Understanding Users' Interaction with Login Notifications

Publikation: Beitrag in Buch/Bericht/Sammelwerk/KonferenzbandAufsatz in KonferenzbandForschungPeer-Review

Autoren

  • Philipp Markert
  • Leona Lassak
  • Maximilian Golla
  • Markus Dürmuth

Organisationseinheiten

Externe Organisationen

  • Ruhr-Universität Bochum
  • Helmholtz-Zentrum für Informationssicherheit (CISPA)
Forschungs-netzwerk anzeigen

Details

OriginalspracheEnglisch
Titel des SammelwerksCHI '24
UntertitelProceedings of the CHI Conference on Human Factors in Computing Systems
Seitenumfang17
ISBN (elektronisch)9798400703300
PublikationsstatusVeröffentlicht - 11 Mai 2024
Veranstaltung2024 CHI Conference on Human Factors in Computing Sytems, CHI 2024 - Hybrid, Honolulu, USA / Vereinigte Staaten
Dauer: 11 Mai 202416 Mai 2024

Abstract

Login notifications intend to inform users about sign-ins and help them protect their accounts from unauthorized access. Notifications are usually sent if a login deviates from previous ones, potentially indicating malicious activity. They contain information like the location, date, time, and device used to sign in. Users are challenged to verify whether they recognize the login (because it was them or someone they know) or to protect their account from unwanted access. In a user study, we explore users' comprehension, reactions, and expectations of login notifications. We utilize two treatments to measure users' behavior in response to notifications sent for a login they initiated or based on a malicious actor relying on statistical sign-in information. We find that users identify legitimate logins but need more support to halt malicious sign-ins. We discuss the identified problems and give recommendations for service providers to ensure usable and secure logins for everyone.

ASJC Scopus Sachgebiete

Zitieren

Understanding Users' Interaction with Login Notifications. / Markert, Philipp; Lassak, Leona; Golla, Maximilian et al.
CHI '24: Proceedings of the CHI Conference on Human Factors in Computing Systems. 2024. 853.

Publikation: Beitrag in Buch/Bericht/Sammelwerk/KonferenzbandAufsatz in KonferenzbandForschungPeer-Review

Markert, P, Lassak, L, Golla, M & Dürmuth, M 2024, Understanding Users' Interaction with Login Notifications. in CHI '24: Proceedings of the CHI Conference on Human Factors in Computing Systems., 853, 2024 CHI Conference on Human Factors in Computing Sytems, CHI 2024, Hybrid, Honolulu, USA / Vereinigte Staaten, 11 Mai 2024. https://doi.org/10.48550/arXiv.2212.07316, https://doi.org/10.1145/3613904.3642823
Markert, P., Lassak, L., Golla, M., & Dürmuth, M. (2024). Understanding Users' Interaction with Login Notifications. In CHI '24: Proceedings of the CHI Conference on Human Factors in Computing Systems Artikel 853 https://doi.org/10.48550/arXiv.2212.07316, https://doi.org/10.1145/3613904.3642823
Markert P, Lassak L, Golla M, Dürmuth M. Understanding Users' Interaction with Login Notifications. in CHI '24: Proceedings of the CHI Conference on Human Factors in Computing Systems. 2024. 853 doi: 10.48550/arXiv.2212.07316, 10.1145/3613904.3642823
Markert, Philipp ; Lassak, Leona ; Golla, Maximilian et al. / Understanding Users' Interaction with Login Notifications. CHI '24: Proceedings of the CHI Conference on Human Factors in Computing Systems. 2024.
Download
@inproceedings{27ccb8b52b7f464482725ad051520dce,
title = "Understanding Users' Interaction with Login Notifications",
abstract = "Login notifications intend to inform users about sign-ins and help them protect their accounts from unauthorized access. Notifications are usually sent if a login deviates from previous ones, potentially indicating malicious activity. They contain information like the location, date, time, and device used to sign in. Users are challenged to verify whether they recognize the login (because it was them or someone they know) or to protect their account from unwanted access. In a user study, we explore users' comprehension, reactions, and expectations of login notifications. We utilize two treatments to measure users' behavior in response to notifications sent for a login they initiated or based on a malicious actor relying on statistical sign-in information. We find that users identify legitimate logins but need more support to halt malicious sign-ins. We discuss the identified problems and give recommendations for service providers to ensure usable and secure logins for everyone.",
keywords = "authentication, email, notification, password change, risk-based authentication",
author = "Philipp Markert and Leona Lassak and Maximilian Golla and Markus D{\"u}rmuth",
note = "Publisher Copyright: {\textcopyright} 2024 Copyright held by the owner/author(s); 2024 CHI Conference on Human Factors in Computing Sytems, CHI 2024 ; Conference date: 11-05-2024 Through 16-05-2024",
year = "2024",
month = may,
day = "11",
doi = "10.48550/arXiv.2212.07316",
language = "English",
booktitle = "CHI '24",

}

Download

TY - GEN

T1 - Understanding Users' Interaction with Login Notifications

AU - Markert, Philipp

AU - Lassak, Leona

AU - Golla, Maximilian

AU - Dürmuth, Markus

N1 - Publisher Copyright: © 2024 Copyright held by the owner/author(s)

PY - 2024/5/11

Y1 - 2024/5/11

N2 - Login notifications intend to inform users about sign-ins and help them protect their accounts from unauthorized access. Notifications are usually sent if a login deviates from previous ones, potentially indicating malicious activity. They contain information like the location, date, time, and device used to sign in. Users are challenged to verify whether they recognize the login (because it was them or someone they know) or to protect their account from unwanted access. In a user study, we explore users' comprehension, reactions, and expectations of login notifications. We utilize two treatments to measure users' behavior in response to notifications sent for a login they initiated or based on a malicious actor relying on statistical sign-in information. We find that users identify legitimate logins but need more support to halt malicious sign-ins. We discuss the identified problems and give recommendations for service providers to ensure usable and secure logins for everyone.

AB - Login notifications intend to inform users about sign-ins and help them protect their accounts from unauthorized access. Notifications are usually sent if a login deviates from previous ones, potentially indicating malicious activity. They contain information like the location, date, time, and device used to sign in. Users are challenged to verify whether they recognize the login (because it was them or someone they know) or to protect their account from unwanted access. In a user study, we explore users' comprehension, reactions, and expectations of login notifications. We utilize two treatments to measure users' behavior in response to notifications sent for a login they initiated or based on a malicious actor relying on statistical sign-in information. We find that users identify legitimate logins but need more support to halt malicious sign-ins. We discuss the identified problems and give recommendations for service providers to ensure usable and secure logins for everyone.

KW - authentication

KW - email

KW - notification

KW - password change

KW - risk-based authentication

UR - http://www.scopus.com/inward/record.url?scp=85194876256&partnerID=8YFLogxK

U2 - 10.48550/arXiv.2212.07316

DO - 10.48550/arXiv.2212.07316

M3 - Conference contribution

AN - SCOPUS:85194876256

BT - CHI '24

T2 - 2024 CHI Conference on Human Factors in Computing Sytems, CHI 2024

Y2 - 11 May 2024 through 16 May 2024

ER -