A new study shows that, although ZEBRA, a system intended to enable prompt and user-friendly deauthentication, works very well with honest people, opportunistic attackers can fool the system.