{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T05:13:40Z","timestamp":1755839620403,"version":"3.40.3"},"publisher-location":"Cham","reference-count":36,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031430329"},{"type":"electronic","value":"9783031430336"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-43033-6_5","type":"book-chapter","created":{"date-parts":[[2023,10,21]],"date-time":"2023-10-21T05:01:47Z","timestamp":1697864507000},"page":"43-56","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Authentication of\u00a0IT Professionals in\u00a0the\u00a0Wild \u2013 A Survey"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2901-847X","authenticated-orcid":false,"given":"Agata","family":"Kruzikova","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Vashek","family":"Matyas","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7179-0386","authenticated-orcid":false,"given":"Milan","family":"Broz","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2023,10,21]]},"reference":[{"key":"5_CR1","doi-asserted-by":"publisher","unstructured":"Abbott, J., Patil, S.: How mandatory second factor affects the authentication user experience. In: Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems, pp. 1\u201313. CHI 2020, Association for Computing Machinery, New York, NY, USA (2020). https:\/\/doi.org\/10.1145\/3313831.3376457","DOI":"10.1145\/3313831.3376457"},{"key":"5_CR2","unstructured":"Acar, Y., Stransky, C., Wermke, D., Mazurek, M., Fahl, S.: Security developer studies with GitHub users: exploring a convenience sample. In: Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017), pp. 81\u201395. USENIX Association, Santa Clara, CA (2017)"},{"key":"5_CR3","doi-asserted-by":"crossref","unstructured":"Addas, A., Thorpe, J., Salehi-Abari, A.: Geographical security questions for fallback authentication. In: 2019 17th International Conference on Privacy, Security and Trust (PST), pp. 1\u20136 (2019)","DOI":"10.1109\/PST47121.2019.8949063"},{"key":"5_CR4","doi-asserted-by":"publisher","unstructured":"Bonneau, J., Bursztein, E., Caron, I., Jackson, R., Williamson, M.: Secrets, lies, and account recovery: lessons from the use of personal knowledge questions at google. In: Proceedings of the 24th International Conference on World Wide Web, pp. 141\u2013150. WWW 2015, International World Wide Web Conferences Steering Committee, Republic and Canton of Geneva, CHE (2015). https:\/\/doi.org\/10.1145\/2736277.2741691","DOI":"10.1145\/2736277.2741691"},{"key":"5_CR5","unstructured":"Brewer, E., Pike, R., Arya, A., Bertucio, A., Lewandowski, K.: Know, prevent, fix: a framework for shifting the discussion around vulnerabilities in open source (2021). https:\/\/opensource.googleblog.com\/2021\/02\/know-prevent-fix-framework-for-shifting-discussion-around-vulnerabilities-in-open-source.html"},{"key":"5_CR6","first-page":"160","volume-title":"Financial Cryptography and Data Security","author":"S Das","year":"2018","unstructured":"Das, S., Dingman, A., Camp, L.J.: Why Johnny doesn\u2019t use two factor a two-phase usability study of the FIDO U2F security key. In: Meiklejohn, S., Sako, K. (eds.) Financial Cryptography and Data Security, pp. 160\u2013179. Springer, Berlin Heidelberg, Berlin, Heidelberg (2018)"},{"key":"5_CR7","unstructured":"GitHub Docs: Recovering your account if you lose your 2FA credentials (2021). https:\/\/docs.github.com\/en\/github\/authenticating-to-github\/securing-your-account-with-two-factor-authentication-2fa\/recovering-your-account-if-you-lose-your-2fa-credentials"},{"key":"5_CR8","unstructured":"Fagan, M., Khan, M.M.H.: Why do they do what they do?: a study of what motivates users to (not) follow computer security advice. In: Twelfth Symposium on Usable Privacy and Security (SOUPS 2016), pp. 59\u201375. USENIX Association, Denver, CO (2016)"},{"key":"5_CR9","doi-asserted-by":"publisher","unstructured":"Han, J.K., Bi, X., Kim, H., Woo, S.: PassTag: a graphical-textual hybrid fallback authentication system. In: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, pp. 60\u201372. ASIA CCS 2020, Association for Computing Machinery, New York, NY, USA (2020). https:\/\/doi.org\/10.1145\/3320269.3384737","DOI":"10.1145\/3320269.3384737"},{"key":"5_CR10","doi-asserted-by":"publisher","unstructured":"Hang, A., De Luca, A., Hussmann, H.: I know what you did last week! do you? dynamic security questions for fallback authentication on smartphones. In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 1383\u20131392. CHI 2015, Association for Computing Machinery, New York, NY, USA (2015). https:\/\/doi.org\/10.1145\/2702123.2702131","DOI":"10.1145\/2702123.2702131"},{"key":"5_CR11","doi-asserted-by":"publisher","first-page":"245","DOI":"10.1007\/978-3-642-39077-7_13","volume-title":"Privacy Enhancing Technologies","author":"M