A Longitudinal Study on Web-Sites Password Management (in)Security: Evidence and Remedies

Raponi, Simone; Pietro, Roberto Di

doi:10.1109/access.2020.2981207

Cited by 13 publications

(6 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The cost of using FCWs has been investigated in [17,18,20,28]. The correlation between FCW security and the use of a specific content management system has been introduced in [10], while other studies performed a correlation analysis on website security, such as [13,15,21,22,27]. Taking into consideration the number of studies and the lack of space, we concentrate solely on a subset of relevant studies to this work and their results.…”

Section: Related Workmentioning

confidence: 99%

“…Goethem et al [15] presents a large-scale security analysis of 22,851 websites originating in 28 European countries. Furthermore, Raponi and Di Pietro [27] analyzed the password recovery management mechanism of Alexa's top 200 websites, with domains registered in certain European countries. They found that more than 54% of the websites in France, 36% in Italy, 47% in Spain, and 33% in the UK were vulnerable in December 2017.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Do Content Management Systems Impact the Security of Free Content Websites?

Alqadhi

Alabduljabbar

Thomas

et al. 2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Free Content Websites (FCWs) are a significant element of the Web, and realizing their use is essential. This study analyzes FCWs worldwide by studying how they correlate with different network sizes, cloud service providers, and countries, depending on the type of content they offer. Additionally, we compare these findings with those of premium content websites (PCWs). Our analysis concluded that FCWs correlate mainly with networks of medium size, which are associated with a higher concentration of malicious websites. Moreover, we found a strong correlation between PCWs, cloud, and country hosting patterns. At the same time, some correlations were also observed concerning FCWs but with distinct patterns contrasting each other for both types. Our investigation contributes to comprehending the FCW ecosystem through correlation analysis, and the indicative results point toward controlling the potential risks caused by these sites through adequate segregation and filtering due to their concentration.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Do Content Management Systems Impact the Security of Free Content Websites?

Alqadhi

Alabduljabbar

Thomas

et al. 2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…However, they come with many security problems: Users tend to choose easily guessable passwords and re-use them for multiple accounts [18,69,87,89,90], or suffer from insecure or hard-to-use password policies [35,52,84]. Additionally, service providers may implement insecure and inadequate password storage, leaving millions of passwords unprotected due to data breaches [17,29,32,70,72,95]. Multi-Factor Authentication (MFA) adds an extra factor and additional security to passwordbased authentication schemes, and has become important in many authentication deployments on the web.…”

Section: Introductionmentioning

confidence: 99%

"We've Disabled MFA for You": An Evaluation of the Security and Usability of Multi-Factor Authentication Recovery Deployments

Amft,

Höltervennhoff,

Huaman

et al. 2023

Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

Multi-Factor Authentication is intended to strengthen the security of password-based authentication by adding another factor, such as hardware tokens or one-time passwords using mobile apps.However, this increased authentication security comes with potential drawbacks that can lead to account and asset loss. If users lose access to their additional authentication factors for any reason, they will be locked out of their accounts. Consequently, services that provide Multi-Factor Authentication should deploy procedures to allow their users to recover from losing access to their additional factor that are both secure and easy-to-use.In this work, we investigate the security and user experience of Multi-Factor Authentication recovery procedures, and compare their deployment to descriptions on help and support pages.We first evaluate the official help and support pages of 1,303 websites that provide Multi-Factor Authentication and collect documented information about their recovery procedures. Second, we select a subset of 71 websites, create accounts, set up Multi-Factor Authentication, and perform an in-depth investigation of their recovery procedure security and user experience.We find that many websites deploy insecure Multi-Factor Authentication recovery procedures and allowed us to circumvent and disable Multi-Factor Authentication when having access to the accounts' associated email addresses. Furthermore, we commonly observed discrepancies between our in-depth analysis and the official help and support pages, implying that information meant to aid users is often either incorrect or outdated.Based on our findings, we provide recommendations for best practices regarding Multi-Factor Authentication recovery.

show abstract

“…Password-based authentication is in use for a long time and the popular among wide user bases. However, as we are meeting rapid adoption of new technologies such as cloud applications, social networking sites, we often need to remember quite a few usernames and passwords daily, which is not always easy [2]. A recent study revealed that on average, a user maintains 25 online accounts [3].…”

Section: Introductionmentioning

confidence: 99%

Is My Password Strong Enough?: A Study on User Perception in The Developing World

Tanni¹,

Taharat²,

Parvez³

et al. 2022

EAI Endorsed Transactions on Creative Technologies

View full text Add to dashboard Cite

INTRODUCTION:The first line of defense in the cyber world is strong and difficult to predict passwords. However, users often choose highly predictable passwords based on personal information, dictionary words, birth date, etc. OBJECTIVES: The primary objective is to ascertain password choice and practices of users of developing countries. METHODS: Most of the existing studies are done in the developed world and our exhaustive search failed to find similar research in the context of developing countries. Here, we conducted detailed surveybased scrutiny about the passwordbased security perceptions of Bangladeshi nationals, which include 881 participants, primarily students, and professionals. RESULTS: Most of the users were found to have bad practices, for example, having personal information(56%), password reuse(69%), having commonly used patterns(81.3%). Students from technical backgrounds fared well compared to non-technical backgrounds as expected. However, some professionals (especially Bankers) surprisingly chose weaker passwords even though dealing with sensitive data. CONCLUSION: We also make a few recommendations to improve awareness.

show abstract

A Longitudinal Study on Web-Sites Password Management (in)Security: Evidence and Remedies

Cited by 13 publications

References 20 publications

Do Content Management Systems Impact the Security of Free Content Websites?

Do Content Management Systems Impact the Security of Free Content Websites?

"We've Disabled MFA for You": An Evaluation of the Security and Usability of Multi-Factor Authentication Recovery Deployments

Is My Password Strong Enough?: A Study on User Perception in The Developing World

Contact Info

Product

Resources

About