{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,25]],"date-time":"2026-01-25T09:14:18Z","timestamp":1769332458560,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":94,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,5,11]],"date-time":"2024-05-11T00:00:00Z","timestamp":1715385600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/https:\/\/doi.org\/10.13039\/501100001659","name":"Deutsche Forschungsgemeinschaft","doi-asserted-by":"publisher","award":["EXC 2092 CASA - 390781972"],"award-info":[{"award-number":["EXC 2092 CASA - 390781972"]}],"id":[{"id":"10.13039\/https:\/\/doi.org\/10.13039\/501100001659","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,5,11]]},"DOI":"10.1145\/3613904.3642889","type":"proceedings-article","created":{"date-parts":[[2024,5,11]],"date-time":"2024-05-11T08:39:12Z","timestamp":1715416752000},"page":"1-19","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["A Comparative Long-Term Study of Fallback Authentication Schemes"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8309-3211","authenticated-orcid":false,"given":"Leona","family":"Lassak","sequence":"first","affiliation":[{"name":"Ruhr University Bochum, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9232-4496","authenticated-orcid":false,"given":"Philipp","family":"Markert","sequence":"additional","affiliation":[{"name":"Ruhr University Bochum, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2204-2132","authenticated-orcid":false,"given":"Maximilian","family":"Golla","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-7949-0459","authenticated-orcid":false,"given":"Elizabeth","family":"Stobert","sequence":"additional","affiliation":[{"name":"Carleton University, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5048-3723","authenticated-orcid":false,"given":"Markus","family":"D\u00fcrmuth","sequence":"additional","affiliation":[{"name":"Leibniz University Hannover, Germany"}]}],"member":"320","published-online":{"date-parts":[[2024,5,11]]},"reference":[{"key":"e_1_3_3_2_1_1","volume-title":"Geographical Security Questions for Fallback Authentication. In International Conference on Privacy, Security and Trust(PST\u00a0\u201919)","author":"Addas Alaadin","year":"2019","unstructured":"Alaadin Addas, Amirali Salehi-Abari, and Julie Thorpe. 2019. Geographical Security Questions for Fallback Authentication. In International Conference on Privacy, Security and Trust(PST\u00a0\u201919). IEEE, Fredericton, New Brunswick, Canada, 1\u20136."},{"key":"e_1_3_3_2_2_1","unstructured":"AgileBits Inc.2023. Create Unique Answers to Security Questions. https:\/\/support.1password.com\/generate-security-questions\/ as of 2024\/03\/08 07:03:06."},{"key":"e_1_3_3_2_3_1","volume-title":"Future Technologies Conference(FTC\u00a0\u201918)","author":"Al-Maqbali Fatma","year":"2018","unstructured":"Fatma Al-Maqbali and Chris Mitchell. 2018. Web Password Recovery: A Necessary Evil?. In Future Technologies Conference(FTC\u00a0\u201918). Springer, Vancouver, British Columbia, Canada, 324\u2013341."},{"key":"e_1_3_3_2_4_1","doi-asserted-by":"publisher","DOI":"10.1186\/s13673-016-0072-3"},{"key":"e_1_3_3_2_5_1","volume-title":"C (Dec.","author":"AlHusain Reem","year":"2021","unstructured":"Reem AlHusain and Ali Alkhalifah. 2021. Evaluating Fallback Authentication Research: A Systematic Literature Review. Computers & Security 111, C (Dec. 2021)."},{"key":"e_1_3_3_2_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2017.2651741"},{"key":"e_1_3_3_2_7_1","doi-asserted-by":"publisher","DOI":"10.1080\/1206212X.2017.1395132"},{"key":"e_1_3_3_2_8_1","unstructured":"Apple Inc.2021. Help a Friend or Family Member as Their Account Recovery Contact. https:\/\/support.apple.com\/en-us\/HT212515 as of 2024\/03\/08 07:03:06."},{"key":"e_1_3_3_2_9_1","unstructured":"Apple Inc.2021. How to Generate a Recovery Key. https:\/\/support.apple.com\/en-us\/HT208072 as of 2024\/03\/08 07:03:06."