliver passwordless …
Account security interfaces: important, unintuitive, and untrustworthy
Online services increasingly rely on user-facing interfaces to communicate important
security-related account information—for example, which devices are logged into a user's …
security-related account information—for example, which devices are logged into a user's …
Verify it's you: how users perceive risk-based authentication
Risk-based authentication (RBA) is an adaptive security measure used to strengthen
password-based authentication against account takeover attacks. Our study on 65 …
password-based authentication against account takeover attacks. Our study on 65 …
" As soon as it's a risk, I want to require {MFA"}: How Administrators Configure Risk-based Authentication
Risk-based authentication (RBA) complements standard password-based logins by using
knowledge about previously observed user behavior to prevent malicious login attempts …
knowledge about previously observed user behavior to prevent malicious login attempts …
Detecting Risky Authentication Using the OpenID Connect Token Exchange Time
With the rise in sophisticated cyber threats, traditional authentication methods are no longer
sufficient. Risk-based authentication (RBA) plays a critical role in the context of the zero trust …
sufficient. Risk-based authentication (RBA) plays a critical role in the context of the zero trust …