Risks of the passport single signon protocol
Proceedings of the 9th international World Wide Web conference on Computer networks : the international journal of computer and telecommunications netowrking
Password security: a case history
Communications of the ACM
How to Make Personalized Web Browising Simple, Secure, and Anonymous
FC '97 Proceedings of the First International Conference on Financial Cryptography
Secure Applications of Low-Entropy Keys
ISW '97 Proceedings of the First International Workshop on Information Security
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
A framework for password-based authenticated key exchange
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Pvault: a client server system providing mobile access to personal data
Proceedings of the 2005 ACM workshop on Storage security and survivability
Passpet: convenient password management and phishing protection
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Cantina: a content-based approach to detecting phishing web sites
Proceedings of the 16th international conference on World Wide Web
A password stretching method using user specific salts
Proceedings of the 16th international conference on World Wide Web
Stronger password authentication using browser extensions
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Improving password security and memorability to protect personal and organizational information
International Journal of Human-Computer Studies
On predictive models and user-drawn graphical passwords
ACM Transactions on Information and System Security (TISSEC)
Evaluating a trial deployment of password re-use for phishing prevention
Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
Dynamic pharming attacks and locked same-origin policies for web browsers
Proceedings of the 14th ACM conference on Computer and communications security
Itrustpage: a user-assisted anti-phishing tool
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Transaction generators: root kits for web
HOTSEC'07 Proceedings of the 2nd USENIX workshop on Hot topics in security
Human-seeded attacks and exploiting hot-spots in graphical passwords
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Halting password puzzles: hard-to-break encryption from human-memorable keys
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Improving text passwords through persuasion
Proceedings of the 4th symposium on Usable privacy and security
CROO: A Universal Infrastructure and Protocol to Detect Identity Fraud
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
SSS '08 Proceedings of the 10th International Symposium on Stabilization, Safety, and Security of Distributed Systems
Counteracting Phishing Page Polymorphism: An Image Layout Analysis Approach
ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
Interacting with Computers
BogusBiter: A transparent protection against phishing attacks
ACM Transactions on Internet Technology (TOIT)
An evaluation of extended validation and picture-in-picture phishing attacks
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Secure passwords through enhanced hashing
LISA'09 Proceedings of the 23rd conference on Large installation system administration
Towards privacy-enhancing identity management in mashup-providing platforms
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
Kamouflage: loss-resistant password management
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
A billion keys, but few locks: the crisis of web single sign-on
Proceedings of the 2010 workshop on New security paradigms
Recovering windows secrets and EFS certificates offline
WOOT'10 Proceedings of the 4th USENIX conference on Offensive technologies
A comparative usability evaluation of traditional password managers
ICISC'10 Proceedings of the 13th international conference on Information security and cryptology
Client-based authentication technology: user-centric authentication using secure containers
Proceedings of the 7th ACM workshop on Digital identity management
What makes users refuse web single sign-on?: an empirical investigation of OpenID
Proceedings of the Seventh Symposium on Usable Privacy and Security
Metrics of password management policy
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part III
Exploration and field study of a password manager using icon-based passwords
FC'11 Proceedings of the 2011 international conference on Financial Cryptography and Data Security
NordSec'11 Proceedings of the 16th Nordic conference on Information Security Technology for Applications
Contextual OTP: mitigating emerging man-in-the-middle attacks with wireless hardware tokens
ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
A technique for strengthening weak passwords in electronic medical record systems
FHIES'11 Proceedings of the First international conference on Foundations of Health Informatics Engineering and Systems
Strengthening user authentication through opportunistic cryptographic identity assertions
Proceedings of the 2012 ACM conference on Computer and communications security
A hybrid approach for highly available and secure storage of Pseudo-SSO credentials
NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
Tapas: design, implementation, and usability evaluation of a password manager
Proceedings of the 28th Annual Computer Security Applications Conference
Preventing the revealing of online passwords to inappropriate websites with logininspector
lisa'12 Proceedings of the 26th international conference on Large Installation System Administration: strategies, tools, and techniques
Proceedings of the third ACM conference on Data and application security and privacy
Single password authentication
Computer Networks: The International Journal of Computer and Telecommunications Networking
Investigating Users’ Perspectives of Web Single Sign-On: Conceptual Gaps and Acceptance Model
ACM Transactions on Internet Technology (TOIT)
Is it really you?: user identification via adaptive behavior fingerprinting
Proceedings of the 4th ACM conference on Data and application security and privacy
Hi-index | 0.00 |
Computer users are asked to generate, keep secret, and recall an increasing number of passwords for uses including host accounts, email servers, e-commerce sites, and online financial services. Unfortunately, the password entropy that users can comfortably memorize seems insufficient to store unique, secure passwords for all these accounts, and it is likely to remain constant as the number of passwords (and the adversary's computational power) increases into the future. In this paper, we propose a technique that uses a strengthened cryptographic hash function to compute secure passwords for arbitrarily many accounts while requiring the user to memorize only a single short password. This mechanism functions entirely on the client; no server-side changes are needed. Unlike previous approaches, our design is both highly resistant to brute force attacks and nearly stateless, allowing users to retrieve their passwords from any location so long as they can execute our program and remember a short secret. This combination of security and convenience will, we believe, entice users to adopt our scheme. We discuss the construction of our algorithm in detail, compare its strengths and weaknesses to those of related approaches, and present Password Multiplier, an implementation in the form of an extension to the Mozilla Firefox web browser.