ดูบทความ

As text-based passwords continue to be the dominant form for user identification today, services try to protect their costumers by offering enhanced, and more secure, technologies for authentication. One of the most promising is two-factor authentication (2FA). 2FA raises the bar for the attacker significantly, however, it is still questionable if the technology can be realistically adopted by the majority of Internet users. In this paper, we attempt a first study for quantifying the adoption of 2FA in probably the largest existing provider, namely Google. For achieving this, we leverage the password-reminder process in a novel way for discovering if 2FA is enabled for a particular account, without annoying or affecting the account's owner. Our technique has many challenges to overcome, since it requires issuing massively thousands of password reminders. In order to remain below the radar, and therefore avoid solving …