A Comparative Long-Term Study of Fallback Authentication Schemes

Publikation: Beitrag in Buch/Bericht/Sammelwerk/KonferenzbandAufsatz in KonferenzbandForschungPeer-Review

Autoren

  • Leona Lassak
  • Philipp Markert
  • Maximilian Golla
  • Elizabeth Stobert
  • Markus Dürmuth

Organisationseinheiten

Externe Organisationen

  • Ruhr-Universität Bochum
  • Helmholtz-Zentrum für Informationssicherheit (CISPA)
  • Carleton University
Forschungs-netzwerk anzeigen

Details

OriginalspracheEnglisch
Titel des SammelwerksCHI '24
UntertitelProceedings of the CHI Conference on Human Factors in Computing Systems
Seitenumfang19
ISBN (elektronisch)9798400703300
PublikationsstatusVeröffentlicht - 11 Mai 2024
Veranstaltung2024 CHI Conference on Human Factors in Computing Sytems, CHI 2024 - Hybrid, Honolulu, USA / Vereinigte Staaten
Dauer: 11 Mai 202416 Mai 2024

Abstract

Fallback authentication, the process of re-establishing access to an account when the primary authenticator is unavailable, holds critical significance. Approaches range from secondary channels like email and SMS to personal knowledge questions (PKQs) and social authentication. A key diference to primary authentication is that the duration between enrollment and authentication can be much longer, typically months or years. However, few systems have been studied over extended timeframes, making it difficult to know how well these systems truly help users recover their accounts. We also lack meaningful comparisons of schemes as most prior work examined two mechanisms at most. We report the results of a long-term user study of the usability of fallback authentication over 18 months to provide a fair comparison of the four most commonly used fallback authentication methods. We show that users prefer email and SMS-based methods, while mechanisms based on PKQs and trustees lag regarding successful resets and convenience.

ASJC Scopus Sachgebiete

Zitieren

A Comparative Long-Term Study of Fallback Authentication Schemes. / Lassak, Leona; Markert, Philipp; Golla, Maximilian et al.
CHI '24: Proceedings of the CHI Conference on Human Factors in Computing Systems. 2024. 970.

Publikation: Beitrag in Buch/Bericht/Sammelwerk/KonferenzbandAufsatz in KonferenzbandForschungPeer-Review

Lassak, L, Markert, P, Golla, M, Stobert, E & Dürmuth, M 2024, A Comparative Long-Term Study of Fallback Authentication Schemes. in CHI '24: Proceedings of the CHI Conference on Human Factors in Computing Systems., 970, 2024 CHI Conference on Human Factors in Computing Sytems, CHI 2024, Hybrid, Honolulu, USA / Vereinigte Staaten, 11 Mai 2024. https://doi.org/10.1145/3613904.3642889
Lassak, L., Markert, P., Golla, M., Stobert, E., & Dürmuth, M. (2024). A Comparative Long-Term Study of Fallback Authentication Schemes. In CHI '24: Proceedings of the CHI Conference on Human Factors in Computing Systems Artikel 970 https://doi.org/10.1145/3613904.3642889
Lassak L, Markert P, Golla M, Stobert E, Dürmuth M. A Comparative Long-Term Study of Fallback Authentication Schemes. in CHI '24: Proceedings of the CHI Conference on Human Factors in Computing Systems. 2024. 970 doi: 10.1145/3613904.3642889
Lassak, Leona ; Markert, Philipp ; Golla, Maximilian et al. / A Comparative Long-Term Study of Fallback Authentication Schemes. CHI '24: Proceedings of the CHI Conference on Human Factors in Computing Systems. 2024.
Download
@inproceedings{cb731156f15e4318b5bc6b12ed348df1,
title = "A Comparative Long-Term Study of Fallback Authentication Schemes",
abstract = "Fallback authentication, the process of re-establishing access to an account when the primary authenticator is unavailable, holds critical significance. Approaches range from secondary channels like email and SMS to personal knowledge questions (PKQs) and social authentication. A key diference to primary authentication is that the duration between enrollment and authentication can be much longer, typically months or years. However, few systems have been studied over extended timeframes, making it difficult to know how well these systems truly help users recover their accounts. We also lack meaningful comparisons of schemes as most prior work examined two mechanisms at most. We report the results of a long-term user study of the usability of fallback authentication over 18 months to provide a fair comparison of the four most commonly used fallback authentication methods. We show that users prefer email and SMS-based methods, while mechanisms based on PKQs and trustees lag regarding successful resets and convenience.",
keywords = "email, fallback authentication, personal knowledge questions, SMS",
author = "Leona Lassak and Philipp Markert and Maximilian Golla and Elizabeth Stobert and Markus D{\"u}rmuth",
note = "Publisher Copyright: {\textcopyright} 2024 Copyright held by the owner/author(s); 2024 CHI Conference on Human Factors in Computing Sytems, CHI 2024 ; Conference date: 11-05-2024 Through 16-05-2024",
year = "2024",
month = may,
day = "11",
doi = "10.1145/3613904.3642889",
language = "English",
booktitle = "CHI '24",

}

Download

TY - GEN

T1 - A Comparative Long-Term Study of Fallback Authentication Schemes

AU - Lassak, Leona

AU - Markert, Philipp

AU - Golla, Maximilian

AU - Stobert, Elizabeth

AU - Dürmuth, Markus

N1 - Publisher Copyright: © 2024 Copyright held by the owner/author(s)

PY - 2024/5/11

Y1 - 2024/5/11

N2 - Fallback authentication, the process of re-establishing access to an account when the primary authenticator is unavailable, holds critical significance. Approaches range from secondary channels like email and SMS to personal knowledge questions (PKQs) and social authentication. A key diference to primary authentication is that the duration between enrollment and authentication can be much longer, typically months or years. However, few systems have been studied over extended timeframes, making it difficult to know how well these systems truly help users recover their accounts. We also lack meaningful comparisons of schemes as most prior work examined two mechanisms at most. We report the results of a long-term user study of the usability of fallback authentication over 18 months to provide a fair comparison of the four most commonly used fallback authentication methods. We show that users prefer email and SMS-based methods, while mechanisms based on PKQs and trustees lag regarding successful resets and convenience.

AB - Fallback authentication, the process of re-establishing access to an account when the primary authenticator is unavailable, holds critical significance. Approaches range from secondary channels like email and SMS to personal knowledge questions (PKQs) and social authentication. A key diference to primary authentication is that the duration between enrollment and authentication can be much longer, typically months or years. However, few systems have been studied over extended timeframes, making it difficult to know how well these systems truly help users recover their accounts. We also lack meaningful comparisons of schemes as most prior work examined two mechanisms at most. We report the results of a long-term user study of the usability of fallback authentication over 18 months to provide a fair comparison of the four most commonly used fallback authentication methods. We show that users prefer email and SMS-based methods, while mechanisms based on PKQs and trustees lag regarding successful resets and convenience.

KW - email

KW - fallback authentication

KW - personal knowledge questions

KW - SMS

UR - http://www.scopus.com/inward/record.url?scp=85194896591&partnerID=8YFLogxK

U2 - 10.1145/3613904.3642889

DO - 10.1145/3613904.3642889

M3 - Conference contribution

AN - SCOPUS:85194896591

BT - CHI '24

T2 - 2024 CHI Conference on Human Factors in Computing Sytems, CHI 2024

Y2 - 11 May 2024 through 16 May 2024

ER -