As users navigate the web they face a multitude of threats; among them, attacks that result in
account compromise can be particularly devastating. In a world fraught with data breaches …

FIDO2 is a suite of protocols that combines the usability of local authentication (eg,
biometrics) with the security of public-key cryptography to deliver passwordless …

Risk-based authentication (RBA) aims to protect users against attacks involving stolen
passwords. RBA monitors features during login, and requests re-authentication when …

Credential-guessing attacks often exploit passwords that were reused across a user's online
accounts. To learn how organizations can better protect users, we retrospectively analyzed …

Threats to passwords are still very relevant due to attacks like phishing or credential stuffing.
One way to solve this problem is to remove passwords completely. User studies on …

Password-based authentication (PBA) remains the most popular form of user authentication
on the web despite its long-understood insecurity. Given the deficiencies of PBA, many …

Online services increasingly rely on user-facing interfaces to communicate important
security-related account information—for example, which devices are logged into a user's …

Risk-based authentication (RBA) complements standard password-based logins by using
knowledge about previously observed user behavior to prevent malicious login attempts …

Risk-based authentication (RBA) is an adaptive security measure used to strengthen
password-based authentication against account takeover attacks. Our study on 65 …

Our everyday life depends more and more on online services and, therefore, access to
related user accounts. The security of user accounts, again, is tied to the security of the …