},{"key":"e_1_3_3_2_10_1","volume-title":"Avoiding Lock Outs: Proactive FIDO Account Recovery using Managerless Group Signatures. Cryptology ePrint Archive 2022\/1555 (Nov","author":"Arora S.","year":"2022","unstructured":"Sunpreet\u00a0S. Arora, Saikrishna Badrinarayanan, Srinivasan Raghuraman, Maliheh Shirvanian, Kim Wagner, and Gaven Watson. 2022. Avoiding Lock Outs: Proactive FIDO Account Recovery using Managerless Group Signatures. Cryptology ePrint Archive 2022\/1555 (Nov. 2022), 1\u201346."},{"key":"e_1_3_3_2_11_1","first-page":"3","article-title":"Determining What Individual SUS Scores Mean: Adding an Adjective Rating Scale","volume":"4","author":"Bangor Aaron","year":"2009","unstructured":"Aaron Bangor, Philip Kortum, and James Miller. 2009. Determining What Individual SUS Scores Mean: Adding an Adjective Rating Scale. Journal of Usability Studies 4, 3 (May 2009), 114\u2013123.","journal-title":"Journal of Usability Studies"},{"key":"e_1_3_3_2_12_1","unstructured":"Saikat Basu. 2022. How to Fix It When You\u2019re Locked Out of Your Gmail Account. https:\/\/www.lifewire.com\/fix-it-when-locked-out-of-gmail-account-5220812 as of 2024\/03\/08 07:03:06."},{"key":"e_1_3_3_2_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2736277.2741691"},{"key":"e_1_3_3_2_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.44"},{"key":"e_1_3_3_2_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/1180405.1180427"},{"key":"e_1_3_3_2_16_1","unstructured":"Thomas Brewster. 2021. Fraudsters Cloned Company Director\u2019s Voice In $35 Million Heist Police Find. https:\/\/www.forbes.com\/sites\/thomasbrewster\/2021\/10\/14\/huge-bank-fraud-uses-deep-fake-voice-tech-to-steal-millions\/ as of 2024\/03\/08 07:03:06."},{"key":"e_1_3_3_2_17_1","volume-title":"SUS: A Quick and Dirty Usability Scale. In Usability Evaluation in Industry, Patrick\u00a0W","author":"Brooke John","year":"1996","unstructured":"John Brooke. 1996. SUS: A Quick and Dirty Usability Scale. In Usability Evaluation in Industry, Patrick\u00a0W. Jordan, Bruce Thomas, Bernard Weerdmeester, and Ian\u00a0Lyall McClelland (Eds.). CRC Press, London, United Kingdom, Chapter\u00a021, 189\u2013194."},{"key":"e_1_3_3_2_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663749"},{"key":"e_1_3_3_2_19_1","volume-title":"Facebook: Introducing Trusted Friends. https:\/\/www.facebook.com\/notes\/facebook-security\/national-cybersecurity-awareness-month-updates\/10150335022240766\/, as of 2024\/03\/08 07:03:06.","author":"Security Facebook","year":"2011","unstructured":"Facebook Security. 2011. Facebook: Introducing Trusted Friends. https:\/\/www.facebook.com\/notes\/facebook-security\/national-cybersecurity-awareness-month-updates\/10150335022240766\/, as of 2024\/03\/08 07:03:06."},{"key":"e_1_3_3_2_20_1","volume-title":"Facebook: Introducing Trusted Contacts. https:\/\/www.facebook.com\/notes\/facebook-security\/introducing-trusted-contacts\/10151362774980766\/, as of 2024\/03\/08 07:03:06.","author":"Security Facebook","year":"2013","unstructured":"Facebook Security. 2013. Facebook: Introducing Trusted Contacts. https:\/\/www.facebook.com\/notes\/facebook-security\/introducing-trusted-contacts\/10151362774980766\/, as of 2024\/03\/08 07:03:06."},{"key":"e_1_3_3_2_21_1","unstructured":"Facebook Security. 2022. Trusted Contacts Is No Longer Supported. https:\/\/www.facebook.com\/help\/119897751441086 as of 2024\/03\/08 07:03:06."},{"key":"e_1_3_3_2_22_1","volume-title":"Understanding the Low Adoption of Authentication Ceremonies with Autoethnography. In ACM Conference on Human Factors in Computing Systems(CHI\u00a0\u201923)","author":"Fassl Matthias","year":"2023","unstructured":"Matthias Fassl and Katharina Krombholz. 2023. Why I Can\u2019t Authenticate \u2014 Understanding the Low Adoption of Authentication Ceremonies with Autoethnography. In ACM Conference on Human Factors in Computing Systems(CHI\u00a0\u201923). ACM, Hamburg, Germany, 72:1\u201372:15."},{"key":"e_1_3_3_2_23_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0166-3615(99)00037-8"},{"key":"e_1_3_3_2_24_1","unstructured":"Lorenzo Franceschi-Bicchierai. 