English
Related papers

Related papers: Might I Get Pwned: A Second Generation Compromised…

200 papers

Nowadays, most online services offer different authentication methods that users can set up for multi-factor authentication but also as a recovery method. This configuration must be done thoroughly to prevent an adversary's access while…

Cryptography and Security · Computer Science 2024-03-25 Andre Büttner , Nils Gruschka

Although there have been many solutions applied, the safety challenges related to the password security mechanism are not reduced. The reason for this is that while the means and tools to support password attacks are becoming more and more…

Cryptography and Security · Computer Science 2019-12-05 Nguyen Hong Son , Ha Thanh Dung

Security exploits can include cyber threats such as computer programs that can disturb the normal behavior of computer systems (viruses), unsolicited e-mail (spam), malicious software (malware), monitoring software (spyware), attempting to…

Cryptography and Security · Computer Science 2017-06-26 Nalin Asanka Gamagedara Arachchilage , Mumtaz Abdul Hameed

Phishing is a type of attack in which cyber criminals tricks the victims to steal their personal and financial data. It has become an organized criminal activity. Spoofed emails claiming to be from legitimate source are crafted in a way to…

Cryptography and Security · Computer Science 2013-05-14 Ahmad Alamgir Khan

Compromising social network accounts has become a profitable course of action for cybercriminals. By hijacking control of a popular media or business account, attackers can distribute their malicious messages or disseminate fake information…

Cryptography and Security · Computer Science 2015-09-14 Manuel Egele , Gianluca Stringhini , Christopher Kruegel , Giovanni Vigna

This paper presents a timing attack on the FIDO2 (Fast IDentity Online) authentication protocol that allows attackers to link user accounts stored in vulnerable authenticators, a serious privacy concern. FIDO2 is a new standard specified by…

Cryptography and Security · Computer Science 2022-05-18 Michal Kepkowski , Lucjan Hanzlik , Ian Wood , Mohamed Ali Kaafar

The use of passwords and the need to protect passwords are not going away. The majority of websites that require authentication continue to support password authentication. Even high-security applications such as Internet Banking portals,…

Networking and Internet Architecture · Computer Science 2020-11-13 Teik Guan Tan , Pawel Szalachowski , Jianying Zhou

Wi-Fi (802.11) networks have become an essential part of our daily lives; hence, their security is of utmost importance. However, Wi-Fi Protected Access 3 (WPA3), the latest security certification for 802.11 standards, has recently been…

Cryptography and Security · Computer Science 2021-10-11 Neil Dalal , Nadeem Akhtar , Anubhav Gupta , Nikhil Karamchandani , Gaurav S. Kasbekar , Jatin Parekh

We present AuthREST, an open-source security testing tool targeting broken authentication, one of the most prevalent API security risks in the wild. AuthREST automatically tests web APIs for credential stuffing, password brute forcing, and…

Cryptography and Security · Computer Science 2025-09-15 Davide Corradini , Mariano Ceccato , Mohammad Ghafari

Web services commonly employ Content Distribution Networks (CDNs) for performance and security. As web traffic is becoming 100% HTTPS, more and more websites allow CDNs to terminate their HTTPS connections. This practice may expose a…

Cryptography and Security · Computer Science 2023-02-02 Rui Xin , Shihan Lin , Xiaowei Yang

As the field of Web3 continues its rapid expansion, the security of Web3 authentication, often the gateway to various Web3 applications, becomes increasingly crucial. Despite its widespread use as a login method by numerous Web3…

Cryptography and Security · Computer Science 2024-10-02 Kailun Yan , Xiaokuan Zhang , Wenrui Diao

Passwords are widely used for user authentication and, despite their weaknesses, will likely remain in use in the foreseeable future. Human-generated passwords typically have a rich structure, which makes them susceptible to guessing…

Cryptography and Security · Computer Science 2013-04-25 Claude Castelluccia , Abdelberi Chaabane , Markus Dürmuth , Daniele Perito

Recent years have witnessed a rising trend in social-sensor cloud identity cloning incidents. However, existing approaches suffer from unsatisfactory performance, a lack of solutions for detecting duplicated accounts, and a lack of…

Cryptography and Security · Computer Science 2025-08-14 Ahmed Alharbi , Hai Dong , Xun Yi

Single Sign-On (SSO) systems simplify login procedures by using an an Identity Provider (IdP) to issue authentication tokens which can be consumed by Service Providers (SPs). Traditionally, IdPs are modeled as trusted third parties. This is…

Cryptography and Security · Computer Science 2014-12-05 Christian Mainka , Vladislav Mladenov , Jörg Schwenk

The ubiquity of user accounts in websites and online services makes account hijacking a serious security concern. Although previous research has studied various techniques through which an attacker can gain access to a victim's account,…

Cryptography and Security · Computer Science 2022-05-23 Avinash Sudhodanan , Andrew Paverd

We draw on the Protection Motivation Theory (PMT) to design nudges that encourage users to change breached passwords. Our online experiment ($n$=$1,386$) compared the effectiveness of a threat appeal (highlighting negative consequences of…

Cryptography and Security · Computer Science 2024-05-27 Yixin Zou , Khue Le , Peter Mayer , Alessandro Acquisti , Adam J. Aviv , Florian Schaub

We propose a novel approach to effectively detect cloned identities of social-sensor cloud service providers (i.e. social media users) in the face of incomplete non-privacy-sensitive profile data. Named ICD-IPD, the proposed approach first…

Computers and Society · Computer Science 2024-11-05 Ahmed Alharbi , Hai Dong , Xun Yi , Prabath Abeysekara

System passwords serve as critical credentials for user authentication and access control when logging into operating systems or applications. Upon entering a valid password, users pass verification to access system resources and execute…

Cryptography and Security · Computer Science 2026-02-03 Chaofang Shi , Zhongwen Li , Xiaoqi Li

In recent years, the attack which leverages register information (e.g. accounts and passwords) leaked from 3rd party applications to try other applications is popular and serious. We call this attack "database collision". Traditionally,…

Cryptography and Security · Computer Science 2022-06-27 Bo Zhao , Yu Zhou

In password-based authentication systems, the username fields are essentially unprotected, while the password fields are susceptible to attacks. In this article, we shift our research focus from traditional authentication paradigm to the…

Cryptography and Security · Computer Science 2026-05-06 Suyun Borjigin