ABSTRACT
The most popular form of user authentication on websites is the use of passwords. When entering a password, it is crucial that the website uses HTTPS (for the entire content). However, this is often not the case. We propose PassSec - a Firefox Add-On to support users to detect password fields on which their password might be endangered. In addition, PassSec displays a non-blocking warning next to the password field, once users click into the password field. The user is provided with possible consequences of entering a password, recommendations and further information if wanted.
- C. Bravo-Lillo, L. Cranor, J. Downs, and S. Komanduri. Bridging the gap in computer security warnings: A mental model approach. Security Privacy, IEEE, 9(2):18--26, March 2011. Google ScholarDigital Library
- N. Kolb, S. Bartsch, M. Volkamer, and J. Vogt. Capturing attention for warnings about insecure password fields--systematic development of a passive security intervention. In Human Aspects of Information Security, Privacy, and Trust, pages 172--182. Springer, 2014.Google Scholar
- M.-E. Maurer, A. De Luca, and H. Hussmann. Data type based security alert dialogs. In CHI'11 Extended Abstracts on Human Factors in Computing Systems, pages 2359--2364. ACM, 2011. Google ScholarDigital Library
- M.-E. Maurer, A. De Luca, and S. Kempe. Using data type based security alert dialogs to raise online security awareness. In Proceedings of the Seventh Symposium on Usable Privacy and Security, page 2. ACM, 2011. Google ScholarDigital Library
- H.-M. Sun, Y.-H. Chen, and Y.-H. Lin. opass: A user authentication protocol resistant to password stealing and password reuse attacks. Information Forensics and Security, IEEE Transactions on, 7(2):651--663, 2012.Google ScholarDigital Library
- R. West. The psychology of security. Communications of the ACM, 51(4):34--40, 2008. Google ScholarDigital Library
Index Terms
- POSTER: Password Entering and Transmission Security
Recommendations
PassPoints: design and longitudinal evaluation of a graphical password system
Special isssue: HCI research in privacy and security is critical nowComputer security depends largely on passwords to authenticate human users. However, users have difficulty remembering passwords over time if they choose a secure password, i.e. a password that is long and random. Therefore, they tend to choose short ...
A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords
SOUPS '06: Proceedings of the second symposium on Usable privacy and securityPrevious research has found graphical passwords to be more memorable than non-dictionary or "strong" alphanumeric passwords. Participants in a prior study expressed concerns that this increase in memorability could also lead to an increased ...
Design and evaluation of a shoulder-surfing resistant graphical password scheme
AVI '06: Proceedings of the working conference on Advanced visual interfacesWhen users input their passwords in a public place, they may be at risk of attackers stealing their password. An attacker can capture a password by direct observation or by recording the individual's authentication session. This is referred to as ...
Comments