2023. Hackers Are Breaking Into AT&T Email Accounts to Steal Cryptocurrency. https:\/\/techcrunch.com\/2023\/04\/26\/hackers-are-breaking-into-att-email-accounts-to-steal-cryptocurrency\/ as of 2024\/03\/08 07:03:06."},{"key":"e_1_3_3_2_25_1","volume-title":"Analyzing Clinical Computer Security Interventions with Survivors of Intimate Partner Violence. In ACM Conference on Computer-Supported Cooperative Work and Social Computing(CSCW\u00a0\u201919)","author":"Freed Diana","year":"2019","unstructured":"Diana Freed, Sam Havron, Emily Tseng, Andrea Gallardo, Rahul Chatterjee, Thomas Ristenpart, and Nicola Dell. 2019. \u201cIs my phone hacked?\u201d Analyzing Clinical Computer Security Interventions with Survivors of Intimate Partner Violence. In ACM Conference on Computer-Supported Cooperative Work and Social Computing(CSCW\u00a0\u201919). ACM, Austin, Texas, USA, 202:1\u2013202:31."},{"key":"e_1_3_3_2_26_1","volume-title":"The Password Reset MitM Attack. In IEEE Symposium on Security and Privacy(SP\u00a0\u201917)","author":"Gelernter Nethanel","year":"2017","unstructured":"Nethanel Gelernter, Senia Kalma, Bar Magnezi, and Hen Porcilan. 2017. The Password Reset MitM Attack. In IEEE Symposium on Security and Privacy(SP\u00a0\u201917). IEEE, San Francisco, California, USA, 251\u2013267."},{"key":"e_1_3_3_2_27_1","volume-title":"International Conference on Passwords(PASSWORDS\u00a0\u201915)","author":"Golla Maximilian","year":"2015","unstructured":"Maximilian Golla and Markus D\u00fcrmuth. 2015. Analyzing 4 Million Real-World Personal Knowledge Questions (Short Paper). In International Conference on Passwords(PASSWORDS\u00a0\u201915). Springer, Cambridge, United Kingdom, 39\u201344."},{"key":"e_1_3_3_2_28_1","unstructured":"Hidehito Gomi Bill Leddy and Dean\u00a0H. Saxe. 2019. Recommended Account Recovery Practices for FIDO Relying Parties. https:\/\/media.fidoalliance.org\/wp-content\/uploads\/2019\/02\/FIDO_Account_Recovery_Best_Practices-1.pdf as of 2024\/03\/08 07:03:06."},{"key":"e_1_3_3_2_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2014.2330311"},{"key":"e_1_3_3_2_30_1","doi-asserted-by":"crossref","unstructured":"Paul\u00a0A. Grassi James\u00a0L. Fenton and William\u00a0E. Burr. 2017. Digital Identity Guidelines \u2013 Authentication and Lifecycle Management: NIST Special Publication 800-63B.","DOI":"10.6028\/NIST.SP.800-63b"},{"key":"e_1_3_3_2_31_1","volume-title":"USENIX Security Symposium(SSYM\u00a0\u201921)","author":"Guo Cheng","year":"2021","unstructured":"Cheng Guo, Brianne Campbell, Apu Kapadia, Michael\u00a0K. Reiter, and Kelly Caine. 2021. Effect of Mood, Location, Trust, and Presence of Others on Video-Based Social Authentication. In USENIX Security Symposium(SSYM\u00a0\u201921). USENIX, Virtual Conference, 1\u201318."},{"key":"e_1_3_3_2_32_1","volume-title":"PassTag: A Graphical-Textual Hybrid Fallback Authentication System. In ACM Asia Conference on Computer and Communications Security(ASIA\u00a0CCS\u00a0\u201920)","author":"Han Joon\u00a0Kuy","year":"2020","unstructured":"Joon\u00a0Kuy Han, Xiaojun Bi, Hyoungshick Kim, and Simon\u00a0S. Woo. 2020. PassTag: A Graphical-Textual Hybrid Fallback Authentication System. In ACM Asia Conference on Computer and Communications Security(ASIA\u00a0CCS\u00a0\u201920). ACM, Taipei, Taiwan, 60\u201372."},{"key":"e_1_3_3_2_33_1","volume-title":"Using Icon Arrangement for Fallback Authentication on Smartphones. In ACM Conference Extended Abstracts on Human Factors in Computing Systems(CHI\u00a0EA\u00a0\u201914)","author":"Hang Alina","year":"2014","unstructured":"Alina Hang, Alexander De\u00a0Luca, and Heinrich Hussmann. 2014. Using Icon Arrangement for Fallback Authentication on Smartphones. In ACM Conference Extended Abstracts on Human Factors in Computing Systems(CHI\u00a0EA\u00a0\u201914). ACM, Toronto, Ontario, Canada, 2467\u20132472."