Protecting accounts from credential stuffing with password breach alerting
Protecting accounts from credential stuffing attacks remains burdensome due to an
asymmetry of knowledge: attackers have wide-scale access to billions of stolen usernames …
asymmetry of knowledge: attackers have wide-scale access to billions of stolen usernames …
Protocols for checking compromised credentials
To prevent credential stuffing attacks, industry best practice now proactively checks if user
credentials are present in known data breaches. Recently, some web services, such as …
credentials are present in known data breaches. Recently, some web services, such as …
" What was that site doing with my Facebook password?" Designing Password-Reuse Notifications
Password reuse is widespread, so a breach of one provider's password database threatens
accounts on other providers. When companies find stolen credentials on the black market …
accounts on other providers. When companies find stolen credentials on the black market …
Data breaches, phishing, or malware? Understanding the risks of stolen credentials
In this paper, we present the first longitudinal measurement study of the underground
ecosystem fueling credential theft and assess the risk it poses to millions of users. Over the …
ecosystem fueling credential theft and assess the risk it poses to millions of users. Over the …
Evaluating login challenges as adefense against account takeover
In this paper, we study the efficacy of login challenges at preventing account takeover, as
well as evaluate the amount of friction these challenges create for normal users. These …
well as evaluate the amount of friction these challenges create for normal users. These …
" My religious aunt asked why i was trying to sell her viagra" experiences with account hijacking
With so much of our lives digital, online, and not entirely under our control, we risk losing
access to our communications, reputation, and data. Recent years have brought a rash of …
access to our communications, reputation, and data. Recent years have brought a rash of …
Password management strategies for online accounts
S Gaw, EW Felten - Proceedings of the second symposium on Usable …, 2006 - dl.acm.org
Given the widespread use of password authentication in online correspondence,
subscription services, and shopping, there is growing concern about identity theft. When …
subscription services, and shopping, there is growing concern about identity theft. When …
That was then, this is now: A security evaluation of password generation, storage, and autofill in browser-based password managers
Password managers have the potential to help users more effectively manage their
passwords and address many of the concerns surrounding password-based authentication …
passwords and address many of the concerns surrounding password-based authentication …
Password managers: Attacks and defenses
We study the security of popular password managers and their policies on automatically
filling in Web passwords. We examine browser built-in password managers, mobile …
filling in Web passwords. We examine browser built-in password managers, mobile …
O single {Sign-Off}, where art thou? An empirical analysis of single {Sign-On} account hijacking and session management on the web
M Ghasemisharif, A Ramesh, S Checkoway… - 27th USENIX Security …, 2018 - usenix.org
Single Sign-On (SSO) allows users to effortlessly navigate the Web and obtain a
personalized experience without the hassle of creating and managing accounts across …
personalized experience without the hassle of creating and managing accounts across …