English
Related papers

Related papers: Securing Password Authentication for Web-based App…

200 papers

Phishing is a major problem on the Web. Despite the significant attention it has received over the years, there has been no definitive solution. While the state-of-the-art solutions have reasonably good performance, they require a large…

Cryptography and Security · Computer Science 2016-04-26 Samuel Marchal , Kalle Saari , Nidhi Singh , N. Asokan

Phishing is an increasingly sophisticated form of cyberattack that is inflicting huge financial damage to corporations throughout the globe while also jeopardizing individuals' privacy. Attackers are constantly devising new methods of…

Cryptography and Security · Computer Science 2024-03-18 Asif Newaz , Farhan Shahriyar Haq , Nadim Ahmed

Password updates are a critical account security measure and an essential part of the password lifecycle. Service providers and common security recommendations advise users to update their passwords in response to incidents or as a critical…

Cryptography and Security · Computer Science 2025-11-17 Alexander Krause , Jacques Suray , Lea Schmüser , Marten Oltrogge , Oliver Wiese , Maximilian Golla , Sascha Fahl

Phishing attacks remain one of the most prevalent threats to online security, with the Anti-Phishing Working Group reporting over 890,000 attacks in Q3 2025 alone. Traditional password-based authentication is particularly vulnerable to such…

Cryptography and Security · Computer Science 2026-04-23 Alexander Berladskyy , Andreas Aßmuth

We present a framework by which websites can coordinate to make it difficult for users to set similar passwords at these websites, in an effort to break the culture of password reuse on the web today. Though the design of such a framework…

Cryptography and Security · Computer Science 2021-03-05 Ke Coby Wang , Michael K. Reiter

Many password alternatives for web authentication proposed over the years, despite having different designs and objectives, all predominantly rely on the knowledge of some secret. This motivates us, herein, to provide the first detailed…

Cryptography and Security · Computer Science 2019-04-02 Furkan Alaca , AbdelRahman Abdou , Paul C. van Oorschot

Password security has been compelled to evolve in response to the growing computational capabilities of modern systems. However, this evolution has often resulted in increasingly complex security practices that alienate users, leading to…

Cryptography and Security · Computer Science 2025-10-14 Tonmoy Ghosh

Owing to the increase in 'certified' phishing websites, there is a steady increase in the number of phishing cases and general susceptibility to phishing. Trust mechanisms (e.g., HTTPS Lock Indicators, SSL Certificates) that help…

Password-based authentication faces various security and usability issues. Password managers help alleviate some of these issues by enabling users to manage their passwords effectively. However, malicious client-side scripts and browser…

Cryptography and Security · Computer Science 2024-02-12 Anuj Gautam , Tarun Kumar Yadav , Kent Seamons , Scott Ruoti

Phishing in mobile applications is a relevant threat with successful attacks reported in the wild. In such attacks, malicious mobile applications masquerade as legitimate ones to steal user credentials. In this paper we categorize…

Cryptography and Security · Computer Science 2015-02-25 Claudio Marforio , Ramya Jayaram Masti , Claudio Soriente , Kari Kostiainen , Srdjan Capkun

Password users frequently employ passwords that are too simple, or they just reuse passwords for multiple websites. A common complaint is that utilizing secure passwords is too difficult. One possible solution to this problem is to use a…

Cryptography and Security · Computer Science 2019-06-04 Elan Rosenfeld , Santosh Vempala , Manuel Blum

Although it is common for users to select bad passwords that can be easily cracked by attackers, password-based authentication remains the most widely-used method. To encourage users to select good passwords, enterprises often enforce…

Cryptography and Security · Computer Science 2015-12-21 Cem S. Sahin , Robert Lychev , Neal Wagner

Multi-Factor Authentication is intended to strengthen the security of password-based authentication by adding another factor, such as hardware tokens or one-time passwords using mobile apps. However, this increased authentication security…

Cryptography and Security · Computer Science 2023-09-20 Sabrina Amft , Sandra Höltervennhoff , Nicolas Huaman , Alexander Krause , Lucy Simko , Yasemin Acar , Sascha Fahl

Text password has served as the most popular method for user authentication so far, and is not likely to be totally replaced in foreseeable future. Password authentication offers several desirable properties (e.g., low-cost, highly…

Cryptography and Security · Computer Science 2022-12-27 Lam Tran , Thuc Nguyen , Changho Seo , Hyunil Kim , Deokjai Choi

We propose a method for using Web Authentication APIs for SSH authentication, enabling passwordless remote server login with passkeys. These are credentials that are managed throughout the key lifecycle by an authenticator on behalf of the…

Cryptography and Security · Computer Science 2025-07-15 Moe Kayali , Jonas Schmitt , Franziska Roesner

To protect users from data breaches and phishing attacks, service providers typically implement two-factor authentication (2FA) to add an extra layer of security against suspicious login attempts. However, since 2FA can sometimes hinder…

Cryptography and Security · Computer Science 2024-11-19 Zhi Wang , Xin Yang , Du Chen , Han Gao , Meiqi Tian , Yan Jia , Wanpeng Li

Security exploits can include cyber threats such as computer programs that can disturb the normal behavior of computer systems (viruses), unsolicited e-mail (spam), malicious software (malware), monitoring software (spyware), attempting to…

Cryptography and Security · Computer Science 2017-06-26 Nalin Asanka Gamagedara Arachchilage , Mumtaz Abdul Hameed

Credential theft and remote attacks are the most serious threats to user authentication mechanisms. The crux of these problems is that we cannot control such behaviors. However, if a password does not contain user secrets, stealing it is…

Cryptography and Security · Computer Science 2024-06-03 Suyun Borjigin

Previous Web access authentication systems often use either the Web or the Mobile channel individually to confirm the claimed identity of the remote user. This paper proposes a new protocol using multifactor authentication system that is…

Cryptography and Security · Computer Science 2011-11-15 Ayu Tiwari , Sudip Sanyal , Ajith Abraham , Svein Johan Knapskog , Sugata Sanyal

Web password recovery, enabling a user who forgets their password to re-establish a shared secret with a website, is very widely implemented. However, use of such a fall-back system brings with it additional vulnerabilities to user…

Cryptography and Security · Computer Science 2018-01-31 Fatma Al Maqbali , Chris J Mitchell