},{"key":"e_1_3_3_2_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2702123.2702131"},{"key":"e_1_3_3_2_35_1","volume-title":"Using Location-Based Security Questions for Fallback Authentication. In Symposium on Usable Privacy and Security(SOUPS\u00a0\u201915)","author":"Hang Alina","year":"2015","unstructured":"Alina Hang, Alexander De\u00a0Luca, Matthew Smith, Michael Richter, and Heinrich Hussmann. 2015. Where Have You Been? Using Location-Based Security Questions for Fallback Authentication. In Symposium on Usable Privacy and Security(SOUPS\u00a0\u201915). USENIX, Ottawa, Canada, 169\u2013183."},{"key":"e_1_3_3_2_36_1","volume-title":"Clinical Computer Security for Victims of Intimate Partner Violence. In USENIX Security Symposium(SSYM\u00a0\u201919)","author":"Havron Sam","year":"2019","unstructured":"Sam Havron, Diana Freed, Rahul Chatterjee, Damon McCoy, Nicola Dell, and Thomas Ristenpart. 2019. Clinical Computer Security for Victims of Intimate Partner Violence. In USENIX Security Symposium(SSYM\u00a0\u201919). USENIX, Santa Clara, California, USA, 105\u2013122."},{"key":"e_1_3_3_2_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSEC.2020.3039727"},{"key":"e_1_3_3_2_38_1","volume-title":"My Authentication Album: Adaptive Images-Based Login Mechanism. In International Conference on ICT Systems Security and Privacy Protection(IFIP\u00a0SEC\u00a0\u201916)","author":"Herzberg Amir","year":"2016","unstructured":"Amir Herzberg and Ronen Margulies. 2016. My Authentication Album: Adaptive Images-Based Login Mechanism. In International Conference on ICT Systems Security and Privacy Protection(IFIP\u00a0SEC\u00a0\u201916). IFIP, Heraklion, Greece, 315\u2013326."},{"key":"e_1_3_3_2_39_1","volume-title":"Question. In USENIX Enigma Conference(Enigma\u00a0\u201917)","author":"Hill Brad","year":"2017","unstructured":"Brad Hill. 2017. Moving Account Recovery beyond Email and the \u2019Secret\u2019 Question. In USENIX Enigma Conference(Enigma\u00a0\u201917). USENIX, Oakland, California, USA."},{"key":"e_1_3_3_2_40_1","unstructured":"Mat Honan. 2012. How Apple and Amazon Security Flaws Led to My Epic Hacking. http:\/\/www.wired.com\/2012\/08\/apple-amazon-mat-honan-hacking\/ as of 2024\/03\/08 07:03:06."},{"key":"e_1_3_3_2_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/1753326.1753384"},{"key":"e_1_3_3_2_42_1","volume-title":"New Directions in Social Authentication. In Workshop on Usable Security(USEC\u00a0\u201915)","author":"Jain Sakshi","year":"2015","unstructured":"Sakshi Jain, Juan Lang, Neil\u00a0Zhenqiang Gong, Dawn Song, Sreya Basuroy, and Prateek Mittal. 2015. New Directions in Social Authentication. In Workshop on Usable Security(USEC\u00a0\u201915). ISOC, San Diego, California, USA."},{"key":"e_1_3_3_2_43_1","volume-title":"Secure Fallback Authentication and the Trusted Friend Attack. In International Distributed Computing Systems Workshops(ICDCSW\u00a0\u201914)","author":"Javed Ashar","year":"2014","unstructured":"Ashar Javed, David Bletgen, Florian Kohlar, Markus D\u00fcrmuth, and J\u00f6rg Schwenk. 2014. Secure Fallback Authentication and the Trusted Friend Attack. In International Distributed Computing Systems Workshops(ICDCSW\u00a0\u201914). IEEE, Madrid, Spain, 22\u201328."},{"key":"e_1_3_3_2_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3424302.3425909"},{"key":"e_1_3_3_2_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2004.80"},{"key":"e_1_3_3_2_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/1572532.1572543"},{"key":"e_1_3_3_2_47_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2020.102466"},{"key":"e_1_3_3_2_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/3549015.3554208"},{"key":"e_1_3_3_2_49_1","volume-title":"Social Authentication: Harder Than It Looks. In Financial Cryptography and Data Security(FC\u00a0\u201912)","author":"Kim Hyoungshick","year":"2012","unstructured":"Hyoungshick Kim, John Tang, and Ross Anderson. 2012. Social Authentication: Harder Than It Looks. In Financial Cryptography and Data Security(FC\u00a0\u201912). Springer, Kralendijk, Bonaire, 1\u201315."