A systematic literature review of empirical methods and risk representation in usable privacy and security research
Usable privacy and security researchers have developed a variety of approaches to
represent risk to research participants. To understand how these approaches are used and …
represent risk to research participants. To understand how these approaches are used and …
The eIDAS regulation: a survey of technological trends for European electronic identity schemes
The eIDAS regulation aims to provide an interoperable European framework to enable EU
citizens to authenticate and communicate with services of other Member States by using …
citizens to authenticate and communicate with services of other Member States by using …
Password policies of most top websites fail to follow best practices
We examined the policies of 120 of the most popular websites for when a user creates a
new password for their account. Despite well-established advice that has emerged from the …
new password for their account. Despite well-established advice that has emerged from the …
Driving {2FA} adoption at scale: Optimizing {Two-Factor} authentication notification design patterns
Two-factor authentication (2FA) is one of the primary mechanisms for defending end-user
accounts against phishing and password reuse attacks. Unfortunately, getting users to adopt …
accounts against phishing and password reuse attacks. Unfortunately, getting users to adopt …
" Make Them Change it Every Week!": A Qualitative Exploration of Online Developer Advice on Usable and Secure Authentication
Usable and secure authentication on the web and beyond is mission-critical. While
password-based authentication is still widespread, users have trouble dealing with …
password-based authentication is still widespread, users have trouble dealing with …
Security analysis of sms as a second factor of authentication
RP Jover - Communications of the ACM, 2020 - dl.acm.org
Security analysis of SMS as a second factor of authentication Page 1 46
COMMUNICATIONS OF THE ACM | DECEMBER 2020 | VOL. 63 | NO. 12 practice THE …
COMMUNICATIONS OF THE ACM | DECEMBER 2020 | VOL. 63 | NO. 12 practice THE …
" We've Disabled MFA for You": An Evaluation of the Security and Usability of Multi-Factor Authentication Recovery Deployments
Multi-Factor Authentication is intended to strengthen the security of password-based
authentication by adding another factor, such as hardware tokens or one-time passwords …
authentication by adding another factor, such as hardware tokens or one-time passwords …
Security and Privacy Failures in Popular {2FA} Apps
The Time-based One-Time Password (TOTP) algorithm is a 2FA method that is widely
deployed because of its relatively low implementation costs and purported security benefits …
deployed because of its relatively low implementation costs and purported security benefits …
The {Digital-Safety} risks of financial technologies for survivors of intimate partner violence
Digital technologies play a growing role in exacerbating financial abuse for survivors of
intimate partner violence (IPV). While abusers of IPV rarely employ advanced technological …
intimate partner violence (IPV). While abusers of IPV rarely employ advanced technological …
[HTML][HTML] Threat modeling framework for mobile communication systems
This paper presents a domain-specific threat-modeling framework for the cellular mobile
networks. We survey known attacks against mobile communication and organize them into …
networks. We survey known attacks against mobile communication and organize them into …