Multi-Account Dashboard for Authentication Dependency Analysis

Multi-Account Dashboard for Authentication Dependency Analysis

연구 분야: Analysis

학회: ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and Security

User authentication is necessary for the majority of online services. If users fail to authenticate due to the loss of an authentication factor, fallback processes allow users to regain access to their accounts. However, most of the proposed and deployed fallback methods have substantial weaknesses that degrade security, e.g., guessable security questions. This is even more serious since through account dependencies (e.g., password reset via email), additional accounts can be compromised. On the other hand, misconfiguration of (fallback) authentication might result in locking a user out of an account. To help users to analyze their account security and accessibility risk, we present the multi-account dashboard (MAD). The MAD evaluates account types, applied primary and fallback authentication methods as well as the formed account network. By analyzing dependencies and transitive risks, weak links are discovered and indicated, and improvements are suggested. We further propose a service authentication description to collect the required information in an transparent way. The MAD is implemented as a plugin of the password manager KeePass. A following small-scale user study evaluates the usefulness and usability of the implementation.