},{"key":"e_1_3_3_2_50_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-78120-0_27"},{"key":"e_1_3_3_2_51_1","volume-title":"Open Identity Summit(ODI\u00a0\u201921)","author":"Kunke Johannes","unstructured":"Johannes Kunke, Stephan Wiefling, Markus Ullmann, and Luigi Lo\u00a0Iacono. 2021. Evaluation of Account Recovery Strategies with FIDO2-based Passwordless Authentication. In Open Identity Summit(ODI\u00a0\u201921). GI, Copenhagen, Denmark, 59\u201370."},{"key":"e_1_3_3_2_52_1","volume-title":"Passwordless Authentication. In USENIX Security Symposium(SSYM\u00a0\u201924)","author":"Lassak Leona","year":"2024","unstructured":"Leona Lassak, Elleen Pan, Blase Ur, and Maximilian Golla. 2024. Why Aren\u2019t We Using Passkeys? Obstacles Companies Face Deploying FIDO2 Passwordless Authentication. In USENIX Security Symposium(SSYM\u00a0\u201924). USENIX, Philadelphia, Pennsylvania, USA."},{"key":"e_1_3_3_2_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2018.8486017"},{"key":"e_1_3_3_2_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/CCST.2018.8585576"},{"key":"e_1_3_3_2_55_1","volume-title":"Who Are You?! Adventures in Authentication Workshop(WAY\u00a0\u201919). USENIX","author":"Markert Philipp","unstructured":"Philipp Markert, Florian Farke, and Markus D\u00fcrmuth. 2019. View The Email to Get Hacked: Attacking SMS-Based Two-Factor Authentication. In Who Are You?! Adventures in Authentication Workshop(WAY\u00a0\u201919). USENIX, Santa Clara, California, USA, 1\u20136."},{"key":"e_1_3_3_2_56_1","volume-title":"Work in Progress: A Comparative Long-Term Study of Fallback Authentication. In Workshop on Usable Security and Privacy(USEC\u00a0\u201919)","author":"Markert Philipp","year":"2019","unstructured":"Philipp Markert, Maximilian Golla, Elizabeth Stobert, and Markus D\u00fcrmuth. 2019. Work in Progress: A Comparative Long-Term Study of Fallback Authentication. In Workshop on Usable Security and Privacy(USEC\u00a0\u201919). ISOC, San Diego, California, USA."},{"key":"e_1_3_3_2_57_1","volume-title":"Interaction with Login Notifications. CoRR abs\/2212.07316 (June","author":"Markert Philipp","year":"2023","unstructured":"Philipp Markert, Leona Lassak, Maximilian Golla, and Markus D\u00fcrmuth. 2023. Understanding Users\u2019 Interaction with Login Notifications. CoRR abs\/2212.07316 (June 2023), 1\u201326."},{"key":"e_1_3_3_2_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/3025453.3025875"},{"key":"e_1_3_3_2_59_1","volume-title":"Adventures in Authentication Workshop(WAY\u00a0\u201917)","author":"Micallef Nicholas","year":"2017","unstructured":"Nicholas Micallef and Nalin Asanka\u00a0Gamagedara Arachchilage. 2017. A Gamified Approach to Improve Users\u2019 Memorability of Fall-back. In Who Are You?! Adventures in Authentication Workshop(WAY\u00a0\u201917). USENIX, Santa Clara, California, USA."},{"key":"e_1_3_3_2_60_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00779-021-01571-y"},{"key":"e_1_3_3_2_61_1","unstructured":"Microsoft Corporation. 2023. Configure Temporary Access Pass to Register Passwordless Authentication Methods. https:\/\/learn.microsoft.com\/en-us\/entra\/identity\/authentication\/howto-authentication-temporary-access-pass as of 2024\/03\/08 07:03:06."},{"key":"e_1_3_3_2_62_1","volume-title":"Anatomy of Account Takeover. In USENIX Enigma Conference(Enigma\u00a0\u201918)","author":"Milka Grzergor","year":"2018","unstructured":"Grzergor Milka. 2018. Anatomy of Account Takeover. In USENIX Enigma Conference(Enigma\u00a0\u201918). USENIX, Santa Clara, California, USA."},{"key":"e_1_3_3_2_63_1","unstructured":"Federal\u00a0Bureau of Investigation. 2022. Criminals Increasing SIM Swap Schemes to Steal Millions of Dollars from US Public. https:\/\/www.ic3.gov\/Media\/Y2022\/PSA220208 as of 2024\/03\/08 07:03:06."},{"key":"e_1_3_3_2_64_1","volume-title":"International Conference on Passwords(PASSWORDS\u00a0\u201915)","author":"Parkin Simon","year":"2015","unstructured":"Simon Parkin, Samy Driss, Kat Krol, and M.