A Transcontinental Analysis of Account Remediation Protocols of Popular Websites

TL;DR

This study conducts a comprehensive analysis of account remediation protocols across 50 popular websites in 30 countries, revealing significant gaps in security advice and highlighting regional disparities in remediation support.

Contribution

First transcontinental analysis of account remediation procedures, identifying widespread deficiencies and regional differences in security advice across popular websites.

Findings

U.S. websites lack advice in 37-77% of cases

African and Oceanian websites are most affected by lack of advice

Significant regional disparities in remediation support

Abstract

Websites are used regularly in our day-today lives, yet research has shown that it is challenging for many users to use them securely, e.g., most prominently due to weak passwords through which they access their accounts. At the same time, many services employ low-security measures, making their users even more prone to account compromises with little to no means of remediating compromised accounts. Additionally, remediating compromised accounts requires users to complete a series of steps, ideally all provided and explained by the service. However, for U.S.-based websites, prior research has shown that the advice provided by many services is often incomplete. To further understand the underlying issue and its implications, this paper reports on a study that analyzes the account remediation procedure covering the 50 most popular websites in 30 countries, 6 each in Africa, the Americas, Asia, Europe, and Oceania. We conducted the first transcontinental analysis on the account remediation protocols of popular websites. The analysis is based on 5 steps websites need to provide advice for: compromise discovery, account recovery, access limitation, service restoration, and prevention. We find that the lack of advice prior work identified for websites from the U.S. also holds across continents, with the presence ranging from 37% to 77% on average. Additionally, we identified considerable differences when comparing countries and continents, with countries in Africa and Oceania significantly more affected by the lack of advice. To address this, we suggest providing publicly available and easy-to-follow remediation advice for users and guidance for website providers so they can provide all the necessary information.