Philipp Markert (Ruhr University Bochum), Andrick Adhikari (University of Denver), Sanchari Das (University of Denver)

Websites are used regularly in our day-to-day lives, yet research has shown that it is challenging for many users to use them securely, e.g., most prominently due to weak passwords through which they access their accounts. At the same time, many services employ low-security measures, making their users even more prone to account compromises with little to no means of remediating compromised accounts. Additionally, remediating compromised accounts requires users to complete a series of steps, ideally all provided and explained by the service. However, for U.S.-based websites, prior research has shown that the advice provided by many services is often incomplete. To further understand the underlying issue and its implications, this paper reports on a study that analyzes the account remediation procedure covering the 50 most popular websites in 30 countries, 6 each in Africa, the Americas, Asia, Europe, and Oceania. We conducted the first transcontinental analysis on the account remediation protocols of popular websites. The analysis is based on 5 steps websites need to provide advice for: compromise discovery, account recovery, access limitation, service restoration, and prevention. We find that the lack of advice prior work identified for websites from the U.S. also holds across continents, with the presence ranging from 37% to 77% on average. Additionally, we identified considerable differences when comparing countries and continents, with countries in Africa and Oceania significantly more affected by the lack of advice. To address this, we suggest providing publicly available and easy-to-follow remediation advice for users and guidance for website providers so they can provide all the necessary information.

View More Papers

Fusion: Efficient and Secure Inference Resilient to Malicious Servers

Caiqin Dong (Jinan University), Jian Weng (Jinan University), Jia-Nan Liu (Jinan University), Yue Zhang (Jinan University), Yao Tong (Guangzhou Fongwell Data Limited Company), Anjia Yang (Jinan University), Yudan Cheng (Jinan University), Shun Hu (Jinan University)

Read More

Let Me Unwind That For You: Exceptions to Backward-Edge...

Victor Duta (Vrije Universiteit Amsterdam), Fabian Freyer (University of California San Diego), Fabio Pagani (University of California, Santa Barbara), Marius Muench (Vrije Universiteit Amsterdam), Cristiano Giuffrida (Vrije Universiteit Amsterdam)

Read More

Faster Secure Comparisons with Offline Phase for Efficient Private...

Florian Kerschbaum (University of Waterloo), Erik-Oliver Blass (Airbus), Rasoul Akhavan Mahdavi (University of Waterloo)

Read More