How to construct random functions
Journal of the ACM (JACM)
On secure and pseudonymous client-relationships with multiple servers
ACM Transactions on Information and System Security (TISSEC)
How to Make Personalized Web Browising Simple, Secure, and Anonymous
FC '97 Proceedings of the First International Conference on Financial Cryptography
A convenient method for securely managing passwords
WWW '05 Proceedings of the 14th international conference on World Wide Web
A future-adaptive password scheme
ATEC '99 Proceedings of the annual conference on USENIX Annual Technical Conference
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Pvault: a client server system providing mobile access to personal data
Proceedings of the 2005 ACM workshop on Storage security and survivability
Passpet: convenient password management and phishing protection
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Password management strategies for online accounts
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Web wallet: preventing phishing attacks by revealing user intentions
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Fourth-factor authentication: somebody you know
Proceedings of the 13th ACM conference on Computer and communications security
Puppetnets: misusing web browsers as a distributed attack infrastructure
Proceedings of the 13th ACM conference on Computer and communications security
Reducing TCB complexity for security-sensitive applications: three case studies
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
A large-scale study of web password habits
Proceedings of the 16th international conference on World Wide Web
A password stretching method using user specific salts
Proceedings of the 16th international conference on World Wide Web
Building Anti-Phishing Browser Plug-Ins: An Experience Report
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
Examining the impact of website take-down on phishing
Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
Evaluating a trial deployment of password re-use for phishing prevention
Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
Beamauth: two-factor web authentication with a bookmark
Proceedings of the 14th ACM conference on Computer and communications security
Dynamic pharming attacks and locked same-origin policies for web browsers
Proceedings of the 14th ACM conference on Computer and communications security
Itrustpage: a user-assisted anti-phishing tool
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Flicker: an execution infrastructure for tcb minimization
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Transaction generators: root kits for web
HOTSEC'07 Proceedings of the 2nd USENIX workshop on Hot topics in security
Securing network input via a trusted input proxy
HOTSEC'07 Proceedings of the 2nd USENIX workshop on Hot topics in security
The strengths of weaker identities: opportunistic personas
HOTSEC'07 Proceedings of the 2nd USENIX workshop on Hot topics in security
Halting password puzzles: hard-to-break encryption from human-memorable keys
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Web user de-identification in personalization
Proceedings of the 17th international conference on World Wide Web
Proceedings of the 7th symposium on Identity and trust on the Internet
Enhancing web browsing security on public terminals using mobile composition
Proceedings of the 6th international conference on Mobile systems, applications, and services
Improving text passwords through persuasion
Proceedings of the 4th symposium on Usable privacy and security
On the Effectiveness of Techniques to Detect Phishing Sites
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Evaluating the Wisdom of Crowds in Assessing Phishing Websites
Financial Cryptography and Data Security
Anti-phishing based on automated individual white-list
Proceedings of the 4th ACM workshop on Digital identity management
Visual-similarity-based phishing detection
Proceedings of the 4th international conference on Security and privacy in communication netowrks
CROO: A Universal Infrastructure and Protocol to Detect Identity Fraud
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure
ACM Transactions on Information and System Security (TISSEC)
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
There is no free phish: an analysis of "free" and live phishing kits
WOOT'08 Proceedings of the 2nd conference on USENIX Workshop on offensive technologies
Phishing defense against IDN address spoofing attacks
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Localization of credential information to address increasingly inevitable data breaches
Proceedings of the 2008 workshop on New security paradigms
VideoTicket: detecting identity fraud attempts via audiovisual certificates and signatures
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
CSNA '07 Proceedings of the IASTED International Conference on Communication Systems, Networks, and Applications
TruWallet: trustworthy and migratable wallet-based web authentication
Proceedings of the 2009 ACM workshop on Scalable trusted computing
Security, privacy, and usability: a high common ground
CNIS '07 Proceedings of the Fourth IASTED International Conference on Communication, Network and Information Security
BogusBiter: A transparent protection against phishing attacks
ACM Transactions on Internet Technology (TOIT)
Practical uses of virtual machines for protection of sensitive user data
ISPEC'07 Proceedings of the 3rd international conference on Information security practice and experience
Using a personal device to strengthen password authentication from an untrusted computer
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
An evaluation of extended validation and picture-in-picture phishing attacks
