Technology
- Available in Android
Abstract—Text password is the most popular form
of user authentication on websites due to its convenience and simplicity. However,
users’ passwords are prone to be stolen and compromised under different threats
and vulnerabilities. Firstly, users often select weak passwords and reuse the
same passwords across different websites. Routinely reusing passwords causes a
domino effect; when an adversary compromises one password, she will exploit it
to gain access to more websites. Second, typing passwords into untrusted
computers suffers password thief threat. An adversary can launch several
password stealing attacks to snatch passwords, such as phishing, key loggers
and malware. In this paper, we design a user authentication protocol named
oPass which leverages a user’s cell phone and short message service to thwart
password stealing and password reuse attacks. oPass only requires each
participating website possesses a unique phone number, and involves a
telecommunication service provider in registration and recovery phases. Through
oPass, users only need to remember a long-term password for login on all
websites. After evaluating the oPass prototype, we believe oPass is efficient
and affordable compared with the conventional web authentication mechanisms.
No comments:
Post a Comment