Understanding Users' Interaction with Login Notifications

TL;DR

This paper investigates how users understand and respond to login notifications, revealing that users recognize legitimate logins but require better support to prevent malicious access, with implications for improving account security.

Contribution

It provides empirical insights into user comprehension and reactions to login notifications, offering recommendations for enhancing usability and security in account access.

Findings

Users can identify legitimate logins accurately.

Users need more support to detect and stop malicious logins.

Recommendations for service providers to improve login notification effectiveness.

Abstract

Login notifications intend to inform users about sign-ins and help them protect their accounts from unauthorized access. Notifications are usually sent if a login deviates from previous ones, potentially indicating malicious activity. They contain information like the location, date, time, and device used to sign in. Users are challenged to verify whether they recognize the login (because it was them or someone they know) or to protect their account from unwanted access. In a user study, we explore users' comprehension, reactions, and expectations of login notifications. We utilize two treatments to measure users' behavior in response to notifications sent for a login they initiated or based on a malicious actor relying on statistical sign-in information. We find that users identify legitimate logins but need more support to halt malicious sign-ins. We discuss the identified problems and give recommendations for service providers to ensure usable and secure logins for everyone.