Abstract:Nowadays, most online services offer different authentication methods that users can set up for multi-factor authentication but also as a recovery method. This configuration must be done thoroughly to prevent an adversary's access while ensuring the legitimate user does not lose access to their account. This is particularly important for fundamental everyday services, where either failure would have severe consequences. Nevertheless, little research has been done on the authentication of actual users regarding security and the risk of being locked out of their accounts.

What problem does this paper attempt to address?

### What problems does this paper attempt to solve? This paper aims to explore the impact of multi - factor authentication (MFA) and recovery settings on the security and accessibility of user accounts. Specifically, the author focuses on the following aspects: 1. **Enhancing account security**: By analyzing the multi - factor authentication methods configured by users, evaluate whether these configurations can effectively prevent malicious users from obtaining account access rights. 2. **Ensuring account accessibility**: Research whether users can successfully regain account access rights through the backup recovery mechanism in case they lose their primary authentication device or forget their password. 3. **Analysis of actual user behavior**: Through surveys of Google and Apple users, understand how they configure multi - factor authentication and recovery options in actual use, and reveal the differences in security and ease - of - use between different platforms. 4. **Identifying potential risks**: Discover the risk that many users may not be able to access their accounts when they lose a single authentication device, and propose improvement measures to reduce this risk. 5. **Introducing a new scoring system**: Develop and apply an improved Account Access Graphs (AAG) model and its scoring system to more accurately assess the security and accessibility of accounts. #### Main contributions - Proposed an improved AAG accessibility scoring scheme with higher practical value. - Analyzed the authentication configurations of actual users on Google and Apple accounts, revealing significant security differences. - Through large - scale user surveys and the application of the AAG model, demonstrated the scalability of AAG in studying account configurations of larger populations. #### Research background As the importance of online services in daily life increases, the security and accessibility of user accounts become crucial. Although multi - factor authentication can significantly improve account security, many users consider it inconvenient and are therefore reluctant to enable it. In addition, if the recovery mechanism is not properly designed, it may become a weak link in account security. This paper conducts in - depth research on these issues through empirical research and provides a basis for future improvements. ### Summary This paper analyzes the impact of multi - factor authentication and recovery settings on the security and accessibility of user accounts through a systematic research method, reveals the existing problems, and proposes improvement suggestions. This is of great significance for improving the security and user experience of online services.

Evaluating the Influence of Multi-Factor Authentication and Recovery Settings on the Security and Accessibility of User Accounts

"We've Disabled MFA for You": An Evaluation of the Security and Usability of Multi-Factor Authentication Recovery Deployments

Evaluating User Perception of Multi-Factor Authentication: A Systematic Review

Is It Really You Who Forgot the Password? When Account Recovery Meets Risk-Based Authentication

Evaluation of Secure OpenID-Based RAAA User Authentication Protocol for Preventing Specific Web Attacks in Web Apps

How effective is multifactor authentication at deterring cyberattacks?

Evaluation of Real-World Risk-Based Authentication at Online Services Revisited: Complexity Wins

That Depends -- Assessing User Perceptions of Authentication Schemes across Contexts of Use

Excavating Vulnerabilities Lurking in Multi-Factor Authentication Protocols: A Systematic Security Analysis

Choosing the right MFA method for online systems: A comparative analysis

Is This Really You? An Empirical Study on Risk-Based Authentication Applied in the Wild

SMS Goes Nuclear: Fortifying SMS-Based MFA in Online Account Ecosystem

"Make Them Change it Every Week!": A Qualitative Exploration of Online Developer Advice on Usable and Secure Authentication

On the Usability of Two-Factor Authentication.

What's in Score for Website Users: A Data-driven Long-term Study on Risk-based Authentication Characteristics

Evaluation of Risk-based Re-Authentication Methods

SoK: Web Authentication in the Age of End-to-End Encryption

Pump Up Password Security! Evaluating and Enhancing Risk-Based Authentication on a Real-World Large-Scale Online Service

Dynamic Combination of Authentication Factors Based on Quantified Risk and Benefit

Understanding Security Failures of Multi-Factor Authentication Schemes for Multi-Server Environments

Investigation of authentication methods on web services. Current trends and development prospects