Pre-hijacked accounts: An Empirical Study of Security Failures | cRyPtHoN™ INFOSEC (EN)
Pre-hijacked accounts: An Empirical Study of Security Failures in User Account Creation on the Web.
The ubiquity of user accounts in websites and online services makes account hijacking a serious security concern. Although previous research has studied various techniques through which an attacker can gain access to a victim's account, relatively little attention has been directed towards the process of account creation. The current trend towards federated authentication (e.g., Single Sign-On) adds an additional layer of complexity because many services now support both the classic approach in which the user directly sets a password, and the federated approach in which the user authenticates via an identity provider.