Investigating Web Service Account Remediation Advice


Lorenzo Neil, North Carolina State University; Yasemin Acar, Leibniz University Hannover; Bradley Reaves, North Carolina State University


Online web services are susceptible to account compromises where adversaries gain access to a user's account. When this occurs, the victim must go through five phases to restore the account; these include: discover the compromise, restore their access, limit the adversary's access, restore the service to its pre-compromise state, and then take action to prevent repeat compromise. This is a technically complex process, and the quality and completeness of the advice that services give is of paramount importance. In this paper, we collect account remediation advice from 13 top US web services. We systematically investigate what advice web services provide about the five phases of account compromise remediation. We find that while most services cover all phases, specific, appropriate, and actionable advice is generally lacking in every service. This preliminary work highlights the need for better guidance both for operators and users at large.

    author = {Neil, Lorenzo and Acar, Yasemin and Reaves, Bradley},
    title = {{Investigating Web Service Account Remediation Advice}},
    booktitle = {Who Are You?! Adventures in Authentication Workshop},
    year = {2020},
    series = {WAY~'20},
    pages = {1--6},
    address = {Virtual Conference},
    month = aug,
    publisher = {}
} % No publisher