Philipp Markert (Ruhr University Bochum), Andrick Adhikari (University of Denver), Sanchari Das (University of Denver)

Websites are used regularly in our day-to-day lives, yet research has shown that it is challenging for many users to use them securely, e.g., most prominently due to weak passwords through which they access their accounts. At the same time, many services employ low-security measures, making their users even more prone to account compromises with little to no means of remediating compromised accounts. Additionally, remediating compromised accounts requires users to complete a series of steps, ideally all provided and explained by the service. However, for U.S.-based websites, prior research has shown that the advice provided by many services is often incomplete. To further understand the underlying issue and its implications, this paper reports on a study that analyzes the account remediation procedure covering the 50 most popular websites in 30 countries, 6 each in Africa, the Americas, Asia, Europe, and Oceania. We conducted the first transcontinental analysis on the account remediation protocols of popular websites. The analysis is based on 5 steps websites need to provide advice for: compromise discovery, account recovery, access limitation, service restoration, and prevention. We find that the lack of advice prior work identified for websites from the U.S. also holds across continents, with the presence ranging from 37% to 77% on average. Additionally, we identified considerable differences when comparing countries and continents, with countries in Africa and Oceania significantly more affected by the lack of advice. To address this, we suggest providing publicly available and easy-to-follow remediation advice for users and guidance for website providers so they can provide all the necessary information.

View More Papers

Short: Certifiably Robust Perception Against Adversarial Patch Attacks: A...

Chong Xiang (Princeton University), Chawin Sitawarin (University of California, Berkeley), Tong Wu (Princeton University), Prateek Mittal (Princeton University)

Read More

User Comprehension and Comfort with Eye-Tracking and Hand-Tracking Permissions...

Kaiming Cheng (University of Washington), Mattea Sim (Indiana University), Tadayoshi Kohno (University of Washington), Franziska Roesner (University of Washington)

Read More

Operationalizing Cybersecurity Research Ethics Review: From Principles and Guidelines...

Dennis Reidsma, Jeroen van der Ham, and Andrea Continella (University of Twente)

Read More

Paralyzing Drones via EMI Signal Injection on Sensory Communication...

Joonha Jang (KAIST), ManGi Cho (KAIST), Jaehoon Kim (KAIST), Dongkwan Kim (Samsung SDS), Yongdae Kim (KAIST)

Read More