The battle against phishing: Dynamic Security Skins
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Do security toolbars actually prevent phishing attacks?
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Passpet: convenient password management and phishing protection
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Password management strategies for online accounts
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Web wallet: preventing phishing attacks by revealing user intentions
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
A large-scale study of web password habits
Proceedings of the 16th international conference on World Wide Web
The Emperor's New Security Indicators
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Usability and privacy in identity management architectures
ACSW '07 Proceedings of the fifth Australasian symposium on ACSW frontiers - Volume 68
Security and identification indicators for browsers against spoofing and phishing attacks
ACM Transactions on Internet Technology (TOIT)
The Venn of Identity: Options and Issues in Federated Identity Management
IEEE Security and Privacy
The Seven Flaws of Identity Management: Usability and Security Challenges
IEEE Security and Privacy
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Secure Web 2.0 Content Sharing Beyond Walled Gardens
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Crying wolf: an empirical study of SSL warning effectiveness
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
A billion keys, but few locks: the crisis of web single sign-on
Proceedings of the 2010 workshop on New security paradigms
Verified by visa and mastercard securecode: or, how not to design authentication
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
OpenID-enabled browser: towards usable and secure web single sign-on
CHI '11 Extended Abstracts on Human Factors in Computing Systems
Client-based authentication technology: user-centric authentication using secure containers
Proceedings of the 7th ACM workshop on Digital identity management
What makes users refuse web single sign-on?: an empirical investigation of OpenID
Proceedings of the Seventh Symposium on Usable Privacy and Security
Strong authentication with mobile phone
ISC'12 Proceedings of the 15th international conference on Information Security
Investigating Users’ Perspectives of Web Single Sign-On: Conceptual Gaps and Acceptance Model
ACM Transactions on Internet Technology (TOIT)
| Hi-index | 0.00 |
Current Web single sign-on (SSO) solutions impose a cognitive burden on web users and do not provide content-hosting and service providers (CSPs) with sufficient incentives to become relying parties (RPs). We propose a browser-based Web SSO solution that requires minimal user interaction and provide RPs with clear value propositions to motivate their adoption. Our approach builds OpenID support into web browsers, hides OpenID identifiers from users by using their existing email accounts, extends the OpenID protocol to perform authentication directly by browsers, and introduces an OpenIDAuth HTTP access authentication scheme to convey authenticated identities automatically into websites that support OpenID for authentication. Our solution embeds an intuitive and consistent login experience for web users in the browser; to motivate adoption by RPs, it provides them with instant marketable leads and the potential for gradual engagement of site visitors.