Pump Up Password Security! Evaluating and Enhancing Risk-Based Authentication on a Real-World Large-Scale Online Service. (arXiv:2206.15139v1 [cs.CR])

Risk-based authentication (RBA) aims to protect users against attacks
involving stolen passwords. RBA monitors features during login, and requests
re-authentication when feature values widely differ from previously observed
ones. It is recommended by various national security organizations, and users
perceive it more usable and equally secure than equivalent two-factor
authentication. Despite that, RBA is still only used by very few online
services. Reasons for this include a lack of validated open resources on RBA
properties, implementation, and configuration. This effectively …

authentication large password password security risk risk-based authentication scale security service world