TwoKind Authentication: Usable Authentication for Untrustworthy Environments
Date: July 2007 Publication: Proceedings of the Symposium On Usable Privacy and Security (SOUPS) 2007 Publisher: Carnegie Mellon Source 1: http://cups.cs.cmu.edu/soups/2007/posters/p169_bailey.pdf Abstract or Summary:
The ease with which a malicious third party can obtain a user’s password when he or she logs into Internet sites (such as bank or email accounts) from an insecure computer creates a substantial security risk to private information and transactions. For example, a malicious administrator at a cybercafe, or a malicious user with sufficient access to install key loggers at a kiosk, can obtain users’ passwords easily. Even when users do not trust the machines they are using, many of them are faced with the prospect of accessing their accounts with a single level of privilege. To address this problem, we propose a system based on two modes of authentication—default and restricted. Users can signal to the server whether they are in an untrusted environment so that the server can log them in under restricted privileges that allow them to perform basic actions that cause no serious damage if the session or their password is compromised. PasswordResearch.com Note: Poster format.
Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.
<-- Back to Authentication Research Paper Index |