{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,7]],"date-time":"2026-03-07T18:56:17Z","timestamp":1772909777739,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":48,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783662643303","type":"print"},{"value":"9783662643310","type":"electronic"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-662-64331-0_19","type":"book-chapter","created":{"date-parts":[[2021,10,22]],"date-time":"2021-10-22T23:16:12Z","timestamp":1634944572000},"page":"361-381","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":15,"title":["What\u2019s in Score for Website Users: A Data-Driven Long-Term Study on Risk-Based Authentication Characteristics"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7917-6065","authenticated-orcid":false,"given":"Stephan","family":"Wiefling","sequence":"first","affiliation":[]},{"given":"Markus","family":"D\u00fcrmuth","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7863-0622","authenticated-orcid":false,"given":"Luigi","family":"Lo Iacono","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,10,23]]},"reference":[{"issue":"1","key":"19_CR1","first-page":"19","volume":"43","author":"A Abdou","year":"2018","unstructured":"Abdou, A., van Oorschot, P.C.: Secure client and server geolocation over the Internet. Login 43(1), 19\u201325 (2018)","journal-title":"Login"},{"key":"19_CR2","unstructured":"Akamai: Credential Stuffing: Attacks and Economies. [state of the internet]\/security 5 (Special Media Edition) (April 2019)"},{"key":"19_CR3","doi-asserted-by":"crossref","unstructured":"Alaca, F., van Oorschot, P.C.: Device fingerprinting for augmenting web authentication: classification and analysis of methods. In: ACSAC 2016 (December 2016)","DOI":"10.1145\/2991079.2991091"},{"key":"19_CR4","unstructured":"Andriamilanto, N., Allard, T., Guelvouit, G.L.: Guess Who?. In: IMIS 2020 (2021)"},{"key":"19_CR5","doi-asserted-by":"crossref","unstructured":"Bonneau, J.: The science of guessing: analyzing an anonymized corpus of 70 million passwords. In: SP 2012 (May 2012)","DOI":"10.1109\/SP.2012.49"},{"key":"19_CR6","unstructured":"Bonneau, J., Felten, E.W., Mittal, P., Narayanan, A.: Privacy concerns of implicit secondary factors for web authentication. In: WAY 2014 (2014)"},{"issue":"8","key":"19_CR7","doi-asserted-by":"publisher","first-page":"1476","DOI":"10.1109\/JPROC.2016.2637878","volume":"105","author":"T Bujlow","year":"2017","unstructured":"Bujlow, T., Carela-Espanol, V., Lee, B.R., Barlet-Ros, P.: A survey on web tracking: mechanisms, implications, and defenses. Proc. IEEE 105(8), 1476\u20131510 (2017)","journal-title":"Proc. IEEE"},{"key":"19_CR8","doi-asserted-by":"crossref","unstructured":"Campobasso, M., Allodi, L.: Impersonation-as-a-service: characterizing the emerging criminal infrastructure for user impersonation at scale. In: CCS 2020 (November 2020)","DOI":"10.1145\/3372297.3417892"},{"key":"19_CR9","unstructured":"caniuse.com: Web sockets (July 2020)"},{"issue":"3","key":"19_CR10","doi-asserted-by":"publisher","first-page":"531","DOI":"10.1177\/0013164491513002","volume":"51","author":"JC Chan","year":"1991","unstructured":"Chan, J.C.: Response-order effects in Likert-type scales. Educ. Psychol. Meas. 51(3), 531\u2013540 (1991)","journal-title":"Educ. Psychol. Meas."},{"key":"19_CR11","unstructured":"Cohen, J.: Statistical Power Analysis for the Behavioral Sciences, 2nd edn. (1988)"},{"key":"19_CR12","doi-asserted-by":"crossref","unstructured":"Das, A., Bonneau, J., Caesar, M., Borisov, N., Wang, X.: The tangled web of password reuse. In: NDSS 2014 (February 2014)","DOI":"10.14722\/ndss.2014.23357"},{"key":"19_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"160","DOI":"10.1007\/978-3-662-58387-6_9","volume-title":"Financial Cryptography and Data Security","author":"S Das","year":"2018","unstructured":"Das, S., Dingman, A., Camp, L.J.: Why Johnny doesn\u2019t use two factor a two-phase usability study of the FIDO U2F security key. In: Meiklejohn, S., Sako, K. (eds.) FC 2018. LNCS, vol. 10957, pp. 160\u2013179. Springer, Heidelberg (2018). https:\/\/doi.org\/10.1007\/978-3-662-58387-6_9"},{"key":"19_CR14","doi-asserted-by":"crossref","unstructured":"Daud, N.I., Haron, G.R., Othman, S.S.S.: Adaptive authentication: implementing random canvas fingerprinting as user attributes factor. In: ISCAIE 2017 (April 2017)","DOI":"10.1109\/ISCAIE.2017.8074968"},{"key":"19_CR15","doi-asserted-by":"crossref","unstructured":"Dhamija, R., Tygar, J.D., Hearst, M.: