{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,12]],"date-time":"2026-03-12T05:56:17Z","timestamp":1773294977474,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":45,"publisher":"ACM","license":[{"start":{"date-parts":[[2025,4,25]],"date-time":"2025-04-25T00:00:00Z","timestamp":1745539200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,4,26]]},"DOI":"10.1145\/3706598.3714245","type":"proceedings-article","created":{"date-parts":[[2025,4,24]],"date-time":"2025-04-24T04:29:11Z","timestamp":1745468951000},"page":"1-17","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["\"They are responsible for ensuring that I can continue to use the service.\" Investigating Users' Expectations Towards 2FA Recovery in Germany"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1251-5629","authenticated-orcid":false,"given":"Eva","family":"Tiefenau","sequence":"first","affiliation":[{"name":"Fraunhofer FKIE, Bonn, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-1112-1664","authenticated-orcid":false,"given":"Julia Angelika","family":"Grohs","sequence":"additional","affiliation":[{"name":"University of Bonn, Bonn, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5516-0293","authenticated-orcid":false,"given":"Maximilian","family":"H\u00e4ring","sequence":"additional","affiliation":[{"name":"University of Bonn, Bonn, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2724-1379","authenticated-orcid":false,"given":"Matthew","family":"Smith","sequence":"additional","affiliation":[{"name":"University of Bonn, Bonn, Germany and Fraunhofer FKIE, Bonn, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0904-1437","authenticated-orcid":false,"given":"Christian","family":"Tiefenau","sequence":"additional","affiliation":[{"name":"University of Bonn, Bonn, Germany"}]}],"member":"320","published-online":{"date-parts":[[2025,4,25]]},"reference":[{"key":"e_1_3_3_3_2_2","unstructured":"The 2factorauth Group. 2024. 2FA Directory. https:\/\/2fa.directory. Accessed: May 23 2024."},{"key":"e_1_3_3_3_3_2","doi-asserted-by":"publisher","DOI":"10.1145\/3313831.3376457"},{"key":"e_1_3_3_3_4_2","doi-asserted-by":"publisher","unstructured":"Anne Adams and Martina\u00a0Angela Sasse. 1999. Users Are Not the Enemy. Commun. ACM 42 12 (dec 1999) 40\u201346. 10.1145\/322796.322806","DOI":"10.1145\/322796.322806"},{"key":"e_1_3_3_3_5_2","unstructured":"National\u00a0Cybersecurity Alliance. 2023. Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2023. https:\/\/staysafeonline.org\/online-safety-privacy-basics\/oh-behave\/. Accessed: February 10 2024."},{"key":"e_1_3_3_3_6_2","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3623180"},{"key":"e_1_3_3_3_7_2","unstructured":"Apple. 2024. iCloud+ - Find My - Apple. https:\/\/www.apple.com\/icloud\/find-my\/. Accessed: January 16 2024."},{"key":"e_1_3_3_3_8_2","unstructured":"Bitkom. 2021. Gestohlen oder verloren: Vier von zehn Personen ist schon mal das Handy abhandengekommen. https:\/\/www.bitkom.org\/Presse\/Presseinformation\/Gestohlen-oder-verloren-Vier-von-zehn-Personen-ist-schon-mal-das-Handy-abhandengekommen. Accessed: December 07 2024."},{"key":"e_1_3_3_3_9_2","doi-asserted-by":"publisher","DOI":"10.1145\/2736277.2741691"},{"key":"e_1_3_3_3_10_2","volume-title":"AI Training Data and other Data Management Services","year":"2024","unstructured":"Clickworker. 2024. AI Training Data and other Data Management Services. Clickworker. Retrieved January 16, 2024 from https:\/\/www.clickworker.com\/"},{"key":"e_1_3_3_3_11_2","unstructured":"Clickworker. 2024. Problems with App Login Confirmation (2-Factor Authentication). https:\/\/support-workplace.clickworker.com\/support\/solutions\/articles\/80000949198-problems-with-app-login-confirmation-2-factor-authentication. Accessed: February 08 2024."},{"key":"e_1_3_3_3_12_2","doi-asserted-by":"publisher","DOI":"10.1145\/3173574.3174030"},{"key":"e_1_3_3_3_13_2","doi-asserted-by":"crossref","unstructured":"Juliet\u00a0M Corbin and Anselm Strauss. 