An account ecosystems is a user's or organisation's collection of digital assets, accounts, apps, devices, and their interconnections. The presence of some combinations of these interconnections has been exploited in attacks that range from account takeovers to cryptocurrency theft, while the absence of other combinations has led to the inadvertent loss of access to crucial accounts and crypto wallets.

The industry influences the connectivity between accounts, apps, and devices by introducing or removing specific access methods to accounts, such as various authentication and account recovery options. Users build their account ecosystems by strategic, guided or careless choice of these access methods and their connections. Each user and organisation has thus a unique, complex and constantly evolving account ecosystem. This poses a significant challenge for the protection of their digital assets'.

Account access graphs are a formal model to represent a user's or organisation's account ecosystem. In this presentation I will show how to model account ecosystems with account access graphs and several methods to analyse their integrity and availability properties under different threat models.