EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Quantifying Internet Privacy and Security Risks in Authentication Recovery Channels

Motunrayo Adebayo
Additional contact information
Motunrayo Adebayo: Indiana Wesleyan University

International Journal of Research and Innovation in Social Science, 2025, vol. 9, issue 8, 7785-7789

Abstract: Authentication recovery is an important step, yet it has often been overlooked in digital identity systems. In the event where users forget credentials, lose devices, or get locked out of accounts, a recovery mechanism such as SMS codes, email reset, magic links, or backup codes reinstates access. These days, recovery protection sacrifices their strength and becomes the points of vulnerabilities adversaries come to exploit. Why would a cybercriminal resort to brute-forcing a strong password when a recovery system may be weaker through SIM swap fraud, phishing, or fallback processes poorly executed? This paper studies the privacy and security threats that hide under recovery workflows presented in scholarly literature, industry standards, and technical advisories. It maintains that for account recovery being most commonly done using SMS and email, there are vulnerabilities always present with such recovery methods. Recovery by passkeys and WebAuthn offers more resilient protections yet remains less popular in the practical aspect. In the presence of maybe only some partial direction from standards like NIST SP 800-63B, ISO/IEC 27001, PCI DSS, OWASP guidelines, ENISA advisories, and in line with the FIDO2 specification, there is still no complete global framework issued for governing recovery. This research, by framing recovery as a security and privacy concern, takes a step toward demanding the need for recovery-by-design principles that include consideration of resilience, minimization of identifiers, and transparency to end-users. Without a change to recovery, it will keep eroding digital trust, leaving accounts and personal data exposed.

Date: 2025
References: View complete reference list from CitEc
Citations:

Downloads: (external link)
https://www.rsisinternational.org/journals/ijriss/ ... ssue-8/7785-7789.pdf (application/pdf)
https://rsisinternational.org/journals/ijriss/arti ... n-recovery-channels/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:bcp:journl:v:9:y:2025:issue-8:p:7785-7789

Access Statistics for this article

International Journal of Research and Innovation in Social Science is currently edited by Dr. Nidhi Malhan

More articles in International Journal of Research and Innovation in Social Science from International Journal of Research and Innovation in Social Science (IJRISS)
Bibliographic data for series maintained by Dr. Pawan Verma ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-12-06
Handle: RePEc:bcp:journl:v:9:y:2025:issue-8:p:7785-7789