Harbach","year":"2013","unstructured":"Harbach, M., Fahl, S., Rieger, M., Smith, M.: On the acceptance of privacy-preserving authentication technology: the curious case of national identity cards. In: De Cristofaro, E., Wright, M. (eds.) Privacy Enhancing Technologies, pp. 245\u2013264. Springer, Berlin Heidelberg, Berlin, Heidelberg (2013)"},{"key":"5_CR12","unstructured":"Ion, I., Reeder, R., Consolvo, S.: \u201c...no one can hack my mind\": comparing expert and non-expert security practices. In: Eleventh Symposium On Usable Privacy and Security (SOUPS 2015), pp. 327\u2013346. USENIX Association, Ottawa (2015)"},{"issue":"12","key":"5_CR13","doi-asserted-by":"publisher","first-page":"46","DOI":"10.1145\/3424260","volume":"63","author":"RP Jover","year":"2020","unstructured":"Jover, R.P.: Security analysis of SMS as a second factor of authentication. Commun. ACM 63(12), 46\u201352 (2020). https:\/\/doi.org\/10.1145\/3424260","journal-title":"Commun. ACM"},{"key":"5_CR14","doi-asserted-by":"publisher","unstructured":"Krol, K., Philippou, E., De Cristofaro, E., Sasse, A.: \u201cthey brought in the horrible key ring thing!\u201d analysing the usability of two-factor authentication in UK online banking. The 2015 Network and Distributed System Security Symposium (NDSS) (2015). https:\/\/doi.org\/10.14722\/usec.2015.23001","DOI":"10.14722\/usec.2015.23001"},{"key":"5_CR15","unstructured":"Lewandowski, K.: Digital identity attestation roundup (2021). https:\/\/openssf.org\/blog\/2021\/01\/27\/digital-identity-attestation-roundup\/"},{"key":"5_CR16","doi-asserted-by":"publisher","first-page":"620","DOI":"10.1109\/TDSC.2020.2975789","volume":"19","author":"Y Li","year":"2020","unstructured":"Li, Y., Chen, Z., Wang, H., Sun, K., Jajodia, S.: Understanding account recovery in the wild and its security implications. IEEE Trans. Dependable Secure Comput. 19, 620\u2013634 (2020). https:\/\/doi.org\/10.1109\/TDSC.2020.2975789","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"5_CR17","doi-asserted-by":"publisher","unstructured":"Nilsson, M., Adams, A., Herd, S.: Building security and trust in online banking. In: CHI 2005 Extended Abstracts on Human Factors in Computing Systems, pp. 1701\u20131704. CHI EA 2005, Association for Computing Machinery, New York, NY, USA (2005). https:\/\/doi.org\/10.1145\/1056808.1057001","DOI":"10.1145\/1056808.1057001"},{"key":"5_CR18","unstructured":"Forsgren, N., et al.: 2020 State of the Octoverse: Securing the World\u2019s Software, October 2021"},{"key":"5_CR19","unstructured":"OpenSSF: Wg digital identity attestation (formerly developer identity) (2021). https:\/\/github.com\/ossf\/wg-digital-identity-attestation"},{"key":"5_CR20","unstructured":"Osborne, C.: Microsoft investigates potential ties between partner security firm, exchange server attack code leak (2021). www.zdnet.com\/article\/microsoft-investigates-potential-tie-between-partner-firm-and-potential-exchange-bug-leak\/"},{"key":"5_CR21","unstructured":"Stack Overflow: 2020 developer survey (2020). https:\/\/insights.stackoverflow.com\/survey\/2020"},{"key":"5_CR22","doi-asserted-by":"publisher","unstructured":"Rabkin, A.: Personal knowledge questions for fallback authentication: security questions in the era of facebook. In: Proceedings of the 4th Symposium on Usable Privacy and Security, pp. 13\u201323. SOUPS 2008, Association for Computing Machinery, New York, NY, USA (2008). https:\/\/doi.org\/10.1145\/1408664.1408667","DOI":"10.1145\/1408664.1408667"},{"key":"5_CR23","unstructured":"Ramakrishna, S.: Our plan for a safer SolarWinds and customer community (2021). https:\/\/orangematter.solarwinds.com\/2021\/01\/07\/our-plan-for-a-safer-solarwinds-and-customer-community\/"},{"key":"5_CR24","unstructured":"Reese, K., Smith, T., Dutson, J., Armknecht, J., Cameron, J., Seamons, K.: A usability study of five two-factor authentication methods. In: Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019), pp. 357\u2013370. USENIX Association, Santa Clara, CA (2019)"},{"key":"5_CR25","doi-asserted-by":"publisher","unstructured":"Ruoti, S., Roberts, B., Seamons, K.: Authentication melee: a usability analysis of seven web authentication systems. In: Proceedings of the 24th International Conference on World Wide Web, pp. 916\u2013926. WWW 2015, International World Wide Web Conferences Steering Committee, Republic and Canton of Geneva, CHE (2015). https:\/\/doi.org\/10.1145\/2736277.2741683","DOI":"10.1145\/2736277.2741683"},{"key":"5_CR26","unstructured":"Sonatype: 2020 state of the software supply chain. The 6th Annual Report on Global Open Source Software Development 6, Sonatype (2020)"},{"key":"5_CR27","unstructured":"Sonatype: 8th annual state of the software supply chain. 