{"id":"https://openalex.org/W3010598413","doi":"https://doi.org/10.1109/tdsc.2020.2975789","title":"Understanding Account Recovery in the Wild and its Security Implications","display_name":"Understanding Account Recovery in the Wild and its Security Implications","publication_year":2020,"publication_date":"2020-03-02","ids":{"openalex":"https://openalex.org/W3010598413","doi":"https://doi.org/10.1109/tdsc.2020.2975789","mag":"3010598413"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2020.2975789","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2020.2975789","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100387738","display_name":"Yue Li","orcid":"https://orcid.org/0000-0001-7682-811X"},"institutions":[{"id":"https://openalex.org/I16285277","display_name":"William & Mary","ror":"https://ror.org/03hsf0573","country_code":"US","type":"education","lineage":["https://openalex.org/I16285277"]},{"id":"https://openalex.org/I267592682","display_name":"Williams (United States)","ror":"https://ror.org/007zhvp17","country_code":"US","type":"company","lineage":["https://openalex.org/I267592682"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Yue Li","raw_affiliation_strings":["Department of Computer Science, College of William and Mary, Williamsburg, VA, USA"],"raw_orcid":"https://orcid.org/0000-0001-7682-811X","affiliations":[{"raw_affiliation_string":"Department of Computer Science, College of William and Mary, Williamsburg, VA, USA","institution_ids":["https://openalex.org/I16285277","https://openalex.org/I267592682"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100662059","display_name":"Zeyu Chen","orcid":"https://orcid.org/0000-0002-0431-9903"},"institutions":[{"id":"https://openalex.org/I86501945","display_name":"University of Delaware","ror":"https://ror.org/01sbq1a82","country_code":"US","type":"education","lineage":["https://openalex.org/I86501945"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zeyu Chen","raw_affiliation_strings":["Department of Electrical and Computer Engineering, University of Delaware, Newark, DE, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, University of Delaware, Newark, DE, USA","institution_ids":["https://openalex.org/I86501945"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100664241","display_name":"Haining Wang","orcid":"https://orcid.org/0000-0002-9665-7511"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Haining Wang","raw_affiliation_strings":["Department of Electrical and Computer Engineering, Virginia Tech, Blacksburg, VA, USA"],"raw_orcid":"https://orcid.org/0000-0002-9665-7511","affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, Virginia Tech, Blacksburg, VA, USA","institution_ids":["https://openalex.org/I859038795"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5026728546","display_name":"Kun Sun","orcid":"https://orcid.org/0000-0003-4152-2107"},"institutions":[{"id":"https://openalex.org/I162714631","display_name":"George Mason University","ror":"https://ror.org/02jqj7156","country_code":"US","type":"education","lineage":["https://openalex.org/I162714631"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kun Sun","raw_affiliation_strings":["Department of Information Sciences and Technology, George Mason University, Fairfax, VA, USA"],"raw_orcid":"https://orcid.org/0000-0003-4152-2107","affiliations":[{"raw_affiliation_string":"Department of Information Sciences and Technology, George Mason University, Fairfax, VA, USA","institution_ids":["https://openalex.org/I162714631"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5010727123","display_name":"Sushil Jajodia","orcid":"https://orcid.org/0000-0003-3210-558X"},"institutions":[{"id":"https://openalex.org/I162714631","display_name":"George Mason University","ror":"https://ror.org/02jqj7156","country_code":"US","type":"education","lineage":["https://openalex.org/I162714631"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sushil Jajodia","raw_affiliation_strings":["Department of Information Sciences and Technology, George Mason University, Fairfax, VA, USA"],"raw_orcid":"https://orcid.org/0000-0003-3210-558X","affiliations":[{"raw_affiliation_string":"Department of Information Sciences and Technology, George Mason