Related papers: Evaluating the Influence of Multi-Factor Authentication and Recovery Settings on the Security and Accessibility of User Accounts

Evaluating the Influence of Multi-Factor Authentication and Recovery Settings on the Security and Accessibility of User Accounts

URL: http://arxiv.org/abs/2403.15080v1
Date: Fri, 22 Mar 2024 10:05:37 GMT
Title: Evaluating the Influence of Multi-Factor Authentication and Recovery Settings on the Security and Accessibility of User Accounts
Authors: Andre Büttner, Nils Gruschka,
Abstract summary: This paper presents a study on the account settings of Google and Apple users. Considering the multi-factor authentication configuration and recovery options, we analyzed the account security and lock-out risks. Our results provide insights into the usage of multi-factor authentication in practice, show significant security differences between Google and Apple accounts, and reveal that many users would miss access to their accounts when losing a single authentication device.
Score: 0.0
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Nowadays, most online services offer different authentication methods that users can set up for multi-factor authentication but also as a recovery method. This configuration must be done thoroughly to prevent an adversary's access while ensuring the legitimate user does not lose access to their account. This is particularly important for fundamental everyday services, where either failure would have severe consequences. Nevertheless, little research has been done on the authentication of actual users regarding security and the risk of being locked out of their accounts. To foster research in this direction, this paper presents a study on the account settings of Google and Apple users. Considering the multi-factor authentication configuration and recovery options, we analyzed the account security and lock-out risks. Our results provide insights into the usage of multi-factor authentication in practice, show significant security differences between Google and Apple accounts, and reveal that many users would miss access to their accounts when losing a single authentication device.

Related papers

Towards Credential-based Device Registration in DApps for DePINs with ZKPs [46.08150780379237]
We propose a credential-based device registration (CDR) mechanism that verifies device credentials on the blockchain. We present a general system model, and technically evaluate CDR using zkSNARKs with Groth16 and Marlin.
arXiv Detail & Related papers (2024-06-27T09:50:10Z)
Nudging Users to Change Breached Passwords Using the Protection Motivation Theory [58.87688846800743]
We draw on the Protection Motivation Theory (PMT) to design nudges that encourage users to change breached passwords. Our study contributes to PMT's application in security research and provides concrete design implications for improving compromised credential notifications.
arXiv Detail & Related papers (2024-05-24T07:51:15Z)
Rethinking the Vulnerabilities of Face Recognition Systems:From a Practical Perspective [53.24281798458074]
Face Recognition Systems (FRS) have increasingly integrated into critical applications, including surveillance and user authentication. Recent studies have revealed vulnerabilities in FRS to adversarial (e.g., adversarial patch attacks) and backdoor attacks (e.g., training data poisoning)
arXiv Detail & Related papers (2024-05-21T13:34:23Z)
Is It Really You Who Forgot the Password? When Account Recovery Meets Risk-Based Authentication [1.776750337181166]
Risk-based authentication (RBA) is used to protect user accounts from unauthorized takeover. Recent attacks have revealed vulnerabilities in other parts of the authentication process, specifically in the account recovery function. This paper presents the first study to investigate risk-based account recovery (RBAR) in the wild.
arXiv Detail & Related papers (2024-03-18T13:55:24Z)
A Novel Protocol Using Captive Portals for FIDO2 Network Authentication [45.84205238554709]
We introduce FIDO2CAP: FIDO2 Captive-portal Authentication Protocol. We develop a prototype of FIDO2CAP authentication in a mock scenario. This work makes the first systematic approach for adapting network authentication to the new authentication paradigm relying on FIDO2 authentication.
arXiv Detail & Related papers (2024-02-20T09:55:20Z)
Reducing Usefulness of Stolen Credentials in SSO Contexts [0.0]
Multi-factor authentication (MFA) helps to thwart attacks that use valid credentials, but attackers still commonly breach systems by tricking users into accepting MFA step up requests. This paper proposes a token-based enrollment architecture that is less invasive to user devices than mobile device management.
arXiv Detail & Related papers (2024-01-21T21:05:32Z)
Leveraging Machine Learning for Wi-Fi-based Environmental Continuous Two-Factor Authentication [0.44998333629984877]
We present a novel 2FA approach replacing the user's input with decisions made by Machine Learning (ML) Our system exploits unique environmental features associated with the user, such as beacon frame characteristics and Received Signal Strength Indicator ( RSSI) values from Wi-Fi Access Points (APs) For enhanced security, our system mandates that the user's two devices (i.e., a login device and a mobile device) be situated within a predetermined proximity before granting access.
arXiv Detail & Related papers (2024-01-12T14:58:15Z)
A Review of Password-less User Authentication Schemes [0.0]
Review examines password-less authentication schemes that have been proposed since after the death knell was placed on passwords in 2004. We evaluate the truly password-less and practical schemes based on their impact on user experience, overall security, and ease of deployment.
arXiv Detail & Related papers (2023-12-05T15:57:40Z)
Blockchain-based Zero Trust on the Edge [5.323279718522213]
This paper proposes a novel approach based on Zero Trust Architecture (ZTA) extended with blockchain to further enhance security. The blockchain component serves as an immutable database for storing users' requests and is used to verify trustworthiness by analyzing and identifying potentially malicious user activities. We discuss the framework, processes of the approach, and the experiments carried out on a testbed to validate its feasibility and applicability in the smart city context.
arXiv Detail & Related papers (2023-11-28T12:43:21Z)
Biometrics: Trust, but Verify [49.9641823975828]
Biometric recognition has exploded into a plethora of different applications around the globe. There are a number of outstanding problems and concerns pertaining to the various sub-modules of biometric recognition systems.
arXiv Detail & Related papers (2021-05-14T03:07:25Z)
Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance. We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems. We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
arXiv Detail & Related papers (2020-10-19T13:09:31Z)

This list is automatically generated from the titles and abstracts of the papers in this site.