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Mitigating man in the middle attack over secure sockets layer
IMSAA'09 Proceedings of the 3rd IEEE international conference on Internet multimedia services architecture and applications
Authentication technologies for the blind or visually impaired
HotSec'09 Proceedings of the 4th USENIX conference on Hot topics in security
Secure passwords through enhanced hashing
LISA'09 Proceedings of the 23rd conference on Large installation system administration
Kamouflage: loss-resistant password management
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Using one-time passwords to prevent password phishing attacks
Journal of Network and Computer Applications
Mitigating cross-site form history spamming attacks with domain-based ranking
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
A comparative usability evaluation of traditional password managers
ICISC'10 Proceedings of the 13th international conference on Information security and cryptology
Client-based authentication technology: user-centric authentication using secure containers
Proceedings of the 7th ACM workshop on Digital identity management
An efficient user verification system via mouse movements
Proceedings of the 18th ACM conference on Computer and communications security
Trust extension as a mechanism for secure code execution on commodity computers
Trust extension as a mechanism for secure code execution on commodity computers
Proceedings of the Seventh Symposium on Usable Privacy and Security
Quantitative evaluation of systems with security patterns using a fuzzy approach
OTM'06 Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part I
Phoolproof phishing prevention
FC'06 Proceedings of the 10th international conference on Financial Cryptography and Data Security
W3Bcrypt: encryption as a stylesheet
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
Privacy preserving web-based email
ICISS'06 Proceedings of the Second international conference on Information Systems Security
SP'11 Proceedings of the 19th international conference on Security Protocols
Mercury: recovering forgotten passwords using personal devices
FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
WebTicket: account management using printable tokens
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Graphical passwords: Learning from the first twelve years
ACM Computing Surveys (CSUR)
Exploration and field study of a password manager using icon-based passwords
FC'11 Proceedings of the 2011 international conference on Financial Cryptography and Data Security
Secret information display based authentication technique towards preventing phishing attacks
Proceedings of the International Conference on Advances in Computing, Communications and Informatics
Contextual OTP: mitigating emerging man-in-the-middle attacks with wireless hardware tokens
ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
Virtualization based password protection against malware in untrusted operating systems
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Proceedings of the 2012 ACM conference on Computer and communications security
Strengthening user authentication through opportunistic cryptographic identity assertions
Proceedings of the 2012 ACM conference on Computer and communications security
NAPTune: fine tuning graphical authentication
Proceedings of the 3rd International Conference on Human Computer Interaction
Tapas: design, implementation, and usability evaluation of a password manager
Proceedings of the 28th Annual Computer Security Applications Conference
Preventing the revealing of online passwords to inappropriate websites with logininspector
lisa'12 Proceedings of the 26th international conference on Large Installation System Administration: strategies, tools, and techniques
Proceedings of the third ACM conference on Data and application security and privacy
ScreenPass: secure password entry on touchscreen devices
Proceeding of the 11th annual international conference on Mobile systems, applications, and services
SMARTPROXY: secure smartphone-assisted login on compromised machines
DIMVA'12 Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Single password authentication
Computer Networks: The International Journal of Computer and Telecommunications Networking
Honeywords: making password-cracking detectable
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
SAuth: protecting user accounts from password database leaks
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Investigating Users’ Perspectives of Web Single Sign-On: Conceptual Gaps and Acceptance Model
ACM Transactions on Internet Technology (TOIT)
PhishSafe: leveraging modern JavaScript API's for transparent and robust protection
Proceedings of the 4th ACM conference on Data and application security and privacy
WebCallerID: Leveraging cellular networks for Web authentication
Journal of Computer Security
Hi-index | 0.00 |
We describe a browser extension, PwdHash, that transparently produces a different password for each site, improving web password security and defending against password phishing and other attacks. Since the browser extension applies a cryptographic hash function to a combination of the plaintext password entered by the user, data associated with the web site, and (optionally) a private salt stored on the client machine, theft of the password received at one site will not yield a password that is useful at another site. While the scheme requires no changes on the server side, implementing this password method securely and transparently in a web browser extension turns out to be quite difficult. We describe the challenges we faced in implementing PwdHash and some techniques that may be useful to anyone facing similar security issues in a browser environment.