Account Recovery Research
Password recovery processes are a central puzzle piece when it comes to account security. This list gives insights into common attacks, password reset guidelines and alternative processes.
Security Analysis of Email-Based Password Reset Procedures
An international group of researchers from USA, Italy and Belgium performed a security analysis of email-based account recovery mechanisms of a wide range of web applications from the Alexa Top 5K. While their paper describes a heterogenous reality when it comes to password reset processes, they also outline concrete password-recovery reset attacks.
“We hope that this paper will pave the way in highlighting the importance of improving the email-based account recovery mechanisms in real-world websites.”