Nowadays, most online services offer different authentication methods that users can set up for multi-factor authentication but also as a recovery method. This configuration must be done thoroughly to prevent an adversary's access while ensuring the legitimate user does not lose access to their account. This is particularly important for fundamental everyday services, where either failure would have severe consequences. Nevertheless, little research has been done on the authentication of actual users regarding security and the risk of being locked out of their accounts. To foster research in this direction, this paper presents a study on the account settings of Google and Apple users. Considering the multi-factor authentication configuration and recovery options, we analyzed the account security and lock-out risks. Our results provide insights into the usage of multi-factor authentication in practice, show significant security differences between Google and Apple accounts, and reveal that many users would miss access to their accounts when losing a single authentication device.

翻译：如今，大多数在线服务都提供多种身份验证方法，用户可将其设置为多重身份验证方式，亦可作为账户恢复手段。这种配置必须周密执行，以防止攻击者入侵，同时确保合法用户不会失去账户访问权限。这对基础日常服务尤为重要，任何一方的失效都可能引发严重后果。然而，关于实际用户身份验证的安全性与账户锁定风险的研究仍较为有限。为促进该方向的研究，本文针对谷歌和苹果用户的账户设置展开研究。通过分析多重身份验证配置与恢复选项，我们评估了账户安全性与锁定风险。研究结果揭示了多重身份验证在实际使用中的现状，表明谷歌与苹果账户之间存在显著的安全差异，并发现许多用户在丢失单一身份验证设备后将无法访问其账户。