We are delighted to announce that 2 of our publications will appear at the ACM CCS 2023 in Copenhagen, Denmark. Congratulations to the authors!

• “We’ve Disabled MFA for You”: An Evaluation of the Security and Usability of Multi-Factor Authentication Recovery Deployments. Sabrina Amft, Sandra Höltervennhoff, Nicolas Huaman, Alexander Krause, Lucy Simko, Yasemin Acar and Sascha Fahl. In 2023 ACM SIGSAC Conference on Computer and Communications Security (CCS ‘23), November 26–30, 2023, Copenhagen, Denmark. In our work, we investigate the presence and communication of recovery of MFA by evaluating the processes for MFA and its recovery mentioned on websites. We first examine a larger sample of 1,303 websites, followed by an in-depth experiment in which we created accounts and simulated MFA loss. Finally, we draw a comparison between communicated practices and our user experience, and give websites recommendations how MFA recovery should be set up and communicated to users to keep a balance between usability and security.

• “Make Them Change it Every Week!”: A Qualitative Exploration of Online Developer Advice on Usable and Secure Authentication. Jan H. Klemmer, Marco Gutfleisch, Christian Stransky, Yasemin Acar, M. Angela Sasse and Sascha Fahl. In 2023 ACM SIGSAC Conference on Computer and Communications Security (CCS ‘23), November 26–30, 2023, Copenhagen, Denmark. The paper explores what advice on usable and secure authentication exists online that aids developers. The qualitative study uncovered that the advice is scattered and passwords are the most common topic, while lots of advice are outdated, debatable, or contradicting - ultimately making it hard for developers to adopt good advice. The presentation at CCS will be on Wednesday, November 29, 2023 at 11:00 in the “Security Usability and Mesaurement” track’s “Security Professionals” session (Room Hall Pjerrot).