English
Related papers

Related papers: Protocols for Checking Compromised Credentials

200 papers

Credential stuffing attacks use stolen passwords to log into victim accounts. To defend against these attacks, recently deployed compromised credential checking (C3) services provide APIs that help users and companies check whether a…

Cryptography and Security · Computer Science 2022-03-25 Bijeeta Pal , Mazharul Islam , Marina Sanusi , Nick Sullivan , Luke Valenta , Tara Whalen , Christopher Wood , Thomas Ristenpart , Rahul Chattejee

We propose a framework by which websites can coordinate to detect credential stuffing on individual user accounts. Our detection algorithm teases apart normal login behavior (involving password reuse, entering correct passwords into the…

Cryptography and Security · Computer Science 2021-03-05 Ke Coby Wang , Michael K. Reiter

Decoy passwords, or ``honeywords,'' alert a site to its breach if entered in a login attempt on that site. However, an attacker can identify a user-chosen password from among the decoys, without alerting the site to its breach, via…

Cryptography and Security · Computer Science 2026-05-14 Mridu Nanda , Michael K. Reiter

The majority of systems rely on user authentication on passwords, but passwords have so many weaknesses and widespread use that easily raise significant security concerns, regardless of their encrypted form. Users hold the same password for…

Cryptography and Security · Computer Science 2021-01-22 Vassilis Papaspirou , Leandros Maglaras , Mohamed Amine Ferrag , Ioanna Kantzavelou , Helge Janicke , Christos Douligeris

Some protected password change protocols were proposed. However, the previous protocols were easily vulnerable to several attacks such as denial of service, password guessing, stolen-verifier and impersonation atacks etc. Recently, Chang et…

Cryptography and Security · Computer Science 2007-05-23 Ren-Chiun Wang , Chou-Chen Yang , Kun-Ru Mo

The use of passwords and the need to protect passwords are not going away. The majority of websites that require authentication continue to support password authentication. Even high-security applications such as Internet Banking portals,…

Networking and Internet Architecture · Computer Science 2020-11-13 Teik Guan Tan , Pawel Szalachowski , Jianying Zhou

Using the computational resources of an untrusted third party to crack a password hash can pose a high number of privacy and security risks. The act of revealing the hash digest could in itself negatively impact both the data subject who…

Cryptography and Security · Computer Science 2023-06-16 Norbert Tihanyi , Tamas Bisztray , Bertalan Borsos , Sebastien Raveau

We present AuthREST, an open-source security testing tool targeting broken authentication, one of the most prevalent API security risks in the wild. AuthREST automatically tests web APIs for credential stuffing, password brute forcing, and…

Cryptography and Security · Computer Science 2025-09-15 Davide Corradini , Mariano Ceccato , Mohammad Ghafari

Web services commonly employ Content Distribution Networks (CDNs) for performance and security. As web traffic is becoming 100% HTTPS, more and more websites allow CDNs to terminate their HTTPS connections. This practice may expose a…

Cryptography and Security · Computer Science 2023-02-02 Rui Xin , Shihan Lin , Xiaowei Yang

The National Institute of Standards and Technology (NIST) released new guidelines in June of 2017 that recommended new standards for managing and accepting user passwords. Among the new guidelines is a requirement that verifiers should…

Cryptography and Security · Computer Science 2018-05-09 JV Roig

This paper presents the results of a series of penetration tests performed on the OpenStack Essex Cloud Management Software. Several different types of penetration tests were performed including network protocol and command line fuzzing,…

Cryptography and Security · Computer Science 2013-01-10 Ralph LaBarge , Thomas McGuire

System passwords serve as critical credentials for user authentication and access control when logging into operating systems or applications. Upon entering a valid password, users pass verification to access system resources and execute…

Cryptography and Security · Computer Science 2026-02-03 Chaofang Shi , Zhongwen Li , Xiaoqi Li

Application programming interfaces (APIs) have become a central part of the modern IT environment, allowing developers to enrich the functionality of applications and interact with third parties such as cloud and payment providers. This…

Cryptography and Security · Computer Science 2026-03-17 Nurullah Demir , Yash Vekaria , Georgios Smaragdakis , Zakir Durumeric

Passwords are undoubtedly the most dominant user authentication mechanism on the web today. Although they are inexpensive and easy-to-use, security concerns of password-based authentication are serious. Phishing and theft of password…

Cryptography and Security · Computer Science 2018-04-24 Klaudia Krawiecka , Arseny Kurnikov , Andrew Paverd , Mohammad Mannan , N. Asokan

Risk-based authentication (RBA) aims to protect users against attacks involving stolen passwords. RBA monitors features during login, and requests re-authentication when feature values widely differ from previously observed ones. It is…

Cryptography and Security · Computer Science 2022-11-11 Stephan Wiefling , Paul René Jørgensen , Sigurd Thunem , Luigi Lo Iacono

With the rapid development of internet technologies, social networks, and other related areas, user authentication becomes more and more important to protect the data of users. Password authentication is one of the widely used methods to…

Cryptography and Security · Computer Science 2023-01-31 Lifeng Han

Text password has served as the most popular method for user authentication so far, and is not likely to be totally replaced in foreseeable future. Password authentication offers several desirable properties (e.g., low-cost, highly…

Cryptography and Security · Computer Science 2022-12-27 Lam Tran , Thuc Nguyen , Changho Seo , Hyunil Kim , Deokjai Choi

To protect against misuse of passwords compromised in a breach, consumers should promptly change affected passwords and any similar passwords on other accounts. Ideally, affected companies should strongly encourage this behavior and have…

Cryptography and Security · Computer Science 2020-10-21 Sruti Bhagavatula , Lujo Bauer , Apu Kapadia

Data security, which is concerned with the prevention of unauthorized access to computers, databases, and websites, helps protect digital privacy and ensure data integrity. It is extremely difficult, however, to make security watertight,…

Cryptography and Security · Computer Science 2018-01-03 Marten Lohstroh

Leaked passwords from data breaches can pose a serious threat to users if the password is reused elsewhere. With more online services getting breached today, there is still a lack of large-scale quantitative understanding of the risks of…

Cryptography and Security · Computer Science 2017-06-09 Chun Wang , Steve T. K. Jan , Hang Hu , Gang Wang
‹ Prev 1 2 3 10 Next ›