{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T23:15:25Z","timestamp":1763507725956,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":56,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,5,15]],"date-time":"2019-05-15T00:00:00Z","timestamp":1557878400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,5,15]]},"DOI":"10.1145\/3317549.3323404","type":"proceedings-article","created":{"date-parts":[[2019,5,17]],"date-time":"2019-05-17T12:52:21Z","timestamp":1558097541000},"page":"60-70","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":12,"title":["2FA-PP"],"prefix":"10.1145","author":[{"given":"Enis","family":"Ulqinaku","sequence":"first","affiliation":[{"name":"ETH Zurich, Switzerland"}]},{"given":"Daniele","family":"Lain","sequence":"additional","affiliation":[{"name":"ETH Zurich, Switzerland"}]},{"given":"Srdjan","family":"Capkun","sequence":"additional","affiliation":[{"name":"ETH Zurich, Switzerland"}]}],"member":"320","published-online":{"date-parts":[[2019,5,15]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/322796.322806"},{"key":"e_1_3_2_1_2_1","unstructured":"Akilnathan Logeswaran Deloitte Digital. accessed oct 2018. How Macron's team thwarted the hackers with one simple trick | World Economic Forum. https:\/\/goo.gl\/G3wvnN.  Akilnathan Logeswaran Deloitte Digital. accessed oct 2018. How Macron's team thwarted the hackers with one simple trick | World Economic Forum. https:\/\/goo.gl\/G3wvnN."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/TMC.2013.90"},{"key":"e_1_3_2_1_4_1","unstructured":"Andy Greenberg Wired.com. accessed oct 2018. Chrome Lets Hackers Phish Even \"Unphishable\" Yubikey Users. https:\/\/www.wired.com\/story\/chrome-yubikey-phishing-webusb.  Andy Greenberg Wired.com. accessed oct 2018. Chrome Lets Hackers Phish Even \"Unphishable\" Yubikey Users. https:\/\/www.wired.com\/story\/chrome-yubikey-phishing-webusb."},{"key":"e_1_3_2_1_5_1","unstructured":"Anti-Phishing Working Group Inc. accessed oct 2018. APWG Reports | APWG. https:\/\/www.antiphishing.org\/resources\/apwg-reports\/.  Anti-Phishing Working Group Inc. accessed oct 2018. APWG Reports | APWG. https:\/\/www.antiphishing.org\/resources\/apwg-reports\/."},{"key":"e_1_3_2_1_6_1","unstructured":"Apple Developers. accessed oct 2018. About Core Bluetooth. https:\/\/goo.gl\/5RyjF0.  Apple Developers. accessed oct 2018. About Core Bluetooth. https:\/\/goo.gl\/5RyjF0."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.20"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991114"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2160158.2160159"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/2736277.2741691"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.44"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2013.106"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382240"},{"key":"e_1_3_2_1_14_1","unstructured":"D. M'Raihi and M. Bellare and F. Hoornaert and D. Naccache and O. Ranen. accessed jan 2018. RFC 6238 - TOTP: Time-based One-time Password Algorithm. https:\/\/tools.ietf.org\/html\/rfc6238.  D. M'Raihi and M. Bellare and F. Hoornaert and D. Naccache and O. Ranen. accessed jan 2018. RFC 6238 - TOTP: Time-based One-time Password Algorithm. https:\/\/tools.ietf.org\/html\/rfc6238."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"crossref","unstructured":"A. Das J. Bonneau M. Caesar N. Borisov and X. Wang. 2014. The Tangled Web of Password Reuse. In NDSS.  A. Das J. Bonneau M. Caesar N. Borisov and X. Wang. 2014. The Tangled Web of Password Reuse. In NDSS.","DOI":"10.14722\/ndss.2014.23357"},{"key":"e_1_3_2_1_16_1","unstructured":"David Smith and Jon Swaine. accessed oct 2018. Russian agents hacked US voting system manufacturer before US election - report | US news | The Guardian. https:\/\/goo.gl\/kMc2mt.  