English
Related papers

Related papers: Revisiting Security Vulnerabilities in Commercial …

200 papers

Since the demise of the password was predicted in 2004, different attempts in industry and academia have been made to create an alternative for the use of passwords in authentication, without compromising on security and user experience.…

Cryptography and Security · Computer Science 2023-12-06 Tunde Oduguwa , Abdullahi Arabo

The security of passwords is dependent on a thorough understanding of the strategies used by attackers. Unfortunately, real-world adversaries use pragmatic guessing tactics like dictionary attacks, which are difficult to simulate in…

Cryptography and Security · Computer Science 2022-12-13 Fangyi Yu

Password guessers are instrumental for assessing the strength of passwords. Despite their diversity and abundance, little is known about how different guessers compare to each other. We perform in-depth analyses and comparisons of the…

Cryptography and Security · Computer Science 2021-02-23 Zach Parish , Connor Cushing , Shourya Aggarwal , Amirali Salehi-Abari , Julie Thorpe

These days, cyber-criminals target humans rather than machines since they try to accomplish their malicious intentions by exploiting the weaknesses of end users. Thus, human vulnerabilities pose a serious threat to the security and…

Cryptography and Security · Computer Science 2021-06-25 Dimitra Papatsaroucha , Yannis Nikoloudakis , Ioannis Kefaloukos , Evangelos Pallis , Evangelos K. Markakis

Increasing number of cyber-attacks demotivate people to use Information and Communication Technology (ICT) for industrial as well as day to day work. A main reason for the increasing number of cyber-attacks is mistakes that programmers make…

Cryptography and Security · Computer Science 2018-10-12 Chamila Wijayarathna , Nalin Asanka Gamagedara Arachchilage

Passphrases offer an alternative to traditional passwords which aim to be stronger and more memorable. However, users tend to choose short passphrases with predictable patterns that may reduce the security they offer. To explore the…

Cryptography and Security · Computer Science 2021-10-19 Christopher Bonk , Zach Parish , Julie Thorpe , Amirali Salehi-Abari

Typical users are known to use and reuse weak passwords. Yet, as cybersecurity concerns continue to rise, understanding the password practices of software developers becomes increasingly important. In this work, we examine developers'…

Software Engineering · Computer Science 2023-07-04 Nikolaos Lykousas , Constantinos Patsakis

The aim of this work is to study the evolution of password selection among users. We investigate whether users follow best practices when selecting passwords and identify areas in need of improvement. Four distinct publicly-available…

Cryptography and Security · Computer Science 2018-04-12 Theodosis Mourouzis , Kyriacos E. Pavlou , Stylianos Kampakis

Passwords are a good idea, in theory. They have the potential to act as a fairly strong gateway. In practice though, passwords are plagued with problems. They are (1) easily shared, (2) trivial to observe and (3) maddeningly elusive when…

Cryptography and Security · Computer Science 2015-08-25 Joseph Maguire , Karen Renaud

To protect against misuse of passwords compromised in a breach, consumers should promptly change affected passwords and any similar passwords on other accounts. Ideally, affected companies should strongly encourage this behavior and have…

Cryptography and Security · Computer Science 2020-10-21 Sruti Bhagavatula , Lujo Bauer , Apu Kapadia

Modern software systems are developed in diverse programming languages and often harbor critical vulnerabilities that attackers can exploit to compromise security. These vulnerabilities have been actively targeted in real-world attacks,…

Cryptography and Security · Computer Science 2025-03-27 Zhuoyun Qian , Fangtian Zhong , Qin Hu , Yili Jiang , Jiaqi Huang , Mengfei Ren , Jiguo Yu

Honeywords are decoy passwords that can be added to a credential database; if a login attempt uses a honeyword, this indicates that the site's credential database has been leaked. In this paper we explore the basic requirements for…

Cryptography and Security · Computer Science 2024-03-07 Zonghao Huang , Lujo Bauer , Michael K. Reiter

While machine learning is vulnerable to adversarial examples, it still lacks systematic procedures and tools for evaluating its security in different application contexts. In this article, we discuss how to develop automated and scalable…

Cryptography and Security · Computer Science 2022-07-13 Luca Demetrio , Battista Biggio , Fabio Roli

Multi-Factor Authentication is intended to strengthen the security of password-based authentication by adding another factor, such as hardware tokens or one-time passwords using mobile apps. However, this increased authentication security…

Cryptography and Security · Computer Science 2023-09-20 Sabrina Amft , Sandra Höltervennhoff , Nicolas Huaman , Alexander Krause , Lucy Simko , Yasemin Acar , Sascha Fahl

We present an in-depth analysis on the strength of the almost 10,000 passwords from users of an instant messaging server in Italy. We estimate the strength of those passwords, and compare the effectiveness of state-of-the-art attack methods…

Cryptography and Security · Computer Science 2009-07-21 Matteo Dell'Amico , Pietro Michiardi , Yves Roudier

To prevent credential stuffing attacks, industry best practice now proactively checks if user credentials are present in known data breaches. Recently, some web services, such as HaveIBeenPwned (HIBP) and Google Password Checkup (GPC), have…

Cryptography and Security · Computer Science 2019-09-05 Lucy Li , Bijeeta Pal , Junade Ali , Nick Sullivan , Rahul Chatterjee , Thomas Ristenpart

Web services are becoming business-critical components, often deployed with critical software bugs that can be maliciously explored. Web vulnerability scanners allow the detection of security vulnerabilities in web services by stressing the…

Cryptography and Security · Computer Science 2022-12-26 Osejobe Ehichoya , Chinwuba Christian Nnaemeka

In recent years, the attack which leverages register information (e.g. accounts and passwords) leaked from 3rd party applications to try other applications is popular and serious. We call this attack "database collision". Traditionally,…

Cryptography and Security · Computer Science 2022-06-27 Bo Zhao , Yu Zhou

Web password recovery, enabling a user who forgets their password to re-establish a shared secret with a website, is very widely implemented. However, use of such a fall-back system brings with it additional vulnerabilities to user…

Cryptography and Security · Computer Science 2018-01-31 Fatma Al Maqbali , Chris J Mitchell

Many computer-based authentication schemata are based on pass- words. Logging on a computer, reading email, accessing content on a web server are all examples of applications where the identification of the user is usually accomplished…

Cryptography and Security · Computer Science 2007-05-23 Michele Finelli