English
Related papers

Related papers: Revisiting Security Vulnerabilities in Commercial …

200 papers

Spring security is tremendously popular among practitioners for its ease of use to secure enterprise applications. In this paper, we study the application framework misconfiguration vulnerabilities in the light of Spring security, which is…

Cryptography and Security · Computer Science 2020-07-29 Mazharul Islam , Sazzadur Rahaman , Na Meng , Behnaz Hassanshahi , Padmanabhan Krishnan , Danfeng , Yao

A partial password is a mode of password-based authentication that is widely used, especially in the financial sector. It is based on a challenge-response protocol, where at each login attempt, a challenge requesting characters from…

Cryptography and Security · Computer Science 2017-01-03 Theodosis Mourouzis , Marcin Wojcik , Nikos Komninos

As network security issues continue gaining prominence, password security has become crucial in safeguarding personal information and network systems. This study first introduces various methods for system password cracking, outlines…

Cryptography and Security · Computer Science 2026-02-11 Jiazhi Mo , Hailu Kuang , Xiaoqi Li

For the first time, we report gender bias in people's choice and use of password managers, through a semi-structured interview ($n=18$) and a questionnaire-based survey ($n=200$, conducted `in the wild'). Not only do women and men prefer…

Cryptography and Security · Computer Science 2022-06-29 Jeff Yan , Dearbhla McCabe

While password managers are a vital tool for internet security, they can also create a massive central point of failure, as evidenced by several major recent data breaches. For over 20 years, deterministic password generators (DPGs) have…

Cryptography and Security · Computer Science 2023-06-27 Vivek Nair , Dawn Song

The rapid development of information and network technologies motivates the emergence of various new computing paradigms, such as distributed computing, and edge computing. This also enables more and more network enterprises to provide…

Cryptography and Security · Computer Science 2021-02-01 Jinyong Chen , Reiner Dojen , Anca Jurcut

Password strength meters (PSMs) have been widely used by websites to gauge password strength, encouraging users to create stronger passwords. Popular data-driven PSMs, e.g., based on Markov, Probabilistic Context-free Grammar (PCFG) and…

Cryptography and Security · Computer Science 2025-05-14 Ming Xu , Weili Han , Jitao Yu , Jing Liu , Xinyi Zhang , Yun Lin , Jin Song Dong

Single-factor password-based authentication is generally the norm to access on-line Web-sites. While single-factor authentication is well known to be a weak form of authentication, a further concern arises when considering the possibility…

Cryptography and Security · Computer Science 2020-01-30 Simone Raponi , Roberto Di Pietro

Risk-based authentication (RBA) aims to protect users against attacks involving stolen passwords. RBA monitors features during login, and requests re-authentication when feature values widely differ from previously observed ones. It is…

Cryptography and Security · Computer Science 2022-11-11 Stephan Wiefling , Paul René Jørgensen , Sigurd Thunem , Luigi Lo Iacono

Passwords are undoubtedly the most dominant user authentication mechanism on the web today. Although they are inexpensive and easy-to-use, security concerns of password-based authentication are serious. Phishing and theft of password…

Cryptography and Security · Computer Science 2018-04-24 Klaudia Krawiecka , Arseny Kurnikov , Andrew Paverd , Mohammad Mannan , N. Asokan

Credential stuffing attacks use stolen passwords to log into victim accounts. To defend against these attacks, recently deployed compromised credential checking (C3) services provide APIs that help users and companies check whether a…

Cryptography and Security · Computer Science 2022-03-25 Bijeeta Pal , Mazharul Islam , Marina Sanusi , Nick Sullivan , Luke Valenta , Tara Whalen , Christopher Wood , Thomas Ristenpart , Rahul Chattejee

Package managers have become a vital part of the modern software development process. They allow developers to reuse third-party code, share their own code, minimize their codebase, and simplify the build process. However, recent reports…

Cryptography and Security · Computer Science 2020-12-03 Ruian Duan , Omar Alrawi , Ranjita Pai Kasturi , Ryan Elder , Brendan Saltaformaggio , Wenke Lee

Password users frequently employ passwords that are too simple, or they just reuse passwords for multiple websites. A common complaint is that utilizing secure passwords is too difficult. One possible solution to this problem is to use a…

Cryptography and Security · Computer Science 2019-06-04 Elan Rosenfeld , Santosh Vempala , Manuel Blum

Managing passwords securely and conveniently is still an open problem for many users. Existing research has examined users' password management strategies and identified pain points, such as security concerns, leading to insecure practices.…

Cryptography and Security · Computer Science 2025-10-16 Alexander Ponticello , Filipo Sharevski , Simon Anell , Katharina Krombholz

Web applications require access to the file-system for many different tasks. When analyzing the security of a web application, secu- rity analysts should thus consider the impact that file-system operations have on the security of the whole…

Cryptography and Security · Computer Science 2017-05-11 Federico De Meo , Luca Viganò

Encrypted cloud storage services are steadily increasing in popularity, with many commercial solutions currently available. In such solutions, the cloud storage is trusted for data availability, but not for confidentiality. Additionally,…

Cryptography and Security · Computer Science 2020-10-28 Anders Dalskov , Daniele Lain , Enis Ulqinaku , Kari Kostiainen , Srdjan Capkun

Passwords should be easy to remember, yet expiration policies mandate their frequent change. Caught in the crossfire between these conflicting requirements, users often adopt creative methods to perform slight variations over time. While…

Cryptography and Security · Computer Science 2020-09-18 Davide Berardi , Franco Callegati , Andrea Melis , Marco Prandini

Vulnerabilities in password managers are unremitting because current designs provide large attack surfaces, both at the client and server. We describe and evaluate Horcrux, a password manager that is designed holistically to minimize and…

Cryptography and Security · Computer Science 2017-10-11 Hannah Li , David Evans

We systematize software side-channel attacks with a focus on vulnerabilities and countermeasures in the cryptographic implementations. Particularly, we survey past research literature to categorize vulnerable implementations, and identify…

Cryptography and Security · Computer Science 2019-12-13 Tianwei Zhang , Jun Jiang , Yinqian Zhang

Text password has served as the most popular method for user authentication so far, and is not likely to be totally replaced in foreseeable future. Password authentication offers several desirable properties (e.g., low-cost, highly…

Cryptography and Security · Computer Science 2022-12-27 Lam Tran , Thuc Nguyen , Changho Seo , Hyunil Kim , Deokjai Choi