Journal of Cyber Policy
Menu
  • Home
  • Articles
  • News
    • Industry News
    • Cyber Policy News
    • News Insights
  • Resources
    • Digital Downfall
    • Research
    • Cyber Security Books
    • Market Size
  • Guest Posts
  • About Us
    • Contact Us
    • Press Room
    • Reprints
Home » Cyber Security Research » Evaluating Login Challenges as a Defense Against Account Takeover

Evaluating Login Challenges as a Defense Against Account Takeover

August 25, 2019 Hugh Taylor Off Cyber Security Research,

 ABSTRACT
In this paper, we study the efficacy of login challenges at preventing
account takeover, as well as evaluate the amount of friction these
challenges create for normal users. These secondary authentication
factors—presently deployed at Google, Microsoft, and other major
identity providers as part of risk-aware authentication—trigger in
response to a suspicious login or account recovery attempt. Using
Google as a case study, we evaluate the effectiveness of fourteen
device-based, delegation-based, knowledge-based, and resourcebased challenges at preventing over 350,000 real-world hijacking
attempts stemming from automated bots, phishers, and targeted
attackers. We show that knowledge-based challenges prevent as
few as 10% of hijacking attempts rooted in phishing and 73% of
automated hijacking attempts. Device-based challenges provide the
best protection, blocking over 94% of hijacking attempts rooted in
phishing and 100% of automated hijacking attempts. We evaluate
the usability limitations of each challenge based on a sample of
1.2M legitimate users. Our results illustrate that login challenges
act as an important barrier to hijacking, but that friction in the
process leads to 52% of legitimate users failing to sign-in—though
97% of users eventually access their account in a short period.

​https://storage.googleapis.com/pub-tools-public-publication-data/pdf/ab2bedf04f6d4ff60c59b502809c2f151373de54.pdf 

Tags: account takeover, breaches

Previous: 4 in 10 dark net cybercriminals selling targeted FTSE 100 or Fortune 500 hacking services
Next: Forescout Releases Inaugural Device Cloud Research based on Leading Device Intelligence

Related posts

  • Reported Data Breaches Down by 52% in 2020

    Reported Data Breaches Down by 52% in 2020

    Reported Data Breaches Down by 52% in 2020 The number of reported data #breaches is down year-on-year Reported Data Breaches Down by 52% in 2020
  • UK organizations becoming more resilient to data breaches and cyber-attacks

    UK organizations becoming more resilient to data breaches and cyber-attacks

    UK organizations becoming more resilient to data breaches and cyber-attacks Phishing has supplanted malware as the most prolific cyber threat, #UK.gov study also finds UK...

About The Author

Hugh Taylor

Hugh Taylor is a Certified Information Security Manager (CISM). In addition to editing Journal of Cyber Policy, he writes about cybersecurity, compliance and enterprise technology for such clients as Microsoft, IBM, SAP, HPE, Oracle, Google and Advanced Micro Devices. Prior to launching his freelance writing career, he served in executive roles at Microsoft, IBM and several venture-backed technology startups.

Read Our New Report:

sponsor

Tags

1AI in cybersecurityautomotivecloud securityconsumer cybersecurityCOVID-19cybercrimeelectionsfinancial services cybersecuritygovernmentHealthcarehealthcare cybersecurityhuman resourcesindustrial cybersecurityIoTmarket sizephishingprivacyransomwarethreats

Recent Posts

  • The Arrest of a Florida Data Scientist Demonstrates a Weird Hole in Cybercrime Law
  • ‘Are you QAnon?’: One Trump official’s brush with an internet cult gone horribly wrong
  • The cybersecurity market in the Middle East & Africa was valued at USD 7.174 billion in 2019, and it is expected to register a CAGR of 14.08% during the forecast period of 2020-2025
  • Industrial Cyber Security (ICS) Market to Reach USD 29.41 Billion by 2027; Increasing Deployment of Robots in the Automotive Industry, states Fortune Business Insights™
  • Biden and Section 230: New administration, same problems for Facebook, Google and Twitter as under Trump

Categories

  • Articles and Opinion
  • Books and Reviews
  • Cyber Policy in the News
  • Cyber Security Research
  • Cyberphysical Security
  • Cyberwar
  • Enterprise Technology
  • Events
  • Featured
  • Guest Posts
  • Hardware Security
  • Industry News
  • Infographics
  • Just for Fun
  • Network Security
  • Personal observations
  • Secure Infrastructure
  • Thought Leader
  • Uncategorized

Archives

  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
Privacy Policy

Copyright 2018-2020 by HB Publications, LLC