{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,8]],"date-time":"2026-04-08T16:25:35Z","timestamp":1775665535728,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":49,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,12,7]],"date-time":"2020-12-07T00:00:00Z","timestamp":1607299200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Ministerium f\u00fcr Kultur und Wissenschaft des Landes Nordrhein-Westfalen"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,12,7]]},"DOI":"10.1145\/3427228.3427243","type":"proceedings-article","created":{"date-parts":[[2020,12,9]],"date-time":"2020-12-09T22:20:18Z","timestamp":1607552418000},"page":"203-218","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":30,"title":["More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication"],"prefix":"10.1145","author":[{"given":"Stephan","family":"Wiefling","sequence":"first","affiliation":[{"name":"H-BRS University of Applied Sciences Ruhr University Bochum, Germany"}]},{"given":"Markus","family":"D\u00fcrmuth","sequence":"additional","affiliation":[{"name":"Ruhr University Bochum, Germany"}]},{"given":"Luigi","family":"Lo Iacono","sequence":"additional","affiliation":[{"name":"H-BRS University of Applied Sciences"}]}],"member":"320","published-online":{"date-parts":[[2020,12,8]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1177\/1541931218621262"},{"key":"e_1_3_2_1_2_1","volume-title":"Ask Me Again But Don\u2019t Annoy Me: Evaluating Re-authentication Strategies for Smartphones. In Twelfth Symposium on Usable Privacy and Security","author":"Agarwal Lalit","year":"2016"},{"key":"e_1_3_2_1_3_1","volume-title":"Advances in Neuroergonomics and Cognitive Engineering, Hasan Ayazand Lukasz Mazur (Eds.). Vol.\u00a0775","author":"AlHogail Areej"},{"issue":"9","key":"e_1_3_2_1_4_1","first-page":"038","article-title":"Risk based authentication","author":"Allen Nicholas\u00a0Alexander","year":"2015","journal-title":"Patent"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.49"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2699390"},{"key":"e_1_3_2_1_7_1","volume-title":"SUS-A quick and dirty usability scale. Usability evaluation in industry 189, 194","author":"Brooke John","year":"1996"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1177\/0013164491513002"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3173574.3174030"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1186\/2196-064X-1-7"},{"key":"e_1_3_2_1_11_1","volume-title":"The Tangled Web of Password Reuse. In 2014 Network and Distributed System Security Symposium","author":"Das Anupam","year":"2014"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-58387-6_9"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.14722\/usec.2014.23025"},{"key":"e_1_3_2_1_14_1","volume-title":"Why Phishing Works. In SIGCHI Conference on Human Factors in Computing Systems","author":"Dhamija Rachna","year":"2006"},{"key":"e_1_3_2_1_15_1","unstructured":"Duo Security. 2019. Using Remembered Devices & Authorized Networks Controls. https:\/\/duo.com\/docs\/remembered-devices  Duo Security. 2019. Using Remembered Devices & Authorized Networks Controls. https:\/\/duo.com\/docs\/remembered-devices"},{"key":"e_1_3_2_1_16_1","volume-title":"Two-Factor Authentication. In 4th European Workshop on Usable Security","author":"Dutson Jonathan","year":"2019"},{"key":"e_1_3_2_1_17_1","unstructured":"Facebook. 2020. What is two-factor authentication and how does it work on Facebook?https:\/\/www.facebook.com\/help\/148233965247823  Facebook. 2020. What is two-factor authentication and how does it work on Facebook?https:\/\/www.facebook.com\/help\/148233965247823"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242661"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23240"},{"key":"e_1_3_2_1_20_1","unstructured":"Google. 2020. Add or remove trusted computers. https:\/\/support.google.com\/accounts\/answer\/2544838  Google. 2020. Add or remove trusted computers. https:\/\/support.google.com\/accounts\/answer\/2544838"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2010.12.001"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1697-2600(14)70040-7"},{"key":"e_1_3_2_1_24_1","volume-title":"Architecture of Context-Risk-Aware Authentication System for Web Environments. In Third International Conference on Informatics Engineering and Information Science","author":"Hurkala Adam","year":"2014"},{"key":"e_1_3_2_1_25_1","volume-title":"Thirteenth Symposium on Usable Privacy and Security","author":"Iaroshevych Oleg","year":"2017"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.2307\/2981421"},{"key":"e_1_3_2_1_27_1","volume-title":"Sometimes Annoying. In Eleventh Symposium On Usable Privacy and Security","author":"Khan Hassan","year":"2015"},{"key":"e_1_3_2_1_29_1","volume-title":"Analysing the Usability of Two-Factor Authentication in UK Online Banking. NDSS Workshop on Usable Security. https:\/\/doi.org\/10","author":"Krol Kat","year":"2015"},{"key":"e_1_3_2_1_30_1","volume-title":"Interrater reliability: the kappa statistic. Biochemia Medica (Oct","author":"McHugh L.","year":"2012"},{"key":"e_1_3_2_1_31_1","volume-title":"Enigma 2018 (Santa Clara, CA)","author":"Milka Grzergor","year":"2081"},{"key":"e_1_3_2_1_32_1","volume-title":"Risk-based Security Decisions Under Uncertainty. In Second ACM Conference on Data and Application Security and Privacy","author":"Molloy Ian","year":"2012"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/359168.359172"},{"key":"e_1_3_2_1_35_1","unstructured":"Nils Quermann Marian Harbach and Markus D\u00fcrmuth. 