Keil, ManuelZugenmaier, AlfRoßnagel, HeikoSchunck, Christian H.Sousa, Filipe2024-06-072024-06-072024978-3-88579-744-9https://dl.gi.de/handle/20.500.12116/44105Passwordless authentication avoids the weaknesses of password based authentication such as guessable passwords and password reuse. However, when passwordless authentication becomes impossible for the user, e.g. due to loss of the security token, an account recovery method has to be used. Kunke et al. [Ku21] analysed these recovery mechanisms in respect of criteria they extracted from the literature. However, these criteria in the literature were based on researchers’ opinions and were not grounded in practical experience.To achieve this grounding, semi-structured interviews were conducted with practitioners in various industries. These experts were asked to rate the existing criteria and contribute additional criteria if required. The result is a weighted list of criteria that can be used in future to evaluate account recovery procedures.enpasswordless authenticationaccount recoveryrequirements evaluationText/Conference Paper10.18420/OID2024_061617-5468