Poster: User Awareness of Phishing and WebAuthn

Mindy Tran, Sabrina Amft and Dominik Wermke.
In 43rd IEEE Symposium on Security and Privacy, IEEE S&P 2022, May 23-26, 2022
PDF Abstract Poster Cite URL



Two-factor authentication (2FA) adds an additional layer of security to password-based authentication. SMS and software-based 2FA methods are the most commonly adopted 2FA methods, but are vulnerable to several security attacks such as SIM-jacking, cloning, and phishing. WebAuthn implements several security measures to protect users from these attacks. However, active user adoption of WebAuthn still remains low. Common causes for low user adoption are often users’ doubts regarding benefits and utility.

In this work, we investigate users’ understanding and mental model of traditional 2FA methods and WebAuthn. We were particularly interested in finding out, whether users are aware of differences and benefits. For this, we designed and conducted a preliminary pilot study including a practical experiment. Our work utilizes expert reviews and answers from a pilot study to iteratively improve our survey and experiment.

Our results will be used to improve and guide the study design of a prospective large-scaled quantitative study.


	author = {Mindy Tran and Sabrina Amft and Dominik Wermke},
	howpublished = {In 43rd IEEE Symposium on Security and Privacy, IEEE S&P 2022, May 23-26, 2022},
	month = {May},
	title = {Poster: User Awareness of Phishing and WebAuthn},
	url = {},
	year = {2022}