2018. The State of User Authentication in the Wild. In Who are you?! Adventures in Authentication Workshop 2018 (Baltimore MD USA) (WAY \u201918). https:\/\/wayworkshop.org\/2018\/papers\/way2018-quermann.pdf  Nils Quermann Marian Harbach and Markus D\u00fcrmuth. 2018. The State of User Authentication in the Wild. In Who are you?! Adventures in Authentication Workshop 2018 (Baltimore MD USA) (WAY \u201918). https:\/\/wayworkshop.org\/2018\/papers\/way2018-quermann.pdf"},{"key":"e_1_3_2_1_36_1","volume-title":"Technical Report","author":"Rainie Lee","year":"2013"},{"key":"e_1_3_2_1_37_1","unstructured":"Elissa\u00a0M Redmiles Everest Liu and Michelle\u00a0L Mazurek. 2017. You Want Me To Do What? A Design Study of Two-Factor Authentication Messages. In Who Are You?! Adventures in Authentication (Santa Clara CA USA) (WAY \u201917). https:\/\/www.usenix.org\/conference\/soups2017\/workshop-program\/way2017\/redmiles  Elissa\u00a0M Redmiles Everest Liu and Michelle\u00a0L Mazurek. 2017. You Want Me To Do What? A Design Study of Two-Factor Authentication Messages. In Who Are You?! Adventures in Authentication (Santa Clara CA USA) (WAY \u201917). https:\/\/www.usenix.org\/conference\/soups2017\/workshop-program\/way2017\/redmiles"},{"key":"e_1_3_2_1_38_1","volume-title":"Fifteenth Symposium on Usable Privacy and Security","author":"Reese Ken","year":"2019"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00067"},{"key":"e_1_3_2_1_40_1","volume-title":"Quantifying the user experience: practical statistics for user research","author":"Sauro Jeff"},{"key":"e_1_3_2_1_41_1","volume-title":"Internet users","author":"Schomakers Eva-Maria","year":"2019"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1093\/poq\/nfi028"},{"key":"e_1_3_2_1_43_1","unstructured":"Nishit Shah. 2011. Advanced sign-in security for your Google account. https:\/\/googleblog.blogspot.de\/2011\/02\/advanced-sign-in-security-for-your.html  Nishit Shah. 2011. Advanced sign-in security for your Google account. https:\/\/googleblog.blogspot.de\/2011\/02\/advanced-sign-in-security-for-your.html"},{"issue":"8","key":"e_1_3_2_1_44_1","first-page":"251","article-title":"Using social information for authenticating a user session","author":"Shepard J.","year":"2014","journal-title":"Patent"},{"key":"e_1_3_2_1_45_1","unstructured":"Rebecca Varley and Neha Bagga. 2018. Consumer Views and Behaviours on Digital Platforms. Technical Report. Australian Competition and Consumer Commission Roy Morgan. https:\/\/www.accc.gov.au\/system\/files\/ACCC%20consumer%20survey%20-%20Consumer%20views%20and%20behaviours%20on%20digital%20platforms%2C%20Roy%20Morgan%20Research.pdf  Rebecca Varley and Neha Bagga. 2018. Consumer Views and Behaviours on Digital Platforms. Technical Report. Australian Competition and Consumer Commission Roy Morgan. https:\/\/www.accc.gov.au\/system\/files\/ACCC%20consumer%20survey%20-%20Consumer%20views%20and%20behaviours%20on%20digital%20platforms%2C%20Roy%20Morgan%20Research.pdf"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2019-0013"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/2639189.2639218"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978339"},{"key":"e_1_3_2_1_49_1","volume-title":"Applied Cryptography and Network Security(ACNS \u201914)","author":"Wang Xinran"},{"key":"e_1_3_2_1_50_1","volume-title":"An Empirical Study on Risk-Based Authentication Applied in the Wild. In 34th IFIP TC-11 International Conference on Information Security and Privacy Protection","author":"Wiefling Stephan","year":"2019"},{"key":"e_1_3_2_1_51_1","volume-title":"Evaluation of Risk-based Re-Authentication Methods. In 35th IFIP TC-11 International Conference on Information Security and Privacy Protection","author":"Wiefling Stephan","year":"2020"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijhcs.2019.08.006"}],"event":{"name":"ACSAC '20: Annual Computer Security Applications Conference","location":"Austin USA","acronym":"ACSAC '20"},"container-title":["Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3427228.3427243","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3427228.3427243","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:02:24Z","timestamp":1750197744000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3427228.3427243"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,12,7]]},"references-count":49,"alternative-id":["10.1145\/3427228.3427243","10.1145\/3427228"],"URL":"https:\/\/doi.org\/10.1145\/3427228.3427243","relation":{},"subject":[],"published":{"date-parts":[[2020,12,7]]},"assertion":[{"value":"2020-12-08","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}