University, Fairfax, VA, USA","institution_ids":["https://openalex.org/I162714631"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5100387738"],"corresponding_institution_ids":["https://openalex.org/I16285277","https://openalex.org/I267592682"],"apc_list":null,"apc_paid":null,"fwci":1.1134,"has_fulltext":false,"cited_by_count":11,"citation_normalized_percentile":{"value":0.8362464,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":"19","issue":"1","first_page":"620","last_page":"634"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9901000261306763,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11504","display_name":"Advanced Authentication Protocols Security","score":0.9898999929428101,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.925645649433136},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7521535754203796},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7480757832527161},{"id":"https://openalex.org/keywords/password-strength","display_name":"Password strength","score":0.5958127379417419},{"id":"https://openalex.org/keywords/password-policy","display_name":"Password policy","score":0.5544713735580444},{"id":"https://openalex.org/keywords/cognitive-password","display_name":"Cognitive password","score":0.5294820070266724},{"id":"https://openalex.org/keywords/one-time-password","display_name":"One-time password","score":0.5235942602157593},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.5203709006309509},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.43814629316329956}],"concepts":[{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.925645649433136},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7521535754203796},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7480757832527161},{"id":"https://openalex.org/C70530487","wikidata":"https://www.wikidata.org/wiki/Q1990841","display_name":"Password strength","level":4,"score":0.5958127379417419},{"id":"https://openalex.org/C98705547","wikidata":"https://www.wikidata.org/wiki/Q3394687","display_name":"Password policy","level":4,"score":0.5544713735580444},{"id":"https://openalex.org/C23875713","wikidata":"https://www.wikidata.org/wiki/Q5141232","display_name":"Cognitive password","level":5,"score":0.5294820070266724},{"id":"https://openalex.org/C89479133","wikidata":"https://www.wikidata.org/wiki/Q1137840","display_name":"One-time password","level":3,"score":0.5235942602157593},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.5203709006309509},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.43814629316329956}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2020.2975789","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2020.2975789","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G18332213","display_name":null,"funder_award_id":"W911NF-19-1-0049","funder_id":"https://openalex.org/F4320338281","funder_display_name":"Army Research Office"},{"id":"https://openalex.org/G3248532193","display_name":null,"funder_award_id":"W911NF-17-1-0447","funder_id":"https://openalex.org/F4320338281","funder_display_name":"Army Research Office"},{"id":"https://openalex.org/G4426788383","display_name":null,"funder_award_id":"N00014-16-1-3214","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"},{"id":"https://openalex.org/G6471190695","display_name":null,"funder_award_id":"W911NF-13-1-0421","funder_id":"https://openalex.org/F4320338281","funder_display_name":"Army Research Office"},{"id":"https://openalex.org/G676520704","display_name":null,"funder_award_id":"CNS-1822094","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G6795819195","display_name":null,"funder_award_id":"CNS-1618117","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G6959850709","display_name":null,"funder_award_id":"N00014-15-1-2007","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"},{"id":"https://openalex.org/G801477776","display_name":null,"funder_award_id":"N00014-18-2893","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320337345","display_name":"Office of Naval Research","ror":"https://ror.org/00rk2pe57"},{"id":"https://openalex.org/F4320338281","display_name":"Army Research