2FA Backups

Betreuerin: Eva (gerlitz@cs.uni-bonn.de)

This Lab is suitable for a group

Experts recommend using multi factor authentication, but losing the second factor can result in not being able to access the account anymore (or at least the recovery will be more complicated than a simple password reset)

Are people who make use of multi factor authentication aware of this problem? Do they have accessible backups (e.g.recovery keys)?

Goal of this lab will be:

Design interview study in which participants will go through accounts they secured with an additional factor. Together, find out how they could gain access to their accounts in case they lost this additional factor. Find out what they think about this recovery strategy: Would it be possible for them? Are they surprised by those steps?

Literature to start with:

https://dl.acm.org/doi/10.1145/2785830.2785839 https://arxiv.org/pdf/2105.12477.pdf

https://www.ndss-symposium.org/wp-content/uploads/2019/02/usec2019_04-4_Markert_paper.pdf

Requirements:

You need to have passed the lecture “Usable security and privacy” or be willing to learn it on your own (english slides and german videos will be provided)

Next