1990. Grounded theory research: Procedures canons and evaluative criteria. Qualitative sociology 13 1 (1990) 3\u201321.","DOI":"10.1007\/BF00988593"},{"key":"e_1_3_3_3_14_2","first-page":"160","volume-title":"Financial Cryptography and Data Security","author":"Das Sanchari","year":"2018","unstructured":"Sanchari Das, Andrew Dingman, and L.\u00a0Jean Camp. 2018. Why Johnny Doesn\u2019t Use Two Factor A Two-Phase Usability Study of the FIDO U2F Security Key. In Financial Cryptography and Data Security, Sarah Meiklejohn and Kazue Sako (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 160\u2013179."},{"key":"e_1_3_3_3_15_2","doi-asserted-by":"publisher","DOI":"10.1145\/3167996.3167997"},{"key":"e_1_3_3_3_16_2","unstructured":"Sanchari Das Bingxi Wang and L.\u00a0Jean Camp. 2019. MFA is a Waste of Time! Understanding Negative Connotation Towards MFA Applications via User Generated Content. CoRR abs\/1908.05902 (2019). arXiv:https:\/\/arXiv.org\/abs\/1908.05902http:\/\/arxiv.org\/abs\/1908.05902"},{"key":"e_1_3_3_3_17_2","doi-asserted-by":"publisher","DOI":"10.24251\/HICSS.2020.669"},{"key":"e_1_3_3_3_18_2","unstructured":"Discord. 2024. Lost Two-Factor Codes - Discord. https:\/\/support.discord.com\/hc\/en-us\/articles\/115001221072-Lost-Two-Factor-Codes. Accessed: February 06 2024."},{"key":"e_1_3_3_3_19_2","doi-asserted-by":"publisher","DOI":"10.1145\/3308558.3313481"},{"key":"e_1_3_3_3_20_2","first-page":"227","volume-title":"Nineteenth Symposium on Usable Privacy and Security (SOUPS 2023)","author":"Gerlitz Eva","year":"2023","unstructured":"Eva Gerlitz, Maximilian H\u00e4ring, Charlotte\u00a0Theresa M\u00e4dler, Matthew Smith, and Christian Tiefenau. 2023. Adventures in Recovery Land: Testing the Account Recovery of Popular Websites When the Second Factor is Lost. In Nineteenth Symposium on Usable Privacy and Security (SOUPS 2023). USENIX Association, Anaheim, CA, 227\u2013243. https:\/\/www.usenix.org\/conference\/soups2023\/presentation\/gerlitz-adventures"},{"key":"e_1_3_3_3_21_2","volume-title":"32st USENIX Security Symposium (USENIX Security 23)","author":"Gilsenan Conor","year":"2023","unstructured":"Conor Gilsenan, Fuzail Shakir, Noura Alomar, and Serge Egelman. 2023. Security and Privacy Failures in Popular 2FA Apps. In 32st USENIX Security Symposium (USENIX Security 23)."},{"key":"e_1_3_3_3_22_2","doi-asserted-by":"publisher","DOI":"10.5555\/3698900.3699306"},{"key":"e_1_3_3_3_23_2","unstructured":"Andy Homan. 2017. 44% of People Lose Their Mobile. https:\/\/nuttag.com.au\/blogs\/news\/44-of-people-loose-their-mobile. Accessed: December 07 2024."},{"key":"e_1_3_3_3_24_2","doi-asserted-by":"publisher","DOI":"10.14722\/usec.2015.23001"},{"key":"e_1_3_3_3_25_2","first-page":"91","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Lassak Leona","year":"2021","unstructured":"Leona Lassak, Annika Hildebrandt, Maximilian Golla, and Blase Ur. 2021. \"It\u2019s Stored, Hopefully, on an Encrypted Server\u2019\u2019: Mitigating Users\u2019 Misconceptions About FIDO2 Biometric WebAuthn. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, 91\u2013108. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/lassak"},{"key":"e_1_3_3_3_26_2","unstructured":"LastPass. 2024. Emergency Access - Lastpass. https:\/\/www.lastpass.com\/features\/emergency-access. Accessed: February 07 2024."},{"key":"e_1_3_3_3_27_2","unstructured":"Lookout. 2014. Phone Theft In America. https:\/\/transition.fcc.gov\/cgb\/events\/Lookout-phone-theft-in-america.pdf. Accessed: December 07 2024."},{"key":"e_1_3_3_3_28_2","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2023.23362"},{"key":"e_1_3_3_3_29_2","doi-asserted-by":"publisher","DOI":"10.14722\/usec.2019.23030"},{"key":"e_1_3_3_3_30_2","doi-asserted-by":"publisher","unstructured":"Karola Marky Kirill Ragozin George Chernyshov Andrii Matviienko Martin Schmitz Max M\u00fchlh\u00e4user Chloe Eghtebas and Kai Kunze. 2022. \u201cNah it\u2019s just annoying!\u201d A Deep Dive into User Perceptions of Two-Factor Authentication. ACM Trans. Comput.