{"id":"https://openalex.org/W4388858451","doi":"https://doi.org/10.1145/3576915.3623180","title":"\"We've Disabled MFA for You\": An Evaluation of the Security and Usability of Multi-Factor Authentication Recovery Deployments","display_name":"\"We've Disabled MFA for You\": An Evaluation of the Security and Usability of Multi-Factor Authentication Recovery Deployments","publication_year":2023,"publication_date":"2023-11-15","ids":{"openalex":"https://openalex.org/W4388858451","doi":"https://doi.org/10.1145/3576915.3623180"},"language":"en","primary_location":{"id":"doi:10.1145/3576915.3623180","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3576915.3623180","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5091490378","display_name":"Sabrina Amft","orcid":"https://orcid.org/0009-0002-2315-8989"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Sabrina Klivan","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security, Hanover, Germany"],"raw_orcid":"https://orcid.org/0009-0002-2315-8989","affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security, Hanover, Germany","institution_ids":["https://openalex.org/I4210128801"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5092206188","display_name":"Sandra H\u00f6ltervennhoff","orcid":"https://orcid.org/0000-0003-4284-0473"},"institutions":[{"id":"https://openalex.org/I114112103","display_name":"Leibniz University Hannover","ror":"https://ror.org/0304hq317","country_code":"DE","type":"education","lineage":["https://openalex.org/I114112103"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Sandra H\u00f6ltervennhoff","raw_affiliation_strings":["Leibniz University Hannover, Hanover, Germany"],"raw_orcid":"https://orcid.org/0000-0003-4284-0473","affiliations":[{"raw_affiliation_string":"Leibniz University Hannover, Hanover, Germany","institution_ids":["https://openalex.org/I114112103"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5019080958","display_name":"Nicolas Huaman","orcid":"https://orcid.org/0000-0003-2733-5073"},"institutions":[{"id":"https://openalex.org/I114112103","display_name":"Leibniz University Hannover","ror":"https://ror.org/0304hq317","country_code":"DE","type":"education","lineage":["https://openalex.org/I114112103"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Nicolas Huaman","raw_affiliation_strings":["Leibniz University Hannover, Hanover, Germany"],"raw_orcid":"https://orcid.org/0000-0003-2733-5073","affiliations":[{"raw_affiliation_string":"Leibniz University Hannover, Hanover, Germany","institution_ids":["https://openalex.org/I114112103"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101606973","display_name":"Alexander Krause","orcid":"https://orcid.org/0000-0003-2993-2568"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Alexander Krause","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security, Hanover, Germany"],"raw_orcid":"https://orcid.org/0000-0003-2993-2568","affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security, Hanover, Germany","institution_ids":["https://openalex.org/I4210128801"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5030968888","display_name":"Lucy Simko","orcid":"https://orcid.org/0000-0003-2191-1332"},"institutions":[{"id":"https://openalex.org/I193531525","display_name":"George Washington University","ror":"https://ror.org/00y4zzh67","country_code":"US","type":"education","lineage":["https://openalex.org/I193531525"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Lucy Simko","raw_affiliation_strings":["The George Washington University, Washington, DC, USA"],"raw_orcid":"https://orcid.org/0000-0003-2191-1332","affiliations":[{"raw_affiliation_string":"The George Washington University, Washington, DC, USA","institution_ids":["https://openalex.org/I193531525"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5074668699","display_name":"Yasemin Acar","orcid":"https://orcid.org/0000-0001-7167-7383"},"institutions":[{"id":"https://openalex.org/I193531525","display_name":"George Washington University","ror":"https://ror.org/00y4zzh67","country_code":"US","type":"education","lineage":["https://openalex.org/I193531525"]},{"id":"https://openalex.org/I206945453","display_name":"Paderborn University","ror":"https://ror.org/058kzsd48","country_code":"DE","type":"education","lineage":["https://openalex.org/I206945453"]}],"countries":["DE","US"],"is_corresponding":false,"raw_author_name":"Yasemin Acar","raw_affiliation_strings":["Paderborn University &amp; The George Washington University, Paderborn, Germany"],"raw_orcid":"https://orcid.org/0000-0001-7167-7383","affiliations":[{"raw_affiliation_string":"Paderborn University &amp; The George Washington University, Paderborn, Germany","institution_ids":["https://openalex.org/I206945453","https://openalex.org/I193531525"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5087356408","display_name":"Sascha Fahl","orcid":"https://orcid.org/0000-0002-5644-3316"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Sascha