English
Related papers

Related papers: Might I Get Pwned: A Second Generation Compromised…

200 papers

To protect against misuse of passwords compromised in a breach, consumers should promptly change affected passwords and any similar passwords on other accounts. Ideally, affected companies should strongly encourage this behavior and have…

Cryptography and Security · Computer Science 2020-10-21 Sruti Bhagavatula , Lujo Bauer , Apu Kapadia

The last years of the 20 th century and the beginning of the 21 th mark the facilitation trend of our real life due to the big development and progress of the computers and other intelligent devices. Algorithms based on artificial…

Cryptography and Security · Computer Science 2019-03-13 Desislav Andreev , Simona Petrakieva , Ina Taralova

As the primary mechanism of digital authentication, user-created passwords exhibit common patterns and regularities that can be learned from leaked datasets. Password choices are profoundly shaped by external factors, including social…

Cryptography and Security · Computer Science 2025-10-28 Xudong Yang , Jincheng Li , Kaiwen Xing , Zhenjia Xiao , Mingjian Duan , Weili Han , Hu Xiong

In identity misbinding attacks against authenticated key-exchange protocols, a legitimate but compromised participant manipulates the honest parties so that the victim becomes unknowingly associated with a third party. These attacks are…

Cryptography and Security · Computer Science 2019-06-03 Mohit Sethi , Aleksi Peltonen , Tuomas Aura

Recently, authenticating users with the help of their friends (i.e., trustee-based social authentication) has been shown to be a promising backup authentication mechanism. A user in this system is associated with a few trustees that were…

Cryptography and Security · Computer Science 2016-11-18 Neil Zhenqiang Gong , Di Wang

Signed social networks are widely used to model the trust relationships among online users in security-sensitive systems such as cryptocurrency trading platforms, where trust prediction plays a critical role. In this paper, we investigate…

Cryptography and Security · Computer Science 2023-07-18 Yulin Zhu , Tomasz Michalak , Xiapu Luo , Xiaoge Zhang , Kai Zhou

This paper investigates how to effectively stop an attacker from using compromised user credentials to gain authorized entry to systems that they are otherwise not authorised to access. The proposed solution extends previous work to move…

Cryptography and Security · Computer Science 2018-01-09 Roy Henha Eyono

Authentication with username and password is becoming an inconvenient process for the user. End users typically have little control over their personal privacy, and data breaches effecting millions of users have already happened several…

Distributed, Parallel, and Cluster Computing · Computer Science 2020-06-09 Zoltán András Lux , Dirk Thatmann , Sebastian Zickau , Felix Beierle

Password strength meters (PSMs) have been widely used by websites to gauge password strength, encouraging users to create stronger passwords. Popular data-driven PSMs, e.g., based on Markov, Probabilistic Context-free Grammar (PCFG) and…

Cryptography and Security · Computer Science 2025-05-14 Ming Xu , Weili Han , Jitao Yu , Jing Liu , Xinyi Zhang , Yun Lin , Jin Song Dong

The existing authentication system has two entry points (i.e., username and password fields) to interact with the outside, but neither of them has a gatekeeper, making the system vulnerable to cyberattacks. In order to ensure the…

Cryptography and Security · Computer Science 2024-09-26 Suyun Borjigin

Third-party skills extend LLM agents with powerful capabilities but often handle sensitive credentials in privileged environments, making leakage risks poorly understood. We present the first large-scale empirical study of this problem,…

Cryptography and Security · Computer Science 2026-04-06 Zhihao Chen , Ying Zhang , Yi Liu , Gelei Deng , Yuekang Li , Yanjun Zhang , Jianting Ning , Leo Yu Zhang , Lei Ma , Zhiqiang Li

The majority of current web authentication is built on username/password. Unfortunately, password replacement offers more security, but it is difficult to use and expensive to deploy. In this paper, we propose a new mutual authentication…

Cryptography and Security · Computer Science 2014-12-10 Yassine Sadqi , Ahmed Asimi , Younes Asimi

FIDO2 is the standard technology for single-factor and second-factor authentication. It is specified in an open standard, including the WebAuthn and CTAP application layer protocols. We focus on CTAP, which allows FIDO2 clients and hardware…

Cryptography and Security · Computer Science 2025-12-09 Marco Casagrande , Daniele Antonioli

The email system is the central battleground against phishing and social engineering attacks, and yet email providers still face key challenges to authenticate incoming emails. As a result, attackers can apply spoofing techniques to…

Cryptography and Security · Computer Science 2018-01-04 Hang Hu , Gang Wang

This paper studies leakage of user passwords and PINs based on observations of typing feedback on screens or from projectors in the form of masked characters that indicate keystrokes. To this end, we developed an attack called Password and…

A large body of research has shown that machine learning models are vulnerable to membership inference (MI) attacks that violate the privacy of the participants in the training data. Most MI research focuses on the case of a single…

Machine Learning · Computer Science 2022-05-16 Matthew Jagielski , Stanley Wu , Alina Oprea , Jonathan Ullman , Roxana Geambasu

This work explores injection attacks against password managers. In this setting, the adversary (only) controls their own application client, which they use to "inject" chosen payloads to a victim's client via, for example, sharing…

Cryptography and Security · Computer Science 2024-08-14 Andrés Fábrega , Armin Namavari , Rachit Agarwal , Ben Nassi , Thomas Ristenpart

We introduce password strength information signaling as a novel, yet counter-intuitive, defense mechanism against password cracking attacks. Recent breaches have exposed billions of user passwords to the dangerous threat of offline password…

Cryptography and Security · Computer Science 2021-08-17 Wenjie Bai , Jeremiah Blocki , Ben Harsha

Mobile crowdsourcing services (MCS), enable fast and economical data acquisition at scale and find applications in a variety of domains. Prior work has shown that Foursquare and Waze (a location-based and a navigation MCS) are vulnerable to…

Cryptography and Security · Computer Science 2021-10-20 Sojhal Ismail Khan , Dominika Woszczyk , Chengzeng You , Soteris Demetriou , Muhammad Naveed

Credential stuffing attacks have caused significant harm to online users who frequently reuse passwords across multiple websites. While prior research has attempted to detect users with reused passwords or identify malicious login attempts,…

Machine Learning · Computer Science 2025-10-21 Jaehan Kim , Minkyoo Song , Minjae Seo , Youngjin Jin , Seungwon Shin , Jinwoo Kim