-Hum. Interact. 29 5 Article 43 (oct 2022) 32\u00a0pages. 10.1145\/3503514","DOI":"10.1145\/3503514"},{"key":"e_1_3_3_3_31_2","volume-title":"BundID","author":"Interior Federal\u00a0Ministry of\u00a0the","year":"2023","unstructured":"Federal\u00a0Ministry of\u00a0the Interior and Community of Germany. 2023. BundID. Federal Ministry of the Interior and Community of Germany."},{"key":"e_1_3_3_3_32_2","unstructured":"Federal\u00a0Ministry of\u00a0the Interior and Community of Germany. 2024. BMI - Ausweise & P\u00e4sse. https:\/\/www.bmi.bund.de\/DE\/themen\/moderne-verwaltung\/ausweise-und-paesse\/ausweise-und-paesse-node.html. Accessed: February 15 2024."},{"key":"e_1_3_3_3_33_2","doi-asserted-by":"publisher","DOI":"10.1145\/3544548.3580766"},{"key":"e_1_3_3_3_34_2","unstructured":"THE\u00a0EUROPEAN PARLIAMENT and THE COUNCIL OF THE\u00a0EUROPEAN UNION. 2015. Directive (EU) 2015\/ of the European Parliament and of the Council of 25 November 2015 on Payment Services in the Internal Market Amending Directives 2002\/65\/EC 2009\/110\/EC and 2013\/36\/EU and Regulation (EU) No 1093\/2010 and Repealing Directive 2007\/64\/EC. Official Journal of the European Union (2015)."},{"key":"e_1_3_3_3_35_2","doi-asserted-by":"publisher","DOI":"10.14722\/usec.2016.23003"},{"key":"e_1_3_3_3_36_2","doi-asserted-by":"publisher","DOI":"10.1145\/1408664.1408667"},{"key":"e_1_3_3_3_37_2","first-page":"357","volume-title":"Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019)","author":"Reese Ken","year":"2019","unstructured":"Ken Reese, Trevor Smith, Jonathan Dutson, Jonathan Armknecht, Jacob Cameron, and Kent Seamons. 2019. A Usability Study of Five Two-Factor Authentication Methods. In Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019). USENIX Association, Santa Clara, CA, 357\u2013370. https:\/\/www.usenix.org\/conference\/soups2019\/presentation\/reese"},{"key":"e_1_3_3_3_38_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00067"},{"key":"e_1_3_3_3_39_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.11"},{"key":"e_1_3_3_3_40_2","doi-asserted-by":"publisher","DOI":"10.1145\/1518701.1519003"},{"key":"e_1_3_3_3_41_2","doi-asserted-by":"publisher","unstructured":"Paschal Sheeran and Thomas\u00a0L. Webb. 2016. The Intention\u2013Behavior Gap. Social and Personality Psychology Compass 10 9 (2016) 503\u2013518. 10.1111\/spc3.12265 arXiv:https:\/\/compass.onlinelibrary.wiley.com\/doi\/pdf\/10.1111\/spc3.12265","DOI":"10.1111\/spc3.12265"},{"key":"e_1_3_3_3_42_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-45931-83"},{"key":"e_1_3_3_3_43_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-79997-7_28"},{"key":"e_1_3_3_3_44_2","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134629"},{"key":"e_1_3_3_3_45_2","unstructured":"WhatsApp. 2024. About two-step verification - WhatsApp Help Center. https:\/\/faq.whatsapp.com\/1278661612895630. Accessed: February 05 2024."},{"key":"e_1_3_3_3_46_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-58460-718"}],"event":{"name":"CHI 2025: CHI Conference on Human Factors in Computing Systems","location":"Yokohama Japan","acronym":"CHI '25","sponsor":["SIGCHI ACM Special Interest Group on Computer-Human Interaction"]},"container-title":["Proceedings of the 2025 CHI Conference on Human Factors in Computing Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3706598.3714245","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3706598.3714245","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,4]],"date-time":"2025-07-04T05:22:19Z","timestamp":1751606539000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3706598.3714245"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,4,25]]},"references-count":45,"alternative-id":["10.1145\/3706598.3714245","10.1145\/3706598"],"URL":"https:\/\/doi.org\/10.1145\/3706598.3714245","relation":{},"subject":[],"published":{"date-parts":[[2025,4,25]]},"assertion":[{"value":"2025-04-25","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}