Details
Originalsprache | Englisch |
---|---|
Titel des Sammelwerks | CHI '24 |
Untertitel | Proceedings of the CHI Conference on Human Factors in Computing Systems |
Seitenumfang | 17 |
ISBN (elektronisch) | 9798400703300 |
Publikationsstatus | Veröffentlicht - 11 Mai 2024 |
Veranstaltung | 2024 CHI Conference on Human Factors in Computing Sytems, CHI 2024 - Hybrid, Honolulu, USA / Vereinigte Staaten Dauer: 11 Mai 2024 → 16 Mai 2024 |
Abstract
Login notifications intend to inform users about sign-ins and help them protect their accounts from unauthorized access. Notifications are usually sent if a login deviates from previous ones, potentially indicating malicious activity. They contain information like the location, date, time, and device used to sign in. Users are challenged to verify whether they recognize the login (because it was them or someone they know) or to protect their account from unwanted access. In a user study, we explore users' comprehension, reactions, and expectations of login notifications. We utilize two treatments to measure users' behavior in response to notifications sent for a login they initiated or based on a malicious actor relying on statistical sign-in information. We find that users identify legitimate logins but need more support to halt malicious sign-ins. We discuss the identified problems and give recommendations for service providers to ensure usable and secure logins for everyone.
ASJC Scopus Sachgebiete
- Informatik (insg.)
- Mensch-Maschine-Interaktion
- Informatik (insg.)
- Computergrafik und computergestütztes Design
- Informatik (insg.)
- Software
Zitieren
- Standard
- Harvard
- Apa
- Vancouver
- BibTex
- RIS
CHI '24: Proceedings of the CHI Conference on Human Factors in Computing Systems. 2024. 853.
Publikation: Beitrag in Buch/Bericht/Sammelwerk/Konferenzband › Aufsatz in Konferenzband › Forschung › Peer-Review
}
TY - GEN
T1 - Understanding Users' Interaction with Login Notifications
AU - Markert, Philipp
AU - Lassak, Leona
AU - Golla, Maximilian
AU - Dürmuth, Markus
N1 - Publisher Copyright: © 2024 Copyright held by the owner/author(s)
PY - 2024/5/11
Y1 - 2024/5/11
N2 - Login notifications intend to inform users about sign-ins and help them protect their accounts from unauthorized access. Notifications are usually sent if a login deviates from previous ones, potentially indicating malicious activity. They contain information like the location, date, time, and device used to sign in. Users are challenged to verify whether they recognize the login (because it was them or someone they know) or to protect their account from unwanted access. In a user study, we explore users' comprehension, reactions, and expectations of login notifications. We utilize two treatments to measure users' behavior in response to notifications sent for a login they initiated or based on a malicious actor relying on statistical sign-in information. We find that users identify legitimate logins but need more support to halt malicious sign-ins. We discuss the identified problems and give recommendations for service providers to ensure usable and secure logins for everyone.
AB - Login notifications intend to inform users about sign-ins and help them protect their accounts from unauthorized access. Notifications are usually sent if a login deviates from previous ones, potentially indicating malicious activity. They contain information like the location, date, time, and device used to sign in. Users are challenged to verify whether they recognize the login (because it was them or someone they know) or to protect their account from unwanted access. In a user study, we explore users' comprehension, reactions, and expectations of login notifications. We utilize two treatments to measure users' behavior in response to notifications sent for a login they initiated or based on a malicious actor relying on statistical sign-in information. We find that users identify legitimate logins but need more support to halt malicious sign-ins. We discuss the identified problems and give recommendations for service providers to ensure usable and secure logins for everyone.
KW - authentication
KW - email
KW - notification
KW - password change
KW - risk-based authentication
UR - http://www.scopus.com/inward/record.url?scp=85194876256&partnerID=8YFLogxK
U2 - 10.48550/arXiv.2212.07316
DO - 10.48550/arXiv.2212.07316
M3 - Conference contribution
AN - SCOPUS:85194876256
BT - CHI '24
T2 - 2024 CHI Conference on Human Factors in Computing Sytems, CHI 2024
Y2 - 11 May 2024 through 16 May 2024
ER -