What is it about?
Risk-based Authentication (RBA) protects user accounts from hacking attempts - even when attackers know your username and password. Google, Facebook, Amazon and others use this technology but they keep it a secret. We did multiple studies to find out how eight popular online services use RBA and how their internal algorithms work more or less.
Featured Image
Photo by Con Karampelas on Unsplash
Why is it important?
RBA is getting more and more important since the NIST recommends it. Nowadays, login credentials of online services get stolen on a large scale. Hackers obtain these databases and try these credentials on other online services in the hope that the user is reusing the password. That's why preventing these attempts is even more important today. Our results on RBA can help smaller and medium websites to better protect their users. Before that, only big websites had the capacity to use RBA. We provide important insights for developers and researchers to foster the widespread adoption of RBA.
Perspectives
After publishing, this paper was widely discussed and spread by (influencing) people of the IT security community on the internet. This underlines the relevance of the results and hopefully will help to increase the public awareness of RBA.
Stephan Wiefling
Technische Hochschule Koln
Read the Original
This page is a summary of: Is This Really You? An Empirical Study on Risk-Based Authentication Applied in the Wild, January 2019, Springer Science + Business Media,
DOI: 10.1007/978-3-030-22312-0_10.
You can read the full text:
Resources
Contributors
The following have contributed to this page