8th Annual State of the Software Supply Chain 8, Sonatype (2022)"},{"key":"5_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1007\/978-3-319-45931-8_3","volume-title":"Information Security Theory and Practice","author":"V Stavova","year":"2016","unstructured":"Stavova, V., Matyas, V., Just, M.: Codes v. people: a comparative usability study of two password recovery mechanisms. In: Foresti, S., Lopez, J. (eds.) WISTP 2016. LNCS, vol. 9895, pp. 35\u201350. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-45931-8_3"},{"key":"5_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-319-29938-9_1","volume-title":"Technology and Practice of Passwords","author":"E Stobert","year":"2016","unstructured":"Stobert, E., Biddle, R.: Expert password management. In: Stajano, F., Mj\u00f8lsnes, S.F., Jenkinson, G., Thorsheim, P. (eds.) PASSWORDS 2015. LNCS, vol. 9551, pp. 3\u201320. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-29938-9_1"},{"key":"5_CR30","doi-asserted-by":"publisher","unstructured":"Trewin, S., Swart, C., Koved, L., Singh, K.: Perceptions of risk in mobile transaction. In: 2016 IEEE Security and Privacy Workshops (SPW), pp. 214\u2013223. IEEE, San Jose, CA, USA (2016). https:\/\/doi.org\/10.1109\/SPW.2016.37","DOI":"10.1109\/SPW.2016.37"},{"key":"5_CR31","unstructured":"Vijayan, J.: Assessing cybersecurity risk in today\u2019s enterprises (2019). https:\/\/www.anomali.com\/resources\/whitepapers\/dark-reading-assessing-cybersecurity-risk-in-todays-enterprises"},{"key":"5_CR32","doi-asserted-by":"publisher","unstructured":"Weidman, J., Grossklags, J.: I like it, but i hate it: Employee perceptions towards an institutional transition to BYOD second-factor authentication. In: Proceedings of the 33rd Annual Computer Security Applications Conference, pp. 212\u2013224. ACSAC 2017, Association for Computing Machinery, New York, NY, USA (2017). https:\/\/doi.org\/10.1145\/3134600.3134629","DOI":"10.1145\/3134600.3134629"},{"issue":"1","key":"5_CR33","doi-asserted-by":"publisher","first-page":"47","DOI":"10.1016\/j.cose.2008.09.008","volume":"28","author":"C Weir","year":"2009","unstructured":"Weir, C., Douglas, G., Carruthers, M., Jack, M.: User perceptions of security, convenience and usability for ebanking authentication tokens. Comput. Secur. 28(1), 47\u201362 (2009). https:\/\/doi.org\/10.1016\/j.cose.2008.09.008","journal-title":"Comput. Secur."},{"issue":"3","key":"5_CR34","doi-asserted-by":"publisher","first-page":"153","DOI":"10.1016\/j.intcom.2009.10.001","volume":"22","author":"C Weir","year":"2010","unstructured":"Weir, C., Douglas, G., Richardson, T., Jack, M.: Usable security: user preferences for authentication methods in eBanking and the effects of experience. Interact. Comput. 22(3), 153\u2013164 (2010). https:\/\/doi.org\/10.1016\/j.intcom.2009.10.001","journal-title":"Interact. Comput."},{"key":"5_CR35","unstructured":"Winds, S.: Solarwinds security advisory (2021). www.solarwinds.com\/sa-overview\/securityadvisory#anchor2"},{"issue":"4","key":"5_CR36","doi-asserted-by":"publisher","first-page":"320","DOI":"10.1080\/0144929X.2018.1436591","volume":"37","author":"F Wolf","year":"2018","unstructured":"Wolf, F., Kuber, R., Aviv, A.: An empirical study examining the perceptions and behaviours of security-conscious users of mobile authentication. Behav. Inf. Technol. 37(4), 320\u2013334 (2018). https:\/\/doi.org\/10.1080\/0144929X.2018.1436591","journal-title":"Behav. Inf. Technol."}],"container-title":["Lecture Notes in Computer Science","Security Protocols XXVIII"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-43033-6_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,10,21]],"date-time":"2023-10-21T05:02:14Z","timestamp":1697864534000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-43033-6_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031430329","9783031430336"],"references-count":36,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-43033-6_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"21 October 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"Security Protocols","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Cambridge International Workshop on Security Protocols","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Cambridge","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Kingdom","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 March 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28 March 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"spw2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.cl.cam.ac.uk\/events\/spw\/2023\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"CMT3","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"23","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"13","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"57% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"23","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}