{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,23]],"date-time":"2026-03-23T14:51:54Z","timestamp":1774277514344,"version":"3.50.1"},"publisher-location":"Cham","reference-count":31,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030223113","type":"print"},{"value":"9783030223120","type":"electronic"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-22312-0_10","type":"book-chapter","created":{"date-parts":[[2019,6,16]],"date-time":"2019-06-16T23:02:48Z","timestamp":1560726168000},"page":"134-148","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":39,"title":["Is This Really You? An Empirical Study on Risk-Based Authentication Applied in the Wild"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7917-6065","authenticated-orcid":false,"given":"Stephan","family":"Wiefling","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7863-0622","authenticated-orcid":false,"given":"Luigi","family":"Lo Iacono","sequence":"additional","affiliation":[]},{"given":"Markus","family":"D\u00fcrmuth","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,6,5]]},"reference":[{"key":"10_CR1","doi-asserted-by":"crossref","unstructured":"Acar, G., Eubank, C., Englehardt, S., Juarez, M., Narayanan, A., Diaz, C.: The web never forgets: persistent tracking mechanisms in the wild. In: CCS 2014, pp. 674\u2013689. ACM (2014)","DOI":"10.1145\/2660267.2660347"},{"key":"10_CR2","series-title":"Communications in Computer and Information Science","doi-asserted-by":"publisher","first-page":"770","DOI":"10.1007\/978-3-642-25734-6_136","volume-title":"Computational Intelligence and Information Technology","author":"N Akhtar","year":"2011","unstructured":"Akhtar, N., Haq, F.: Real time online banking fraud detection using location information. In: Das, V.V., Thankachan, N. (eds.) CIIT 2011. CCIS, vol. 250, pp. 770\u2013772. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-25734-6_136"},{"key":"10_CR3","doi-asserted-by":"crossref","unstructured":"Alaca, F., van Oorschot, P.C.: Device fingerprinting for augmenting web authentication. In: Proceedings of ACSAC 2016, pp. 289\u2013301. ACM (2016)","DOI":"10.1145\/2991079.2991091"},{"key":"10_CR4","doi-asserted-by":"crossref","unstructured":"Bonneau, J.: The science of guessing: analyzing an anonymized corpus of 70 million passwords. In: 2012 IEEE Security & Privacy, pp. 538\u2013552. IEEE, May 2012","DOI":"10.1109\/SP.2012.49"},{"key":"10_CR5","unstructured":"Bonneau, J., Felten, E.W., Mittal, P., Narayanan, A.: Privacy concerns of implicit secondary factors for web authentication. In: WAY Workshop (2014)"},{"issue":"7","key":"10_CR6","doi-asserted-by":"publisher","first-page":"78","DOI":"10.1145\/2699390","volume":"58","author":"J Bonneau","year":"2015","unstructured":"Bonneau, J., Herley, C., van Oorschot, P.C., Stajano, F.: Passwords and the evolution of imperfect authentication. Commun. ACM 58(7), 78\u201387 (2015)","journal-title":"Commun. ACM"},{"issue":"8","key":"10_CR7","doi-asserted-by":"publisher","first-page":"1476","DOI":"10.1109\/JPROC.2016.2637878","volume":"105","author":"T Bujlow","year":"2017","unstructured":"Bujlow, T., Carela-Espanol, V., Lee, B.R., Barlet-Ros, P.: A survey on web tracking: mechanisms, implications, and defenses. Proc. IEEE 105(8), 1476\u20131510 (2017)","journal-title":"Proc. IEEE"},{"key":"10_CR8","unstructured":"Cser, A., Maler, E.: The Forrester Wave: Risk-Based Authentication, Q1 (2012)"},{"key":"10_CR9","doi-asserted-by":"crossref","unstructured":"Das, A., Bonneau, J., Caesar, M., Borisov, N., Wang, X.: The tangled web of password reuse. In: NDSS 2014, San Diego, vol. 14, pp. 23\u201326, February 2014","DOI":"10.14722\/ndss.2014.23357"},{"key":"10_CR10","doi-asserted-by":"crossref","unstructured":"Daud, N.I., Haron, G.R., Othman, S.S.S.: Adaptive authentication: implementing random canvas fingerprinting as user attributes factor. In: ISCAIE, pp. 152\u2013156. IEEE (2017)","DOI":"10.1109\/ISCAIE.2017.8074968"},{"key":"10_CR11","doi-asserted-by":"crossref","unstructured":"Freeman, D., Jain, S., D\u00fcrmuth, M., Biggio, B., Giacinto, G.: Who are you? A statistical approach to measuring user authenticity. In: NDSS 2016, February 2016","DOI":"10.14722\/ndss.2016.23240"},{"key":"10_CR12","unstructured":"Golan, L., Orad, A., Bennett, N.: System and method for risk based authentication. US Patent 8,572,391, October 2013"},{"key":"10_CR13","unstructured":"Google: Notifying Android users natively when devices are added to their account (2016). https:\/\/gsuiteupdates.googleblog.com\/2016\/08\/notifying-android-users-natively-when.html"},{"key":"10_CR14","doi-asserted-by":"crossref","unstructured":"Grassi, P.A., et al.: Digital identity guidelines. Technical Report NIST SP 800-63b (2017)","DOI":"10.6028\/NIST.SP.800-63-3"},{"key":"10_CR15","doi-asserted-by":"crossref","unstructured":"Herley, C., Schechter, S.: Distinguishing attacks from legitimate authentication traffic at scale. In: NDSS 2019, San Diego (2019)","DOI":"10.14722\/ndss.2019.23124"},{"key":"10_CR16","unstructured":"Hurkala, A., Hurkala, J.: Architecture of context-risk-aware authentication system for