\u00a0Angela Sasse. 2015. Assessing the User Experience of Password Reset Policies in a University. In International Conference on Passwords(PASSWORDS\u00a0\u201915). Springer, Cambridge, United Kingdom, 21\u201338."},{"key":"e_1_3_3_2_65_1","volume-title":"Why People (Don\u2019t) Use Password Managers Effectively. In Symposium on Usable Privacy and Security(SOUPS\u00a0\u201919)","author":"Pearman Sarah","year":"2019","unstructured":"Sarah Pearman, Shikun\u00a0Aerin Zhang, Lujo Bauer, Nicolas Christin, and Lorrie\u00a0Faith Cranor. 2019. Why People (Don\u2019t) Use Password Managers Effectively. In Symposium on Usable Privacy and Security(SOUPS\u00a0\u201919). USENIX, Santa Clara, California, USA, 319\u2013338."},{"key":"e_1_3_3_2_66_1","doi-asserted-by":"publisher","DOI":"10.1145\/2751323.2751327"},{"key":"e_1_3_3_2_67_1","first-page":"1","article-title":"What\u2019s in Your Profile? Mapping Facebook Profile Data to Personal Security Questions","volume":"13","author":"Pinchot L.","year":"2012","unstructured":"Jamie\u00a0L. Pinchot and Karen\u00a0L. Paullet. 2012. What\u2019s in Your Profile? Mapping Facebook Profile Data to Personal Security Questions. Issues in Information Systems 13, 1 (March 2012), 284\u2013293.","journal-title":"Issues in Information Systems"},{"key":"e_1_3_3_2_68_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660317"},{"key":"e_1_3_3_2_69_1","volume-title":"Social Authentication. In Annual Computer Security Applications Conference(ACSAC\u00a0\u201912)","author":"Polakis Iasonas","year":"2012","unstructured":"Iasonas Polakis, Marco Lancini, Georgios Kontaxis, Federico Maggi, Sotiris Ioannidis, Angelos\u00a0D. Keromytis, and Stefano Zanero. 2012. All Your Face Are Belong to Us: Breaking Facebook\u2019s Social Authentication. In Annual Computer Security Applications Conference(ACSAC\u00a0\u201912). ACM, Orlando, Florida, USA, 399\u2013408."},{"key":"e_1_3_3_2_70_1","volume-title":"Long-Term Observation on Browser Fingerprinting: Users\u2019 Trackability and Perspective. In Privacy Enhancing Technologies Symposium(PETS\u00a0\u201920)","author":"Pugliese Gaston","year":"2020","unstructured":"Gaston Pugliese, Christian Riess, Freya Gassmann, and Zinaida Benenson. 2020. Long-Term Observation on Browser Fingerprinting: Users\u2019 Trackability and Perspective. In Privacy Enhancing Technologies Symposium(PETS\u00a0\u201920). Sciendo, Virtual Conference, 558\u2013577."},{"key":"e_1_3_3_2_71_1","doi-asserted-by":"publisher","DOI":"10.1145\/1408664.1408667"},{"key":"e_1_3_3_2_72_1","volume-title":"A Longitudinal Study on Web-Sites Password Management (in)Security: Evidence and Remedies","author":"Raponi Simone","year":"2020","unstructured":"Simone Raponi and Roberto\u00a0Di Pietro. 2020. A Longitudinal Study on Web-Sites Password Management (in)Security: Evidence and Remedies. IEEE Access 8 (March 2020), 52075\u201352090."},{"key":"e_1_3_3_2_73_1","volume-title":"Usable Security: Why Do We Need It? How Do We Get It? (1 ed.). O\u2019Reilly and Associates","author":"Sasse Angela","year":"2005","unstructured":"M.\u00a0Angela Sasse and Ivan Flechais. 2005. Usable Security: Why Do We Need It? How Do We Get It? (1 ed.). O\u2019Reilly and Associates, Sebastopol, California, USA, Chapter\u00a02, 13\u201330."},{"key":"e_1_3_3_2_74_1","first-page":"5","article-title":"Debunking Security-Usability Tradeoff Myths","volume":"14","author":"Sasse Angela","year":"2016","unstructured":"M.\u00a0Angela Sasse, Matthew Smith, Cormac Herley, Heather Lipford, and Kami Vaniea. 2016. Debunking Security-Usability Tradeoff Myths. IEEE Security & Privacy 14, 5 (Oct. 2016), 33\u201339.","journal-title":"IEEE Security & Privacy"},{"key":"e_1_3_3_2_75_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-07308-8_23"},{"key":"e_1_3_3_2_76_1","volume-title":"Questions. In IEEE Symposium on Security and Privacy(SP\u00a0\u201909)","author":"Schechter Stuart","year":"2009","unstructured":"Stuart Schechter, A.\u00a0J.\u00a0Bernheim Brush, and Serge Egelman. 