”Who is Trying to Access My Account?” Exploring User Perceptions and Reactions to Risk-based Authentication Notifications
Tongxin Wei
Network and Distributed System Security (NDSS) Symposium 2025 · Day 2 · Privacy & Usability 2
In an era where account security is paramount, but user fatigue with complex authentication methods is common, **Risk-Based Authentication Notifications (RBANs)** offer a crucial middle ground. This talk, presented by Tongxin Wei, a PhD student at Nanka University, delves into the intricate world of user perceptions and reactions to these notifications. RBANs are designed to bolster account security on websites by intelligently detecting suspicious activity—such as logins from unfamiliar devices or IP addresses—and alerting the user, without demanding the constant overhead of two-factor authentication (2FA) for every login.
AI review
Competent HCI security research with a clear methodology and actionable design recommendations for RBAN practitioners. Nothing here will surprise security engineers who've read the adjacent usable-security literature, but the empirical grounding — 258 Prolific participants plus qualitative interviews, triggered against real top-5000 sites — gives it enough meat to be worth the slot at NDSS.