Web Based Security using oPass System: A Survey
International Journal of Emerging Trends in Science and Technology,
Vol. 1 No. 05 (2014),
1 July 2014
Abstract
Password authentication is an essential form of user authentication both on the Internet and for internal organizational computing systems. Password protection schemes are used to protect relatively low-sensitivity systems such as access to online archives as well as highly sensitive corporate intranets or personal bank accounts. Text password is the most popular form of user authentication on websites due to its convenience and simplicity. However, users’ passwords are prone to be stolen and compromised under different threats and vulnerabilities. Users often select weak passwords and reuse the same passwords across different websites. Routinely reusing passwords causes a domino effect; when an adversary compromises one password, she will exploit it to gain access to more websites.
How to Cite
Download Citation
References
[2] Hung-Min Sun,Yao-Hsin Chen and Yue-Hsun Lin, “oPass:A User Authentication Protocol Resistant to Password Stealing and Password Reuse Attacksâ€, IEEE Trans. InformationForensics Security, vol. 7, no. 2, April. 2012.
[3] B. Blanchet, “An efficient cryptographic protocol verifier based onprolog rules,†in Proc. 14th IEEE Computer Security FoundationsWorkshop, 2001, pp. 82–96.
[4] L. O’Gorman, “Comparing passwords, tokens, and biometrics for user authentication,†Proc. IEEE, vol. 91, no. 12, pp. 2021–2040, Dec. 2003.
[5] B. Ives, K. R. Walsh, and H. Schneider, “The domino effect of password reuse,†Commun. ACM, vol. 47, no. 4, pp. 75–78, 2004.
[6] S. Gaw and E. W. Felten, “Password management strategies for online accounts,†in SOUPS ’06: Proc. 2nd Symp. Usable Privacy . Security, New York, 2006, pp. 44–55, ACM.
[7] D. Florencio and C. Herley, “A large-scale study of web password habits,†in WWW’07: Proc. 16th Int. Conf. World Wide Web., New York, 2007, pp. 657–666, ACM.
[8] S. Chiasson, A. Forget, E. Stobert, P. C. van Oorschot, and R. Biddle, “Multiple password interference in text passwords and click-based graphical passwords,†in CCS ’09: Proc. 16th ACM Conf. Computer Communications Security, New York, 2009, pp. 500–511, ACM.
[9] P. van Oorschot, A. Salehi-Abari, and J. Thorpe, “Purely automated attacks on passpoints-style graphical passwords,†IEEE Trans. InformationForensics Security, vol. 5, no. 3, pp. 393–405, Sep. 2010.
[10] K.-P. Yee and K. Sitaker, “Passpet: Convenient password managementand phishing protection,†in SOUPS ’06: Proc. 2nd Symp. Usable Privacy Security, New York, 2006, pp. 32–43, ACM
- Article Viewed: 46 Total Download