English
Related papers

Related papers: True2F: Backdoor-resistant authentication tokens

200 papers

To protect users from data breaches and phishing attacks, service providers typically implement two-factor authentication (2FA) to add an extra layer of security against suspicious login attempts. However, since 2FA can sometimes hinder…

Cryptography and Security · Computer Science 2024-11-19 Zhi Wang , Xin Yang , Du Chen , Han Gao , Meiqi Tian , Yan Jia , Wanpeng Li

We propose a two-factor authentication (2FA) mechanism called 2D-2FA to address security and usability issues in existing methods. 2D-2FA has three distinguishing features: First, after a user enters a username and password on a login…

Cryptography and Security · Computer Science 2021-11-01 Maliheh Shirvanian , Shashank Agrawal

The majority of systems rely on user authentication on passwords, but passwords have so many weaknesses and widespread use that easily raise significant security concerns, regardless of their encrypted form. Users hold the same password for…

Cryptography and Security · Computer Science 2021-01-22 Vassilis Papaspirou , Leandros Maglaras , Mohamed Amine Ferrag , Ioanna Kantzavelou , Helge Janicke , Christos Douligeris

Today, two-factor authentication (2FA) is a widely implemented mechanism to counter phishing attacks. Although much effort has been investigated in 2FA, most 2FA systems are still vulnerable to carefully designed phishing attacks, and some…

Cryptography and Security · Computer Science 2021-09-02 Yuanyi Sun , Sencun Zhu , Yao Zhao , Pengfei Sun

Two-factor authentication (2FA) schemes that rely on a combination of knowledge factors (e.g., PIN) and device possession have gained popularity. Some of these schemes remain secure even against strong adversaries that (a) observe the…

Cryptography and Security · Computer Science 2022-08-08 Steven J. Murdoch , Aydin Abadi

Two-factor authentication (2F) aims to enhance resilience of password-based authentication by requiring users to provide an additional authentication factor, e.g., a code generated by a security token. However, it also introduces…

Cryptography and Security · Computer Science 2014-02-03 Emiliano De Cristofaro , Honglu Du , Julien Freudiger , Greg Norcie

To prevent password breaches and guessing attacks, banks increasingly turn to two-factor authentication (2FA), requiring users to present at least one more factor, such as a one-time password generated by a hardware token or received via…

Cryptography and Security · Computer Science 2015-01-20 Kat Krol , Eleni Philippou , Emiliano De Cristofaro , M. Angela Sasse

With the rise of attacks on online accounts in the past years, more and more services offer two-factor authentication for their users. Having factors out of two of the three categories something you know, something you have and something…

Cryptography and Security · Computer Science 2022-07-07 Timon Hackenjos , Benedikt Wagner , Julian Herr , Jochen Rill , Marek Wehmer , Niklas Goerke , Ingmar Baumgart

Encrypted cloud storage services are steadily increasing in popularity, with many commercial solutions currently available. In such solutions, the cloud storage is trusted for data availability, but not for confidentiality. Additionally,…

Cryptography and Security · Computer Science 2020-10-28 Anders Dalskov , Daniele Lain , Enis Ulqinaku , Kari Kostiainen , Srdjan Capkun

Although sufficient authentication mechanisms were enhanced by the use of two or more factors that resulted in new multi factor authentication schemes, more sophisticated and targeted attacks have shown they are also vulnerable. This…

Attackers increasingly, and with high success rates, use social engineering techniques to circumvent second factor authentication (2FA) technologies, compromise user accounts and sidestep fraud detection technologies. We introduce a social…

Cryptography and Security · Computer Science 2020-01-20 Markus Jakobsson

Two-factor authentication (2FA) offers several security benefits that security-conscious users might expect from high-value services such as online banks. In this work, we present our preliminary study to develop a scoring scheme to…

Cryptography and Security · Computer Science 2022-02-15 Srivathsan G. Morkonda , AbdelRahman Abdou

This paper presents a timing attack on the FIDO2 (Fast IDentity Online) authentication protocol that allows attackers to link user accounts stored in vulnerable authenticators, a serious privacy concern. FIDO2 is a new standard specified by…

Cryptography and Security · Computer Science 2022-05-18 Michal Kepkowski , Lucjan Hanzlik , Ian Wood , Mohamed Ali Kaafar

Credential theft and remote attacks are the most serious threats to user authentication mechanisms. The crux of these problems is that we cannot control such behaviors. However, if a password does not contain user secrets, stealing it is…

Cryptography and Security · Computer Science 2024-06-03 Suyun Borjigin

Time-based one-time password (TOTP) systems in use today require storing secrets on both the client and the server. As a result, an attack on the server can expose all second factors for all users in the system. We present T/Key, a…

Cryptography and Security · Computer Science 2017-08-29 Dmitry Kogan , Nathan Manohar , Dan Boneh

This paper extends and advances our recently introduced two-factor Honeytoken authentication method by incorporating blockchain technology. This novel approach strengthens the authentication method to prevent many attacks including…

Cryptography and Security · Computer Science 2023-07-13 Vasilis Papaspirou , Leandros Maglaras , Ioanna Kantzavelou , Naghmeh Moradpoor , Sokratis Katsikas

The digital age requires strong security measures to protect online activities. Two-Factor Authentication (2FA) has emerged as a critical solution. However, its implementation presents significant challenges, particularly in terms of…

Cryptography and Security · Computer Science 2025-02-18 Alexander Lengert

Even though passwordless authentication to online accounts offers greater security and protection from attack, passwords remain prevalent. Passwordless authentication adoption is impacted by the slow adoption of external hardware keys…

Cryptography and Security · Computer Science 2021-08-10 Chris Culnane , Christopher J. P. Newton , Helen Treharne

Password managers provide significant security benefits to users. However, malicious client-side scripts and browser extensions can steal passwords after the manager has autofilled them into the web page. In this paper, we extend prior work…

Cryptography and Security · Computer Science 2025-10-16 Anuj Gautam , Tarun Yadav , Garrett Smith , Kent Seamons , Scott Ruoti

The traditional two-factor authentication (2FA) methods primarily rely on the user manually entering a code or token during the authentication process. This can be burdensome and time-consuming, particularly for users who must be…

Cryptography and Security · Computer Science 2024-01-15 Ali Abdullah S. AlQahtani , Thamraa Alshayeb , Mahmoud Nabil , Ahmad Patooghy
‹ Prev 1 2 3 10 Next ›