A person's online security setup is tied to the security of their individual accounts. Some accounts are particularly critical as they provide access to other online services. For example, an email account can be used for external account recovery or to assist with single-sign-on. The connections between accounts are specific to each user's setup and create unique security problems that are difficult to remedy by following generic security advice. In this paper, we develop a method to gather and analyze users' online accounts systematically. We demonstrate this in a user study with 20 participants and obtain detailed insights on how users' personal setup choices and behaviors affect their overall account security. We discuss concrete usability and privacy concerns that prevented our participants from improving their account security. Based on our findings, we provide recommendations for service providers and security experts to increase the adoption of security best practices.
https://dl.acm.org/doi/abs/10.1145/3491102.3502125
The ACM CHI Conference on Human Factors in Computing Systems (https://chi2022.acm.org/)