Office","ror":"https://ror.org/05epdh915"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":47,"referenced_works":["https://openalex.org/W170161968","https://openalex.org/W1509135693","https://openalex.org/W1774758602","https://openalex.org/W1884689072","https://openalex.org/W1989085188","https://openalex.org/W1999298106","https://openalex.org/W2006809639","https://openalex.org/W2009829087","https://openalex.org/W2019578814","https://openalex.org/W2020936921","https://openalex.org/W2021327598","https://openalex.org/W2023306951","https://openalex.org/W2025553284","https://openalex.org/W2030112111","https://openalex.org/W2042720915","https://openalex.org/W2050296478","https://openalex.org/W2054626033","https://openalex.org/W2086553822","https://openalex.org/W2097267243","https://openalex.org/W2100783932","https://openalex.org/W2107911557","https://openalex.org/W2114024372","https://openalex.org/W2121386924","https://openalex.org/W2125927592","https://openalex.org/W2126960670","https://openalex.org/W2131976234","https://openalex.org/W2134080857","https://openalex.org/W2135359429","https://openalex.org/W2149929743","https://openalex.org/W2151295171","https://openalex.org/W2154691736","https://openalex.org/W2162176660","https://openalex.org/W2218132318","https://openalex.org/W2253893204","https://openalex.org/W2346878720","https://openalex.org/W2490171383","https://openalex.org/W2516452397","https://openalex.org/W2528123348","https://openalex.org/W2559753054","https://openalex.org/W2765667105","https://openalex.org/W2792577982","https://openalex.org/W6628932435","https://openalex.org/W6639159786","https://openalex.org/W6640709003","https://openalex.org/W6712361343","https://openalex.org/W6722583902","https://openalex.org/W6767270520"],"related_works":["https://openalex.org/W2969720675","https://openalex.org/W2359085393","https://openalex.org/W2021087413","https://openalex.org/W2936467198","https://openalex.org/W2156083280","https://openalex.org/W4214849386","https://openalex.org/W72859687","https://openalex.org/W4361801999","https://openalex.org/W2911945468","https://openalex.org/W2953105088"],"abstract_inverted_index":{"Account":[0,176],"recovery":[1,62,82,94,148,183,194],"(usually":[2],"through":[3],"a":[4,16,29,35,75,124,168],"password":[5,61,81,93,108,147,182,193],"reset)":[6],"on":[7,13,51],"many":[8],"websites":[9],"has":[10,63],"mainly":[11],"relied":[12],"accessibility":[14],"to":[15,20,34,78,134,155,179,192],"registered":[17,42],"email,":[18],"due":[19],"its":[21],"favorable":[22],"deployability":[23],"and":[24,92,121,166],"usability.":[25],"However,":[26],"it":[27],"makes":[28],"user&#x0027;s":[30],"online":[31],"accounts":[32,142],"vulnerable":[33],"single":[36],"point":[37],"of":[38,103,116,127,190],"failure":[39],"when":[40],"the":[41,55,80,85,90,113],"email":[43,118,137,141,170],"account":[44],"is":[45],"compromised.":[46],"While":[47],"previous":[48],"research":[49],"focuses":[50],"strengthening":[52],"user":[53,136],"passwords,":[54],"security":[56,114,171],"risk":[57],"imposed":[58],"by":[59,160,185],"email-based":[60],"not":[64],"yet":[65],"been":[66],"well":[67],"studied.":[68],"In":[69],"this":[70],"article,":[71],"we":[72,88,151,164],"first":[73],"conduct":[74,152],"measurement":[76],"study":[77],"characterize":[79],"activities":[83],"in":[84],"wild.":[86],"Specifically,":[87],"examine":[89],"authentication":[91],"protocols":[95],"from":[96],"239":[97],"traffic-heavy":[98],"websites,":[99],"confirming":[100],"that":[101,123],"most":[102],"them":[104,128],"use":[105],"emails":[106],"for":[107,145],"recovery.":[109],"We":[110],"further":[111],"scrutinize":[112],"policy":[115],"leading":[117],"service":[119],"providers":[120],"show":[122],"significant":[125],"portion":[126],"takes":[129],"no":[130],"or":[131],"marginal":[132],"effort":[133],"protect":[135],"accounts,":[138],"leaving":[139],"compromised":[140],"readily":[143],"available":[144],"mounting":[146],"attacks.":[149,162],"Then,":[150],"case":[153],"studies":[154],"assess":[156],"potential":[157],"losses":[158],"caused":[159],"such":[161],"Finally,":[163],"propose":[165],"implement":[167],"lightweight":[169],"enhancement":[172],"called":[173],"Secure":[174],"Email":[175],"Recovery":[177],"(SEAR)":[178],"defend":[180],"against":[181],"attacks":[184],"adding":[186],"an":[187],"extra":[188],"layer":[189],"protection":[191],"emails.":[195]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":1}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}