Account Recovery Research

Password recovery processes are a central puzzle piece when it comes to account security. This list gives insights into common attacks, password reset guidelines and alternative processes.

Security Analysis of Email-Based Password Reset Procedures

An international group of researchers from USA, Italy and Belgium performed a security analysis of email-based account recovery mechanisms of a wide range of web applications from the Alexa Top 5K. While their paper describes a heterogenous reality when it comes to password reset processes, they also outline concrete password-recovery reset attacks.

“We hope that this paper will pave the way in highlighting the importance of improving the email-based account recovery mechanisms in real-world websites.”

Read the Paper (PDF)