Phish in sheep's clothing: Exploring the authentication pitfalls of browser fingerprinting
As users navigate the web they face a multitude of threats; among them, attacks that result in
account compromise can be particularly devastating. In a world fraught with data breaches …
account compromise can be particularly devastating. In a world fraught with data breaches …
" It's Stored, Hopefully, on an Encrypted Server'': Mitigating Users' Misconceptions About {FIDO2} Biometric {WebAuthn}
While prior attempts at passwordless authentication on the web have required specialized
hardware, FIDO2's WebAuthn protocol lets users sign into websites with their smartphone …
hardware, FIDO2's WebAuthn protocol lets users sign into websites with their smartphone …
On understanding context modelling for adaptive authentication systems
In many situations, it is of interest for authentication systems to adapt to context (eg, when
the user's behavior differs from the previous behavior). Hence, representing the context with …
the user's behavior differs from the previous behavior). Hence, representing the context with …
Pump up password security! Evaluating and enhancing risk-based authentication on a real-world large-scale online service
S Wiefling, PR Jørgensen, S Thunem… - ACM Transactions on …, 2022 - dl.acm.org
Risk-based authentication (RBA) aims to protect users against attacks involving stolen
passwords. RBA monitors features during login, and requests re-authentication when …
passwords. RBA monitors features during login, and requests re-authentication when …
Impersonation-as-a-service: Characterizing the emerging criminal infrastructure for user impersonation at scale
M Campobasso, L Allodi - Proceedings of the 2020 ACM SIGSAC …, 2020 - dl.acm.org
In this paper we provide evidence of an emerging criminal infrastructure enabling
impersonation attacks at scale. Impersonation-as-a-Service (IMPaaS) allows attackers to …
impersonation attacks at scale. Impersonation-as-a-Service (IMPaaS) allows attackers to …
" Make Them Change it Every Week!": A Qualitative Exploration of Online Developer Advice on Usable and Secure Authentication
Usable and secure authentication on the web and beyond is mission-critical. While
password-based authentication is still widespread, users have trouble dealing with …
password-based authentication is still widespread, users have trouble dealing with …
More than just good passwords? A study on usability and security perceptions of risk-based authentication
Risk-based Authentication (RBA) is an adaptive security measure to strengthen password-
based authentication. RBA monitors additional features during login, and when observed …
based authentication. RBA monitors additional features during login, and when observed …
A Study of {Multi-Factor} and {Risk-Based} Authentication Availability
Password-based authentication (PBA) remains the most popular form of user authentication
on the web despite its long-understood insecurity. Given the deficiencies of PBA, many …
on the web despite its long-understood insecurity. Given the deficiencies of PBA, many …
[HTML][HTML] Information Security Threats and Working from Home Culture: Taxonomy, Risk Assessment and Solutions
During the COVID-19 pandemic, most organizations were forced to implement a work-from-
home policy, and in many cases, employees have not been expected to return to the office …
home policy, and in many cases, employees have not been expected to return to the office …
What's in score for website users: A data-driven long-term study on risk-based authentication characteristics
Risk-based authentication (RBA) aims to strengthen password-based authentication rather
than replacing it. RBA does this by monitoring and recording additional features during the …
than replacing it. RBA does this by monitoring and recording additional features during the …