@article{WieflingDuermuthLoIacono2021,
  author    = {Stephan Wiefling and Markus D{\"u}rmuth and Luigi Lo Iacono},
  title     = {Verify It's You: How Users Perceive Risk-based Authentication},
  series   = {IEEE Security \& Privacy},
  volume    = {19},
  number    = {6},
  publisher = {IEEE},
  issn      = {1540-7993},
  doi       = {10.1109/MSEC.2021.3077954},
  url       = {https://nbn-resolving.org/urn:nbn:de:hbz:1044-opus-54912},
  pages     = {2 -- 11},
  year      = {2021},
  abstract  = {Risk-based authentication (RBA) is an adaptive security measure to strengthen password-based authentication against account takeover attacks. Our study on 65 participants shows that users find RBA more usable than two-factor authentication equivalents and more secure than password-only authentication. We identify pitfalls and provide guidelines for putting RBA into practice.},
  language  = {en}
}