Websites are used regularly in our day-today lives, yet research has shown that it is challenging for many users to use them securely, e.g., most prominently due to weak passwords through which they access their accounts. At the same time, many services employ low-security measures, making their users even more prone to account compromises with little to no means of remediating compromised accounts. Additionally, remediating compromised accounts requires users to complete a series of steps, ideally all provided and explained by the service. However, for U.S.-based websites, prior research has shown that the advice provided by many services is often incomplete. To further understand the underlying issue and its implications, this paper reports on a study that analyzes the account remediation procedure covering the 50 most popular websites in 30 countries, 6 each in Africa, the Americas, Asia, Europe, and Oceania. We conducted the first transcontinental analysis on the account remediation protocols of popular websites. The analysis is based on 5 steps websites need to provide advice for: compromise discovery, account recovery, access limitation, service restoration, and prevention. We find that the lack of advice prior work identified for websites from the U.S. also holds across continents, with the presence ranging from 37% to 77% on average. Additionally, we identified considerable differences when comparing countries and continents, with countries in Africa and Oceania significantly more affected by the lack of advice. To address this, we suggest providing publicly available and easy-to-follow remediation advice for users and guidance for website providers so they can provide all the necessary information.
翻译:我们的日常生活中经常使用网站,但研究显示,许多用户很难安全地使用网站,例如,由于密码薄弱,最突出的原因是他们访问账户的密码薄弱。与此同时,许多服务采用低安全措施,使得他们的用户更容易在会计上妥协,很少甚至根本没有补救被破坏的账户。此外,纠正失密的账户要求用户完成一系列步骤,最好都是由服务提供和解释的。然而,对于以美国为基础的网站来说,先前的研究表明,许多服务提供的咨询意见往往不完整。为了进一步理解根本问题及其影响,本文件报告的一项研究分析了30个国家、6个非洲国家、美洲、亚洲、欧洲和大洋洲50个最受欢迎的网站的账户纠正程序。我们首次对流行网站的账户补救规程进行了跨大陆分析。根据5个步骤进行的分析需要提供咨询意见,以便:妥协发现、账户恢复、访问限制、服务恢复和预防。我们发现,许多用户提供的建议往往不完整。为了进一步理解根本问题及其影响,本文件报告的一项研究分析了30个国家、6个非洲国家、美洲、亚洲、亚洲、欧洲、欧洲和大洋洲的50个最受欢迎的网站的账户的修复程序。我们发现,需要事先向非洲提供建议。