2009. It\u2019s No Secret. Measuring the Security and Reliability of Authentication via \u201cSecret\u201d Questions. In IEEE Symposium on Security and Privacy(SP\u00a0\u201909). IEEE, Oakland, California, USA, 375\u2013390."},{"key":"e_1_3_3_2_77_1","volume-title":"ACM Conference on Human Factors in Computing Systems(CHI\u00a0\u201909)","author":"Schechter Stuart","year":"2009","unstructured":"Stuart Schechter, Serge Egelman, and Robert\u00a0W. Reeder. 2009. It\u2019s Not What You Know, But Who You Know: A Social Approach to Last-Resort Authentication. In ACM Conference on Human Factors in Computing Systems(CHI\u00a0\u201909). ACM, Boston, Massachusetts, USA, 1983\u20131992."},{"key":"e_1_3_3_2_78_1","volume-title":"Weak Links in Authentication Chains: A Large-scale Analysis of Email Sender Spoofing Attacks. In USENIX Security Symposium(SSYM\u00a0\u201921)","author":"Shen Kaiwen","year":"2021","unstructured":"Kaiwen Shen, Chuhan Wang, Minglei Guo, Xiaofeng Zheng, Chaoyi Lu, Baojun Liu, Yuxuan Zhao, Shuang Hao, Haixin Duan, Qingfeng Pan, and Min Yang. 2021. Weak Links in Authentication Chains: A Large-scale Analysis of Email Sender Spoofing Attacks. In USENIX Security Symposium(SSYM\u00a0\u201921). USENIX, Virtual Conference, 3201\u20133217."},{"key":"e_1_3_3_2_79_1","doi-asserted-by":"publisher","DOI":"10.1126\/science.171.3972.701"},{"key":"e_1_3_3_2_80_1","volume-title":"Social Authentication Protocol for Mobile Phones. In IEEE International Conference on Computational Science and Engineering(CSE\u00a0\u201909)","author":"Soleymani Bijan","year":"2009","unstructured":"Bijan Soleymani and Muthucumaru Maheswaran. 2009. Social Authentication Protocol for Mobile Phones. In IEEE International Conference on Computational Science and Engineering(CSE\u00a0\u201909). IEEE, Vancouver, British Columbia, Canada, 436\u2013441."},{"key":"e_1_3_3_2_81_1","volume-title":"People: A Comparative Usability Study of Two Password Recovery Mechanisms. In International Conference on Information Security Theory and Practice(WISTP\u00a0\u201916)","author":"Stavova Vlasta","year":"2016","unstructured":"Vlasta Stavova, Vashek Matyas, and Mike Just. 2016. Codes v. People: A Comparative Usability Study of Two Password Recovery Mechanisms. In International Conference on Information Security Theory and Practice(WISTP\u00a0\u201916). Springer, Heraklion, Greece, 33\u201350."},{"key":"e_1_3_3_2_82_1","volume-title":"The Password Life Cycle: User Behaviour in Managing Passwords. In Symposium on Usable Privacy and Security(SOUPS\u00a0\u201914)","author":"Stobert Elizabeth","year":"2014","unstructured":"Elizabeth Stobert and Robert Biddle. 2014. The Password Life Cycle: User Behaviour in Managing Passwords. In Symposium on Usable Privacy and Security(SOUPS\u00a0\u201914). USENIX, Menlo Park, California, USA, 243\u2013255."},{"key":"e_1_3_3_2_83_1","first-page":"4","article-title":"Synthesizing Obama: Learning Lip Sync from Audio","volume":"36","author":"Suwajanakorn Supasorn","year":"2021","unstructured":"Supasorn Suwajanakorn, Steven\u00a0M. Seitz, and Ira Kemelmacher-Shlizerman. 2021. Synthesizing Obama: Learning Lip Sync from Audio. ACM Transactions on Graphics 36, 4 (July 2021), 95:1\u201395:13.","journal-title":"ACM Transactions on Graphics"},{"key":"e_1_3_3_2_84_1","volume-title":"Care Infrastructures for Digital Security in Intimate Partner Violence. In ACM Conference on Human Factors in Computing Systems(CHI\u00a0\u201922)","author":"Tseng Emily","year":"2022","unstructured":"Emily Tseng, Mehrnaz Sabet, Rosanna Bellini, Harkiran\u00a0Kaur Sodhi, Thomas Ristenpart, and Nicola Dell. 2022. Care Infrastructures for Digital Security in Intimate Partner Violence. In ACM Conference on Human Factors in Computing Systems(CHI\u00a0\u201922). ACM, New Orleans, Louisiana, USA, 123:1\u2013123:20."},{"key":"e_1_3_3_2_85_1","volume-title":"Simple Authentication for the Web. In Conference on Security and Privacy in Communication Networks(SecureComm\u00a0\u201907)","author":"W.","unstructured":"Timothy\u00a0W. van der Horst and Kent\u00a0E. Seamons. 