Consistent, yet anonymous, Web access with LPWA
Communications of the ACM
Communications of the ACM
Risks of the passport single signon protocol
Proceedings of the 9th international World Wide Web conference on Computer networks : the international journal of computer and telecommunications netowrking
Password security: a case history
Communications of the ACM
Principled design of the modern Web architecture
ACM Transactions on Internet Technology (TOIT)
The Design of Rijndael
Handbook of Usability Testing: How to Plan, Design, and Conduct Effective Tests
Handbook of Usability Testing: How to Plan, Design, and Conduct Effective Tests
UNIX Password Security - Ten Years Later
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
The Security of Cipher Block Chaining
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Password Memorability and Security: Empirical Results
IEEE Security and Privacy
A convenient method for securely managing passwords
WWW '05 Proceedings of the 14th international conference on World Wide Web
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Passpet: convenient password management and phishing protection
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
KLASSP: Entering Passwords on a Spyware Infected Machine Using a Shared-Secret Proxy
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
A large-scale study of web password habits
Proceedings of the 16th international conference on World Wide Web
Déjà Vu: a user study using images for authentication
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
On user choice in graphical password schemes
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Stronger password authentication using browser extensions
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
The design and analysis of graphical passwords
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
A usability study and critique of two password managers
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Human-seeded attacks and exploiting hot-spots in graphical passwords
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Anti-Phishing in Offense and Defense
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
Passwords: If We're So Smart, Why Are We Still Using Them?
Financial Cryptography and Data Security
How to break MD5 and other hash functions
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
| Hi-index | 0.00 |
Passwords play a critical role in online authentication. Unfortunately, passwords suffer from two seemingly intractable problems: password cracking and password theft. In this paper, we propose PasswordAgent, a new password hashing mechanism that utilizes both a salt repository and a browser plug-in to secure web logins with strong passwords. Password hashing is a technique that allows users to remember simple low-entropy passwords and have them hashed to create high-entropy secure passwords. PasswordAgent generates strong passwords by enhancing the hash function with a large random salt. With the support of a salt repository, it gains a much stronger security guarantee than existing mechanisms. PasswordAgent is less vulnerable to offline attacks, and it provides stronger protection against password theft. Moreover, PasswordAgent offers some usability advantages over existing hash-based mechanisms, while maintaining users' familiar password entry paradigm. We build a prototype of PasswordAgent and conduct usability experiments.