Driving {2FA} adoption at scale: Optimizing {Two-Factor} authentication notification design patterns
Two-factor authentication (2FA) is one of the primary mechanisms for defending end-user
accounts against phishing and password reuse attacks. Unfortunately, getting users to adopt …
accounts against phishing and password reuse attacks. Unfortunately, getting users to adopt …
An overview of the present and future of user authentication
MA Al Kabir, W Elmedany - 2022 4th IEEE Middle East and …, 2022 - ieeexplore.ieee.org
Cybersecurity is an ever-evolving discipline that aims to protect every aspect of an
information system, including its users, from digital threats, adversaries and attacks. When it …
information system, including its users, from digital threats, adversaries and attacks. When it …
Phish in sheep's clothing: Exploring the authentication pitfalls of browser fingerprinting
As users navigate the web they face a multitude of threats; among them, attacks that result in
account compromise can be particularly devastating. In a world fraught with data breaches …
account compromise can be particularly devastating. In a world fraught with data breaches …
A quarter century of usable security and privacy research: transparency, tailorability, and the road ahead
In the last decades, research has shown that both technical solutions and user perceptions
are important to improve security and privacy in the digital realm. The field of 'usable …
are important to improve security and privacy in the digital realm. The field of 'usable …
Pump up password security! Evaluating and enhancing risk-based authentication on a real-world large-scale online service
S Wiefling, PR Jørgensen, S Thunem… - ACM Transactions on …, 2022 - dl.acm.org
Risk-based authentication (RBA) aims to protect users against attacks involving stolen
passwords. RBA monitors features during login, and requests re-authentication when …
passwords. RBA monitors features during login, and requests re-authentication when …
A Study of {Multi-Factor} and {Risk-Based} Authentication Availability
Password-based authentication (PBA) remains the most popular form of user authentication
on the web despite its long-understood insecurity. Given the deficiencies of PBA, many …
on the web despite its long-understood insecurity. Given the deficiencies of PBA, many …
Evaluation of account recovery strategies with FIDO2-based passwordless authentication
J Kunke, S Wiefling, M Ullmann, LL Iacono - arXiv preprint arXiv …, 2021 - arxiv.org
Threats to passwords are still very relevant due to attacks like phishing or credential stuffing.
One way to solve this problem is to remove passwords completely. User studies on …
One way to solve this problem is to remove passwords completely. User studies on …
No single silver bullet: Measuring the accuracy of password strength meters
To help users create stronger passwords, nearly every respectable web service adopts a
password strength meter (PSM) to provide real-time strength feedback upon user …
password strength meter (PSM) to provide real-time strength feedback upon user …
What's in score for website users: A data-driven long-term study on risk-based authentication characteristics
Risk-based authentication (RBA) aims to strengthen password-based authentication rather
than replacing it. RBA does this by monitoring and recording additional features during the …
than replacing it. RBA does this by monitoring and recording additional features during the …
Is real-time phishing eliminated with {FIDO}? social engineering downgrade attacks against {FIDO} protocols
FIDO's U2F is a web-authentication mechanism designed to mitigate real-time phishing—an
attack that undermines multi-factor authentication by allowing an attacker to relay second …
attack that undermines multi-factor authentication by allowing an attacker to relay second …