Securing passwords against dictionary attacks
Proceedings of the 9th ACM conference on Computer and communications security
Telling humans and computers apart automatically
Communications of the ACM - Information cities
Déjà Vu: a user study using images for authentication
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Graphical dictionaries and the memorable space of graphical passwords
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
On user choice in graphical password schemes
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
The design and analysis of graphical passwords
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
The Emperor's New Security Indicators
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Obfuscating point functions with multibit output
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Mitigating dictionary attacks on password-protected local storage
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Towards a secure human-and-computer mutual authentication protocol
AISC '12 Proceedings of the Tenth Australasian Information Security Conference - Volume 125
Proceedings of the 2013 ACM workshop on Artificial intelligence and security
Hi-index | 0.00 |
A puzzle only solvable by humans, or POSH, is a prompt or question with three important properties: it can be generated by a computer, it can be answered consistently by a human, and a human answer cannot be efficiently predicted by a computer. In fact, unlike a CAPTCHA, a POSH does not necessarily have to be verifiable by a computer at all. One application of POSHes is a scheme proposed by Canetti et al.~that limits off-line dictionary attacks against password-protected local storage, without the use of any secure hardware or secret storage. We explore the area of POSHes, implement several candidate POSHes and have users solve them, to evaluate their effectiveness. Given these data, we then implement the above scheme as an extension to the Mozilla Firefox web browser, where it is used to protect user certificates and saved passwords. In the course of doing so, we also define certain aspects of the threat model for our implementation (and the scheme) more precisely.