2012 | OriginalPaper | Buchkapitel
Protected Login
verfasst von : Alexei Czeskis, Dirk Balfanz
Erschienen in: Financial Cryptography and Data Security
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
Despite known problems with their security and ease-of-use, passwords will likely continue to be the main form of web authentication for the foreseeable future. We define a certain class of password-based authentication protocols and call them
protected login
. Protected login mechanisms present reasonable security in the face of real-world threat models. We find that some websites already employ protected login mechanisms, but observe that they struggle to protect first logins from new devices – reducing usability and security. Armed with this insight, we make a recommendation for increasing the security of web authentication: reduce the number of unprotected logins, and in particular, offer opportunistic protection of first logins. We provide a sketch of a possible solution.