TwoKind Authentication: Usable Authentication for Untrustworthy Environments
Date: July 2007
Publication: Proceedings of the Symposium On Usable Privacy and Security (SOUPS) 2007
Publisher: Carnegie Mellon
Source 1: http://cups.cs.cmu.edu/soups/2007/posters/p169_bailey.pdf
Abstract or Summary:
The ease with which a malicious third party can obtain a userís password when he or she logs into Internet sites (such as bank or email accounts) from an insecure computer creates a substantial security risk to private information and transactions. For example, a malicious administrator at a cybercafe, or a malicious user with sufficient access to install key loggers at a kiosk, can obtain usersí passwords easily. Even when users do not trust the machines they are using, many of them are faced with the prospect of accessing their accounts with a single level of privilege. To address this problem, we propose a system based on two modes of authenticationódefault and restricted. Users can signal to the server whether they are in an untrusted environment so that the server can log them in under restricted privileges that allow them to perform basic actions that cause no serious damage if the session or their password is compromised.
PasswordResearch.com Note: Poster format.
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.