Evaluating the Influence of Multi-Factor Authentication and Recovery Settings on the Security and Accessibility of User Accounts

Proceedings of the 10th International Conference on Information Systems Security and Privacy Pub Date : 2024-03-22 DOI:10.5220/0012319000003648

Andre Buttner, Nils Gruschka

{"title":"Evaluating the Influence of Multi-Factor Authentication and Recovery Settings on the Security and Accessibility of User Accounts","authors":"Andre Buttner, Nils Gruschka","doi":"10.5220/0012319000003648","DOIUrl":null,"url":null,"abstract":"Nowadays, most online services offer different authentication methods that users can set up for multi-factor authentication but also as a recovery method. This configuration must be done thoroughly to prevent an adversary's access while ensuring the legitimate user does not lose access to their account. This is particularly important for fundamental everyday services, where either failure would have severe consequences. Nevertheless, little research has been done on the authentication of actual users regarding security and the risk of being locked out of their accounts. To foster research in this direction, this paper presents a study on the account settings of Google and Apple users. Considering the multi-factor authentication configuration and recovery options, we analyzed the account security and lock-out risks. Our results provide insights into the usage of multi-factor authentication in practice, show significant security differences between Google and Apple accounts, and reveal that many users would miss access to their accounts when losing a single authentication device.","PeriodicalId":517796,"journal":{"name":"Proceedings of the 10th International Conference on Information Systems Security and Privacy","volume":" 12","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 10th International Conference on Information Systems Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5220/0012319000003648","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Nowadays, most online services offer different authentication methods that users can set up for multi-factor authentication but also as a recovery method. This configuration must be done thoroughly to prevent an adversary's access while ensuring the legitimate user does not lose access to their account. This is particularly important for fundamental everyday services, where either failure would have severe consequences. Nevertheless, little research has been done on the authentication of actual users regarding security and the risk of being locked out of their accounts. To foster research in this direction, this paper presents a study on the account settings of Google and Apple users. Considering the multi-factor authentication configuration and recovery options, we analyzed the account security and lock-out risks. Our results provide insights into the usage of multi-factor authentication in practice, show significant security differences between Google and Apple accounts, and reveal that many users would miss access to their accounts when losing a single authentication device.

查看原文本刊更多论文

评估多因素身份验证和恢复设置对用户账户安全性和可访问性的影响

如今，大多数在线服务都提供不同的身份验证方法，用户可以将其设置为多因素身份验证，也可以将其设置为恢复方法。这种配置必须彻底完成，以防止对手访问，同时确保合法用户不会失去对其账户的访问。这一点对于基本的日常服务尤为重要，因为任何一项失败都会造成严重后果。然而，对于实际用户的安全认证和被锁定账户的风险，目前还鲜有研究。为了促进这方面的研究，本文对谷歌和苹果用户的账户设置进行了研究。考虑到多因素身份验证配置和恢复选项，我们分析了账户安全和锁定风险。我们的研究结果为多因素身份验证在实践中的使用提供了见解，显示了谷歌和苹果账户之间的显著安全差异，并揭示了许多用户在丢失单个身份验证设备时会无法访问自己的账户。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 10th International Conference on Information Systems Security and Privacy

自引率

0.00%

发文量