David Smith and Jon Swaine. accessed oct 2018. Russian agents hacked US voting system manufacturer before US election - report | US news | The Guardian. https:\/\/goo.gl\/kMc2mt."},{"key":"e_1_3_2_1_17_1","unstructured":"Dell Cameron Gizmodo.com. accessed jan 2018. Over 560 Million Passwords Discovered in Anonymous Online Database. https:\/\/goo.gl\/TTeXf9.  Dell Cameron Gizmodo.com. accessed jan 2018. Over 560 Million Passwords Discovered in Anonymous Online Database. https:\/\/goo.gl\/TTeXf9."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1124772.1124861"},{"key":"e_1_3_2_1_19_1","unstructured":"Duo. accessed oct 2018. The Trusted Access Company: Duo Security. https:\/\/duo.com.  Duo. accessed oct 2018. The Trusted Access Company: Duo Security. https:\/\/duo.com."},{"key":"e_1_3_2_1_20_1","unstructured":"Ed. A. Popov and M. Nystroem and D. Balfanz and A. Langley. accessed jan 2018. The Token Binding Protocol Version 1.0 draft-ietf-tokbind-protocol-04. https:\/\/tools.ietf.org\/html\/draft-ietf-tokbind-protocol-04.  Ed. A. Popov and M. Nystroem and D. Balfanz and A. Langley. accessed jan 2018. The Token Binding Protocol Version 1.0 draft-ietf-tokbind-protocol-04. https:\/\/tools.ietf.org\/html\/draft-ietf-tokbind-protocol-04."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1357054.1357219"},{"key":"e_1_3_2_1_22_1","unstructured":"FIDO Alliance. accessed oct 2018. FIDO Alliance. https:\/\/fidoalliance.org.  FIDO Alliance. accessed oct 2018. FIDO Alliance. https:\/\/fidoalliance.org."},{"key":"e_1_3_2_1_23_1","unstructured":"Dinei Flor\u00eancio Cormac Herley and Paul C. van Oorschot. 2014. Password Portfolios and the Finite-Effort User: Sustainably Managing Large Numbers of Accounts. In USENIX Security.  Dinei Flor\u00eancio Cormac Herley and Paul C. van Oorschot. 2014. Password Portfolios and the Finite-Effort User: Sustainably Managing Large Numbers of Accounts. In USENIX Security."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"crossref","unstructured":"N. Gelernter S. Kalma B. Magnezi and H. Porcilan. 2017. The Password Reset MitM Attack. In IEEE S&P.  N. Gelernter S. Kalma B. Magnezi and H. Porcilan. 2017. The Password Reset MitM Attack. In IEEE S&P.","DOI":"10.1109\/SP.2017.9"},{"key":"e_1_3_2_1_25_1","unstructured":"Google Developers. accessed apr 2018. Enable automatic sign-in across apps and websites | Smart Lock for Passwords on Android. https:\/\/developers.google.com\/identity\/smartlock-passwords\/android\/associate-apps-and-sites.  Google Developers. accessed apr 2018. Enable automatic sign-in across apps and websites | Smart Lock for Passwords on Android. https:\/\/developers.google.com\/identity\/smartlock-passwords\/android\/associate-apps-and-sites."},{"key":"e_1_3_2_1_26_1","unstructured":"Google Inc. accessed oct 2018. Google Authenticator - Android Apps on Google Play. https:\/\/goo.gl\/uhjTu.  Google Inc. accessed oct 2018. Google Authenticator - Android Apps on Google Play. https:\/\/goo.gl\/uhjTu."},{"key":"e_1_3_2_1_27_1","unstructured":"Google Inc. accessed oct 2018. Sign in faster with 2-Step Verification phone prompts - Google Account Help. https:\/\/goo.gl\/mAEpfQ.  Google Inc. accessed oct 2018. Sign in faster with 2-Step Verification phone prompts - Google Account Help. https:\/\/goo.gl\/mAEpfQ."},{"key":"e_1_3_2_1_28_1","unstructured":"Greg Kumparak. accessed oct 2018. SlickLogin Aims To Kill The Password By Singing A Silent Song To Your Smartphone | TechCrunch. https:\/\/goo.gl\/x9XmCn.  Greg Kumparak. accessed oct 2018. SlickLogin Aims To Kill The Password By Singing A Silent Song To Your Smartphone | TechCrunch. https:\/\/goo.gl\/x9XmCn."