Why phishing works. In: CHI 2006 (April 2006)","DOI":"10.1145\/1124772.1124861"},{"key":"19_CR16","doi-asserted-by":"crossref","unstructured":"Djosic, N., Nokovic, B., Sharieh, S.: Machine learning in action: securing IAM API by risk authentication decision engine. In: CNS 2020 (June 2020)","DOI":"10.1109\/CNS48642.2020.9162317"},{"key":"19_CR17","doi-asserted-by":"crossref","unstructured":"Dutson, J., Allen, D., Eggett, D., Seamons, K.: \u201cDon\u2019t punish all of us\u201d: measuring user attitudes about two-factor authentication. In: EuroUSEC 2019 (June 2019)","DOI":"10.1109\/EuroSPW.2019.00020"},{"key":"19_CR18","unstructured":"FireHOL: All cybercrime ip feeds (August 2020). http:\/\/iplists.firehol.org\/?ipset=firehol_level4"},{"key":"19_CR19","doi-asserted-by":"crossref","unstructured":"Florencio, D., Herley, C.: A large-scale study of web password habits. In: WWW 2007 (May 2007)","DOI":"10.1145\/1242572.1242661"},{"key":"19_CR20","doi-asserted-by":"crossref","unstructured":"Freeman, D., Jain, S., D\u00fcrmuth, M., Biggio, B., Giacinto, G.: Who are you? A statistical approach to measuring user authenticity. In: NDSS 2016 (February 2016)","DOI":"10.14722\/ndss.2016.23240"},{"key":"19_CR21","unstructured":"Gaddam, A.: Usage of behavioral biometric technologies to defend against bots. In: Enigma 2019 (January 2019)"},{"key":"19_CR22","doi-asserted-by":"crossref","unstructured":"Grassi, P.A., et al.: Digital identity guidelines: authentication and lifecycle management. Tech. rep. NIST SP 800\u201363b, NIST, Gaithersburg, MD (June 2017)","DOI":"10.1016\/S0969-4765(17)30040-1"},{"issue":"1","key":"19_CR23","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1016\/S1697-2600(14)70040-7","volume":"14","author":"J Hartley","year":"2014","unstructured":"Hartley, J.: Some thoughts on Likert-type scales. Int. J. Clin. Health Psychol. 14(1), 83\u201386 (2014)","journal-title":"Int. J. Clin. Health Psychol."},{"key":"19_CR24","doi-asserted-by":"crossref","unstructured":"Hurka\u0142a, A., Hurka\u0142a, J.: Architecture of context-risk-aware authentication system for web environments. In: ICIEIS 2014 (September 2014)","DOI":"10.1155\/2014\/108673"},{"key":"19_CR25","unstructured":"IBM: Log File Formats: NCSA Combined Log Format (2003)"},{"issue":"1","key":"19_CR26","doi-asserted-by":"publisher","first-page":"42","DOI":"10.2307\/2981421","volume":"145","author":"G Kalton","year":"1982","unstructured":"Kalton, G., Schuman, H.: The effect of the question on survey responses: a review. J. R. Stat. Soc. Ser. A (Gen.) 145(1), 42\u201357 (1982)","journal-title":"J. R. Stat. Soc. Ser. A (Gen.)"},{"key":"19_CR27","unstructured":"Melnikov, A., Fette, I.: The WebSocket Protocol. No. 6455 in Request for Comments (December 2011)"},{"key":"19_CR28","doi-asserted-by":"crossref","unstructured":"Molloy, I., Dickens, L., Morisset, C., Cheng, P.C., Lobo, J., Russo, A.: Risk-based security decisions under uncertainty. In: CODASPY 2012 (February 2012)","DOI":"10.1145\/2133601.2133622"},{"issue":"11","key":"19_CR29","doi-asserted-by":"publisher","first-page":"594","DOI":"10.1145\/359168.359172","volume":"22","author":"R Morris","year":"1979","unstructured":"Morris, R., Thompson, K.: Password security. Commun. ACM 22(11), 594\u2013597 (1979)","journal-title":"Commun. ACM"},{"key":"19_CR30","unstructured":"Mowery, K., Shacham, H.: Pixel perfect. In: W2SP 2012 (May 2012)"},{"key":"19_CR31","unstructured":"Open Identity Platform: OpenAM: Adaptive Authentication Module (August 2016). https:\/\/git.io\/JteWg"},{"key":"19_CR32","doi-asserted-by":"crossref","unstructured":"Pal, B., Daniel, T., Chatterjee, R., Ristenpart, T.: Beyond credential stuffing: password similarity models using neural networks. In: SP 2019 (May 2019)","DOI":"10.1109\/SP.2019.00056"},{"key":"19_CR33","doi-asserted-by":"crossref","unstructured":"Percival, C., Josefsson, S.: The scrypt password-based key derivation function. Tech. rep. RFC7914 (August 2016)","DOI":"10.17487\/RFC7914"},{"issue":"2","key":"19_CR34","first-page":"558","volume":"2020","author":"G Pugliese","year":"2020","unstructured":"Pugliese, G., Riess, C., Gassmann, F., Benenson, Z.: Long-term observation on browser fingerprinting. Proc. PETS 2020(2), 558\u2013577 (2020)","journal-title":"Proc. PETS"},{"key":"19_CR35","unstructured":"Quermann, N., Harbach, M., D\u00fcrmuth, M.: The state of user