Fahl","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security, Hanover, Germany"],"raw_orcid":"https://orcid.org/0000-0002-5644-3316","affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security, Hanover, Germany","institution_ids":["https://openalex.org/I4210128801"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":6.9016,"has_fulltext":false,"cited_by_count":16,"citation_normalized_percentile":{"value":0.96977251,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"3138","last_page":"3152"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11045","display_name":"Privacy, Security, and Data Protection","score":0.9937999844551086,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/multi-factor-authentication","display_name":"Multi-factor authentication","score":0.7413510084152222},{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.7305780649185181},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7137167453765869},{"id":"https://openalex.org/keywords/usability","display_name":"Usability","score":0.6826547384262085},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.6156104207038879},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6020376086235046},{"id":"https://openalex.org/keywords/factor","display_name":"Factor (programming language)","score":0.50674968957901},{"id":"https://openalex.org/keywords/one-time-password","display_name":"One-time password","score":0.4874751567840576},{"id":"https://openalex.org/keywords/lightweight-extensible-authentication-protocol","display_name":"Lightweight Extensible Authentication Protocol","score":0.42572975158691406},{"id":"https://openalex.org/keywords/authentication-protocol","display_name":"Authentication protocol","score":0.31526249647140503},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.11698725819587708}],"concepts":[{"id":"https://openalex.org/C194699767","wikidata":"https://www.wikidata.org/wiki/Q7878662","display_name":"Multi-factor authentication","level":4,"score":0.7413510084152222},{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.7305780649185181},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7137167453765869},{"id":"https://openalex.org/C170130773","wikidata":"https://www.wikidata.org/wiki/Q216378","display_name":"Usability","level":2,"score":0.6826547384262085},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.6156104207038879},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6020376086235046},{"id":"https://openalex.org/C2781039887","wikidata":"https://www.wikidata.org/wiki/Q1391724","display_name":"Factor (programming language)","level":2,"score":0.50674968957901},{"id":"https://openalex.org/C89479133","wikidata":"https://www.wikidata.org/wiki/Q1137840","display_name":"One-time password","level":3,"score":0.4874751567840576},{"id":"https://openalex.org/C167169670","wikidata":"https://www.wikidata.org/wiki/Q1824705","display_name":"Lightweight Extensible Authentication Protocol","level":4,"score":0.42572975158691406},{"id":"https://openalex.org/C21564112","wikidata":"https://www.wikidata.org/wiki/Q4825885","display_name":"Authentication protocol","level":3,"score":0.31526249647140503},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.11698725819587708},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3576915.3623180","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3576915.3623180","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":36,"referenced_works":["https://openalex.org/W159321140","https://openalex.org/W762975277","https://openalex.org/W1492458989","https://openalex.org/W1655958391","https://openalex.org/W2024562548","https://openalex.org/W2045591401","https://openalex.org/W2048755632","https://openalex.org/W2057366964","https://openalex.org/W2074279819","https://openalex.org/W2107911557","https://openalex.org/W2110695853","https://openalex.org/W2162176660","https://openalex.org/W2253893204","https://openalex.org/W2292723020","https://openalex.org/W2544337092","https://openalex.org/W2765667105","https://openalex.org/W2792577982","https://openalex.org/W2794591479","https://openalex.org/W2795673503","https://openalex.org/W2799210599","https://openalex.org/W2904027722","https://openalex.org/W2905913776","https://openalex.org/W2962940036","https://openalex.org/W2964203713","https://openalex.org/W2966170946","https://openalex.org/W3011335693","https://openalex.org/W3017863658","https://openalex.org/W3032010444","https://openalex.org/W3087979773","https://openalex.org/W3097523736","https://openalex.org/W3162570939","https://openalex.org/W3208153782","https://openalex.org/W4213455276","https://openalex.org/W4288057810","https://openalex.org/W4324007111","https://openalex.org/W4388858451"],"related_works":["https://openalex.org/W2093798919","https://openalex.org/W2393298610","https://openalex.org/W3022695109","https://openalex.org/W2390304521","https://openalex.org/W2907262898","https://openalex.org/W2352114587","https://openalex.org/W4253316174","https://openalex.org/W2050433615","https://openalex.org/W128488073","https://openalex.org/W2135836328"],"abstract_inverted_index":{"Multi-Factor":[0],"Authentication":[1],"is":[2],"intended":[3],"to":[4],"strengthen":[5],"the":[6],"security":[7],"of":[8],"password-based":[9],"authentication":[10],"by":[11],"adding":[12],"another":[13],"factor,":[14],"such":[15],"as":[16],"hardware":[17],"tokens":[18],"or":[19],"one-time":[20],"passwords":[21],"using":[22],"mobile":[23],"apps.":[24]},"counts_by_year":[{"year":2026,"cited_by_count":4},{"year":2025,"cited_by_count":7},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2023-11-22T00:00:00"}