Two-factor authentication is often recommended for increasing online security, and users often follow this by using their phones. If physical items become unavailable, there is a risk of losing access to the account due to missing authentication requirements. In such cases, users need a backup or help from the service. Previous work found no standardized approach to how services address this issue, assist users, or offer backup options. Until now, it is unclear how users handle backups and account recovery and what their expectations towards service providers are. To shed light on this, we conducted 16 interviews and a survey with 95 participants. We found that most had never considered how to access their accounts if the second factor was lost, and only a few had a backup plan. Instead, users often rely on website support, assuming that personal data will help them regain access. We give recommendations for services.
https://dl.acm.org/doi/10.1145/3706598.3714245
The ACM CHI Conference on Human Factors in Computing Systems (https://chi2025.acm.org/)