web environments. In: Proceedings of ICIEIS 2014, Lodz, Poland, September 2014"},{"key":"10_CR17","unstructured":"Iaroshevych, O.: Improving second factor authentication challenges to help protect Facebook account owners. In: SOUPS 2017, Santa Clara, CA, USA, July 2017"},{"key":"10_CR18","unstructured":"Johansson, J., Canavor, D., Hitchcock, D.: Risk-based authentication duration. US Patent 8,683,597, March 2014"},{"key":"10_CR19","unstructured":"Milka, G.: Anatomy of account takeover. In: Enigma 2018. USENIX, January 2018"},{"key":"10_CR20","doi-asserted-by":"crossref","unstructured":"Molloy, I., Dickens, L., Morisset, C., Cheng, P.C., Lobo, J., Russo, A.: Risk-based security decisions under uncertainty. In: CODASPY 2012, pp. 157\u2013168. ACM (2012)","DOI":"10.1145\/2133601.2133622"},{"issue":"11","key":"10_CR21","doi-asserted-by":"publisher","first-page":"594","DOI":"10.1145\/359168.359172","volume":"22","author":"R Morris","year":"1979","unstructured":"Morris, R., Thompson, K.: Password security. Commun. ACM 22(11), 594\u2013597 (1979)","journal-title":"Commun. ACM"},{"key":"10_CR22","doi-asserted-by":"crossref","unstructured":"Petsas, T., Tsirantonakis, G., Athanasopoulos, E., Ioannidis, S.: Two-factor authentication: is the world ready? In: EuroSec 2015, pp. 4:1\u20134:7. ACM (2015)","DOI":"10.1145\/2751323.2751327"},{"key":"10_CR23","unstructured":"Quermann, N., Harbach, M., D\u00fcrmuth, M.: The state of user authentication in the wild. In: Who are you? Adventures in Authentication Workshop 2018, August 2018"},{"key":"10_CR24","unstructured":"Shepard, L., Chen, W., Perry, T., Popov, L.: Using social information for authenticating a user session, December 2014"},{"key":"10_CR25","doi-asserted-by":"crossref","unstructured":"Spooren, J., Preuveneers, D., Joosen, W.: Mobile device fingerprinting considered harmful for risk-based authentication. In: EuroSec 2015, pp. 6:1\u20136:6. ACM (2015)","DOI":"10.1145\/2751323.2751329"},{"key":"10_CR26","doi-asserted-by":"crossref","unstructured":"Steinegger, R.H., Deckers, D., Giessler, P., Abeck, S.: Risk-based authenticator for web applications. In: Proceedings of EuroPlop 2016, pp. 16:1\u201316:11. ACM (2016)","DOI":"10.1145\/3011784.3011800"},{"key":"10_CR27","doi-asserted-by":"crossref","unstructured":"Traore, I., Woungang, I., Obaidat, M.S., Nakkabi, Y., Lai, I.: Combining mouse and keystroke dynamics biometrics for risk-based authentication in web environments. In: Proceedings of ICDH 2012, pp. 138\u2013145. IEEE, November 2012","DOI":"10.1109\/ICDH.2012.59"},{"key":"10_CR28","unstructured":"Vastel, A.: Detecting Chrome headless (2018). https:\/\/antoinevastel.com\/bot%20detection\/2018\/01\/17\/detect-chrome-headless-v2.html"},{"key":"10_CR29","doi-asserted-by":"crossref","unstructured":"Wang, D., Zhang, Z., Wang, P., Yan, J., Huang, X.: Targeted online password guessing: an underestimated threat. In: CCS 2016, pp. 1242\u20131254. ACM (2016)","DOI":"10.1145\/2976749.2978339"},{"key":"10_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"513","DOI":"10.1007\/978-3-319-07536-5_30","volume-title":"Applied Cryptography and Network Security","author":"X Wang","year":"2014","unstructured":"Wang, X., Kohno, T., Blakley, B.: Polymorphism as a defense for automated attack of websites. In: Boureanu, I., Owesarski, P., Vaudenay, S. (eds.) ACNS 2014. LNCS, vol. 8479, pp. 513\u2013530. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-07536-5_30"},{"key":"10_CR31","unstructured":"Wiefling, S., Lo Iacono, L., D\u00fcrmuth, M.: Risk-Based Authentication (2019). https:\/\/riskbasedauthentication.org"}],"container-title":["IFIP Advances in Information and Communication Technology","ICT Systems Security and Privacy Protection"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-22312-0_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,12]],"date-time":"2024-03-12T15:34:31Z","timestamp":1710257671000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-22312-0_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030223113","9783030223120"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-22312-0_10","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"value":"1868-4238","type":"print"},{"value":"1868-422X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"5 June 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SEC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Conference on ICT Systems Security and Privacy Protection","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Lisbon","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Portugal","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 June 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 June 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"34","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"sec2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.ifipsec.org\/2019\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"76","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"26","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"34% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}