authentication in the wild. In: WAY 2018 (August 2018)"},{"key":"19_CR36","doi-asserted-by":"crossref","unstructured":"Reynolds, J., Smith, T., Reese, K., Dickinson, L., Ruoti, S., Seamons, K.: A tale of two studies: the best and worst of yubikey usability. In: SP 2018 (May 2018)","DOI":"10.1109\/SP.2018.00067"},{"key":"19_CR37","doi-asserted-by":"crossref","unstructured":"Rivera, E., Tengana, L., Solano, J., Castelblanco, A., L\u00f3pez, C., Ochoa, M.: Risk-based authentication based on network latency profiling. In: AISec 2020 (2020)","DOI":"10.1145\/3411508.3421377"},{"issue":"3","key":"19_CR38","doi-asserted-by":"publisher","first-page":"417","DOI":"10.1093\/poq\/nfi028","volume":"69","author":"EM Shaeffer","year":"2005","unstructured":"Shaeffer, E.M.: Comparing the quality of data obtained by minimally balanced and fully balanced attitude questions. Public Opin. Q. 69(3), 417\u2013428 (2005)","journal-title":"Public Opin. Q."},{"key":"19_CR39","doi-asserted-by":"crossref","unstructured":"Shay, R., Ion, I., Reeder, R.W., Consolvo, S.: My religious aunt asked why i was trying to sell her viagra. In: CHI 2014 (April 2014)","DOI":"10.1145\/2556288.2557330"},{"key":"19_CR40","doi-asserted-by":"crossref","unstructured":"Spooren, J., Preuveneers, D., Joosen, W.: Mobile device fingerprinting considered harmful for risk-based authentication. In: EuroSec 2015 (April 2015)","DOI":"10.1145\/2751323.2751329"},{"key":"19_CR41","doi-asserted-by":"crossref","unstructured":"Stadnik, W., Nowak, Z.: The impact of web pages\u2019 load time on the conversion rate of an e-commerce platform. In: ISAT 2017 (September 2018)","DOI":"10.1007\/978-3-319-67220-5_31"},{"key":"19_CR42","doi-asserted-by":"crossref","unstructured":"Steinegger, R.H., Deckers, D., Giessler, P., Abeck, S.: Risk-based authenticator for web applications. In: EuroPlop 2016 (June 2016)","DOI":"10.1145\/3011784.3011800"},{"key":"19_CR43","unstructured":"Thomas, K., et al.: Protecting accounts from credential stuffing with password breach alerting. In: USENIX Security 2019 (August 2019)"},{"key":"19_CR44","doi-asserted-by":"crossref","unstructured":"Wiefling, S., D\u00fcrmuth, M., Lo Iacono, L.: What\u2019s in score for website users: a data-driven long-term study on risk-based authentication characteristics. In: FC 2021 (Pre-Proceedings) (March 2021). https:\/\/nbn-resolving.org\/urn:nbn:de:hbz:1044-opus-53053","DOI":"10.1007\/978-3-662-64331-0_19"},{"key":"19_CR45","doi-asserted-by":"crossref","unstructured":"Wiefling, S., D\u00fcrmuth, M., Lo Iacono, L.: More than just good passwords? A study on usability and security perceptions of risk-based authentication. In: ACSAC 2020 (December 2020)","DOI":"10.1145\/3427228.3427243"},{"key":"19_CR46","doi-asserted-by":"crossref","unstructured":"Wiefling, S., Lo Iacono, L., D\u00fcrmuth, M.: Is this really you? An empirical study on risk-based authentication applied in the wild. In: IFIP SEC 2019 (June 2019)","DOI":"10.1007\/978-3-030-22312-0_10"},{"key":"19_CR47","doi-asserted-by":"crossref","unstructured":"Wiefling, S., Patil, T., D\u00fcrmuth, M., Lo Iacono, L.: Evaluation of risk-based re-authentication methods. In: IFIP SEC 2020 (September 2020)","DOI":"10.1007\/978-3-030-58201-2_19"},{"key":"19_CR48","doi-asserted-by":"crossref","unstructured":"von Zezschwitz, E., De Luca, A., Hussmann, H.: Honey, I shrunk the keys. In: NordiCHI 2014 (October 2014)","DOI":"10.1145\/2639189.2639218"}],"container-title":["Lecture Notes in Computer Science","Financial Cryptography and Data Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-662-64331-0_19","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,1,13]],"date-time":"2023-01-13T12:56:48Z","timestamp":1673614608000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-662-64331-0_19"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783662643303","9783662643310"],"references-count":48,"URL":"https:\/\/doi.org\/10.1007\/978-3-662-64331-0_19","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"23 October 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"FC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Financial Cryptography and Data Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"1 March 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"5 March 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"fc2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/fc21.ifca.ai\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}