Why users (don't) use password managers at a large educational institution
We quantitatively investigated the current state of Password Manager (PM) usage and
general password habits at a large, private university in the United States. Building on prior …
general password habits at a large, private university in the United States. Building on prior …
A Comparative Long-Term Study of Fallback Authentication Schemes
Fallback authentication, the process of re-establishing access to an account when the
primary authenticator is unavailable, holds critical significance. Approaches range from …
primary authenticator is unavailable, holds critical significance. Approaches range from …
Investigating web service account remediation advice
Online web services are susceptible to account compromises where adversaries gain
access to a user's account. Once compromised, an account must be restored to its pre …
access to a user's account. Once compromised, an account must be restored to its pre …
SoK: Web Authentication in the Age of End-to-End Encryption
J Blessing, D Hugenroth, RJ Anderson… - arXiv preprint arXiv …, 2024 - arxiv.org
The advent of end-to-end encrypted (E2EE) messaging and backup services has brought
new challenges for usable authentication. Compared to regular web services, the nature of …
new challenges for usable authentication. Compared to regular web services, the nature of …
The boundedly rational employee: Security economics for behaviour intervention support in organizations
Security policy-makers (influencers) in an organization set security policies that embody
intended behaviours for employees (as decision-makers) to follow. Decision-makers then …
intended behaviours for employees (as decision-makers) to follow. Decision-makers then …
A transcontinental analysis of account remediation protocols of popular websites
Websites are used regularly in our day-today lives, yet research has shown that it is
challenging for many users to use them securely, eg, most prominently due to weak …
challenging for many users to use them securely, eg, most prominently due to weak …
[PDF][PDF] A Mixed-Methods Study on User Experiences and Challenges of Recovery Codes for an End-to-End Encrypted Service
S Höltervennhoff, N Wöhler, A Möhle… - In 33rd USENIX …, 2024 - usenix.org
Recovery codes are a popular backup mechanism for online services to aid users who lost
their passwords or two-factor authentication tokens in regaining access to their accounts or …
their passwords or two-factor authentication tokens in regaining access to their accounts or …
The rewards and costs of stronger passwords in a university: linking password lifetime to strength
We present an opportunistic study of the impact of a new password policy in a university with
100,000 staff and students. The goal of the IT staff who conceived the policy was to …
100,000 staff and students. The goal of the IT staff who conceived the policy was to …
An Empirical Analysis of Enterprise-Wide Mandatory Password Updates
Enterprise-scale mandatory password changes are disruptive, complex endeavors that
require the entire workforce to prioritize a goal that is often secondary to most users. While …
require the entire workforce to prioritize a goal that is often secondary to most users. While …
A Serious Game Design: Nudging Users' Memorability of Security Questions
N Micallef, NAG Arachchilage - arXiv preprint arXiv:1709.08167, 2017 - arxiv.org
Security questions are one of the techniques used to recover passwords. The main limitation
of security questions is that users find strong answers difficult to remember. This leads users …
of security questions is that users find strong answers difficult to remember. This leads users …