2007. Simple Authentication for the Web. In Conference on Security and Privacy in Communication Networks(SecureComm\u00a0\u201907). IEEE, Nice, France, 473\u2013482."},{"key":"e_1_3_3_2_86_1","doi-asserted-by":"publisher","DOI":"10.2466\/pms.1978.47.2.599"},{"key":"e_1_3_3_2_87_1","volume-title":"Symposium on Usable Privacy and Security(SOUPS\u00a0\u201917)","author":"Vaziripour Elham","year":"2017","unstructured":"Elham Vaziripour, Justin Wu, Mark O\u2019Neill, Jordan Whitehead, Scott Heidbrink, Kent Seamons, and Daniel Zappala. 2017. Is that you, Alice? A Usability Study of the Authentication Ceremony of Secure Messaging Applications. In Symposium on Usable Privacy and Security(SOUPS\u00a0\u201917). USENIX, Santa Clara, California, USA, 29\u201347."},{"key":"e_1_3_3_2_88_1","volume-title":"International Conference on Information Systems Security and Privacy(ICISSP\u00a0\u201921)","author":"Wahab Ahmed","unstructured":"Ahmed Wahab, Daqing Hou, Stephanie Schuckers, and A. Barbir. 2019. Utilizing Keystroke Dynamics as Additional Security Measure to Protect Account Recovery Mechanism. In International Conference on Information Systems Security and Privacy(ICISSP\u00a0\u201921). USENIX, Virtual Conference, 33\u201342."},{"key":"e_1_3_3_2_89_1","volume-title":"Designing for Understanding in Signal. In Symposium on Usable Privacy and Security(SOUPS\u00a0\u201919)","author":"Wu Justin","year":"2019","unstructured":"Justin Wu, Cyrus Gattrell, Devon Howard, Jake Tyler, Elham Vaziripour, Daniel Zappala, and Kent Seamons. 2019. \u201cSomething Isn\u2019t Secure, but I\u2019m Not Sure How That Translates Into a Problem\u201d: Promoting Autonomy by Designing for Understanding in Signal. In Symposium on Usable Privacy and Security(SOUPS\u00a0\u201919). USENIX, Santa Clara, California, USA, 137\u2013153."},{"key":"e_1_3_3_2_90_1","volume-title":"Photo-Based Authentication Using Social Networks. In Workshop on Online Social Networks(WOSN\u00a0\u201908)","author":"Yardi Sarita","year":"2008","unstructured":"Sarita Yardi, Nick Feamster, and Amy Bruckman. 2008. Photo-Based Authentication Using Social Networks. In Workshop on Online Social Networks(WOSN\u00a0\u201908). ACM, Seattle, Washington, USA, 55\u201360."},{"key":"e_1_3_3_2_91_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0167-4048(96)00014-4"},{"key":"e_1_3_3_2_92_1","doi-asserted-by":"publisher","DOI":"10.1109\/TMC.2016.2546245"},{"key":"e_1_3_3_2_93_1","volume-title":"Electronic and Automation Control Conference(ITNEC\u00a0\u201919)","author":"Zhou Wei","year":"2019","unstructured":"Wei Zhou, XiaoWei Yuan, Wenjun Chai, and Hui Ma. 2019. Deep Learning Based Attack On Social Authentication System. In IEEE Information Technology, Networking, Electronic and Automation Control Conference(ITNEC\u00a0\u201919). IEEE, Chengdu, China, 982\u2013986."},{"key":"e_1_3_3_2_94_1","doi-asserted-by":"publisher","DOI":"10.1109\/JCIT.1990.128279"}],"event":{"name":"CHI '24: CHI Conference on Human Factors in Computing Systems","location":"Honolulu HI USA","acronym":"CHI '24","sponsor":["SIGCHI ACM Special Interest Group on Computer-Human Interaction","SIGACCESS ACM Special Interest Group on Accessible Computing"]},"container-title":["Proceedings of the CHI Conference on Human Factors in Computing Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3613904.3642889","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3613904.3642889","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T23:57:01Z","timestamp":1750291021000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3613904.3642889"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,5,11]]},"references-count":94,"alternative-id":["10.1145\/3613904.3642889","10.1145\/3613904"],"URL":"https:\/\/doi.org\/10.1145\/3613904.3642889","relation":{},"subject":[],"published":{"date-parts":[[2024,5,11]]},"assertion":[{"value":"2024-05-11","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}