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/3241539.3241574"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/2063176.2063197"},{"key":"e_1_3_2_1_31_1","unstructured":"I. Fette and A. Melnikov. accessed oct 2018. RFC 6455 - The WebSocket Protocol. https:\/\/tools.ietf.org\/html\/rfc6455.  I. Fette and A. Melnikov. accessed oct 2018. RFC 6455 - The WebSocket Protocol. https:\/\/tools.ietf.org\/html\/rfc6455."},{"key":"e_1_3_2_1_32_1","unstructured":"Ecma International. accessed oct 2018. ECMAScript 2015 Language Specification - ECMA-262 6th Edition. https:\/\/www.ecma-international.org\/ecma-262\/6.0.  Ecma International. accessed oct 2018. ECMAScript 2015 Language Specification - ECMA-262 6th Edition. https:\/\/www.ecma-international.org\/ecma-262\/6.0."},{"key":"e_1_3_2_1_33_1","unstructured":"Iulia Ion Rob Reeder and Sunny Consolvo. 2015. \"...no one can hack my mind\": Comparing Expert and Non-Expert Security Practices. In USENIX SOUPS.   Iulia Ion Rob Reeder and Sunny Consolvo. 2015. \"...no one can hack my mind\": Comparing Expert and Non-Expert Security Practices. In USENIX SOUPS."},{"key":"e_1_3_2_1_34_1","unstructured":"Nikolaos Karapanos Claudio Marforio Claudio Soriente and Srdjan Capkun. 2015. Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound. In USENIX Security 15.   Nikolaos Karapanos Claudio Marforio Claudio Soriente and Srdjan Capkun. 2015. Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound. In USENIX Security 15."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133989"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/1978942.1979321"},{"key":"e_1_3_2_1_37_1","unstructured":"Kuba Gretzky. accessed oct 2018. Evilginx - Advanced Phishing with Two-factor Authentication Bypass. https:\/\/goo.gl\/fhPddL.  Kuba Gretzky. accessed oct 2018. Evilginx - Advanced Phishing with Two-factor Authentication Bypass. https:\/\/goo.gl\/fhPddL."},{"volume-title":"Security Keys: Practical Cryptographic Second Factors for the Modern Web. In FC.","year":"2016","author":"Lang Juan","key":"e_1_3_2_1_38_1"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/359168.359172"},{"key":"e_1_3_2_1_40_1","unstructured":"National Institute of Standards and Technology (NIST). accessed jan 2018. NIST Special Publication 800-63b. https:\/\/goo.gl\/QL8O95.  National Institute of Standards and Technology (NIST). accessed jan 2018. NIST Special Publication 800-63b. https:\/\/goo.gl\/QL8O95."},{"key":"e_1_3_2_1_41_1","unstructured":"Network Working Group. accessed jan 2018. RFC 4226 - HOTP: An HMAC-Based One-Time Password Algorithm. https:\/\/tools.ietf.org\/html\/rfc4226.  Network Working Group. accessed jan 2018. RFC 4226 - HOTP: An HMAC-Based One-Time Password Algorithm. https:\/\/tools.ietf.org\/html\/rfc4226."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1007\/11889663_1"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046769"},{"key":"e_1_3_2_1_44_1","unstructured":"RSA Security LLC. accessed oct 2018. RSA SecurID Hard Token. https:\/\/www.rsa.com\/en-us\/products\/rsa-securid-suite\/rsa-securid-access\/securid-hardware-tokens.  RSA Security LLC. accessed oct 2018. RSA SecurID Hard Token. https:\/\/www.rsa.com\/en-us\/products\/rsa-securid-suite\/rsa-securid-access\/securid-hardware-tokens."},{"key":"e_1_3_2_1_45_1","unstructured":"Sampath Srinivas and Dirk Balfanz and Eric Tiffany and Alexei Czeskis. accessed oct 2018. Universal 2nd Factor (U2F) Overview. https:\/\/goo.gl\/kY71bA.  Sampath Srinivas and Dirk Balfanz and Eric Tiffany and Alexei Czeskis. accessed oct 2018. Universal 2nd Factor (U2F) Overview. https:\/\/goo.gl\/kY71bA."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2556288.2557330"},{"key":"e_1_3_2_1_47_1","unstructured":"Swati Khandelwal thehackernews.com. accessed oct 2018. Hackers Hijacked Chrome Extension for Web Developers With Over 1 Million Users. https:\/\/goo.gl\/SWPCqF.  Swati Khandelwal thehackernews.com. accessed oct 2018. Hackers Hijacked Chrome Extension for Web Developers With Over 1 Million Users. https:\/\/goo.gl\/SWPCqF."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134067"},{"key":"e_1_3_2_1_49_1","unstructured":"Troy Hunt. accessed jan 2018. Have I been pwned? Pwned websites. https:\/\/haveibeenpwned.com\/PwnedWebsites.  Troy Hunt. accessed jan 2018. Have I been pwned? Pwned websites. https:\/\/haveibeenpwned.com\/PwnedWebsites."},{"key":"e_1_3_2_1_50_1","unstructured":"TWILIO INC. accessed oct 2018. Authy - Two-Factor Authentication App. https:\/\/authy.com.  TWILIO INC. accessed oct 2018. Authy - Two-Factor Authentication App. https:\/\/authy.com."},{"key":"e_1_3_2_1_51_1","unstructured":"Blase Ur Patrick Gage Kelley Saranga Komanduri Joel Lee Michael Maass Michelle L. Mazurek Timothy Passaro Richard Shay Timothy Vidas Lujo Bauer Nicolas Christin and Lorrie Faith Cranor. 2012. How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation. In USENIX Security.   Blase Ur Patrick Gage Kelley Saranga Komanduri Joel Lee Michael Maass Michelle L. Mazurek Timothy Passaro Richard Shay Timothy Vidas Lujo Bauer Nicolas Christin and Lorrie Faith Cranor. 2012. How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation. In USENIX Security."},{"key":"e_1_3_2_1_52_1","unstructured":"VASCO Data Security International Inc. accessed oct 2018. VASCO | Delivering Trust to the Digital World. https:\/\/www.vasco.com.  VASCO Data Security International Inc. accessed oct 2018. VASCO | Delivering Trust to the Digital World. https:\/\/www.vasco.com."},{"key":"e_1_3_2_1_53_1","unstructured":"Web Bluetooth Community Group. accessed oct 2018. Web Bluetooth. https:\/\/goo.gl\/otp9cf.  Web Bluetooth Community Group. accessed oct 2018. Web Bluetooth. https:\/\/goo.gl\/otp9cf."},{"key":"e_1_3_2_1_54_1","unstructured":"WebBluetoothCG. accessed oct 2018. Web Bluetooth Community Group - Github. https:\/\/goo.gl\/gRWTgu.  WebBluetoothCG. accessed oct 2018. Web Bluetooth Community Group - Github. https:\/\/goo.gl\/gRWTgu."},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2004.81"},{"key":"e_1_3_2_1_56_1","unstructured":"Yubico. accessed oct 2018. Buy YoubiKeys at Yubico.com | Shop hardware authentication security keys. https:\/\/www.yubico.com\/store\/.  Yubico. accessed oct 2018. Buy YoubiKeys at Yubico.com | Shop hardware authentication security keys. https:\/\/www.yubico.com\/store\/."}],"event":{"name":"WiSec '19: 12th ACM Conference on Security and Privacy in Wireless and Mobile Networks","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control","SIGMOBILE ACM Special Interest Group on Mobility of Systems, Users, Data and Computing"],"location":"Miami Florida","acronym":"WiSec '19"},"container-title":["Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3317549.3323404","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3317549.3323404","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T20:01:18Z","timestamp":1750276878000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3317549.3323404"}},"subtitle":["2nd factor phishing prevention"],"short-title":[],"issued":{"date-parts":[[2019,5,15]]},"references-count":56,"alternative-id":["10.1145\/3317549.3323404","10.1145\/3317549"],"URL":"https:\/\/doi.org\/10.1145\/3317549.3323404","relation":{},"subject":[],"published":{"date-parts":[[2019,5,15]]},"assertion":[{"value":"2019-05-15","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}