Cited By
View all- Bailey KKapadia AVongsathorn LSmith SAtluri VWinslett M(2008)TwoKind authenticationProceedings of the 7th ACM workshop on Privacy in the electronic society10.1145/1456403.1456412(39-44)Online publication date: 27-Oct-2008
TwoKind authentication: usable authenticators for untrustworthy environments
Authors: 
Katelin Bailey, Linden Vongsathorn, 
Apu Kapadia, Chris Masone, Sean W. SmithAuthors Info & Claims
Pages 169 - 170
Abstract
The ease with which a malicious third party can obtain a user's password when he or she logs into Internet sites (such as bank or email accounts) from an insecure computer creates a substantial security risk to private information and transactions. For example, a malicious administrator at a cybercafe, or a malicious user with sufficient access to install key loggers at a kiosk, can obtain users' passwords easily. Even when users do not trust the machines they are using, many of them are faced with the prospect of accessing their accounts with a single level of privilege. To address this problem, we propose a system based on two modes of authentication--default and restricted. Users can signal to the server whether they are in an untrusted environment so that the server can log them in under restricted privileges that allow them to perform basic actions that cause no serious damage if the session or their password is compromised.
References
[1]
eTrade Trading Passwords. https://www.etradeaustralia.com.au/EStation/hep_aec_connecting.asp.
[2]
Facebook. http://www.facebook.com.
[3]
RSA SecurID. http://www.rsa.com/node.aspx?id=1156.
[4]
Leslie Lamport. Password authentication with insecure communication. Communications of the ACM, 24(11):770--772, November 1981.
[5]
Jerome H. Saltzer and Michael D. Schroeder. The protection of information in computer systems. Communications of the ACM, 17(7), July 1974.
- TwoKind authentication: usable authenticators for untrustworthy environments
Recommendations
TwoKind authentication: protecting private information in untrustworthy environments
WPES '08: Proceedings of the 7th ACM workshop on Privacy in the electronic societyUsers often log in to Internet sites from insecure computers and more recently have started divulging their email passwords to social-networking sites, thereby putting their private communications at risk. We propose and evaluate TwoKind Authentication, ...
Using Episodic Memory for User Authentication
Passwords are widely used for user authentication, but they are often difficult for a user to recall, easily cracked by automated programs, and heavily reused. Security questions are also used for secondary authentication. They are more memorable than ...
On the Security of Some Password Authentication Protocols
In an internet environment, such as UNIX, a remote user has to obtain the access right from a server before doing any job. The procedure of obtaining acess right is called a user authentication protocol. User authentication via user memorable password ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Copyright © 2007 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
- CyLab
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 18 July 2007
Check for updates
Qualifiers
- Article
Conference
SOUPS '07
Sponsor:
SOUPS '07: The third Symposium on Usable Privacy and Security
July 18 - 20, 2007
Pennsylvania, Pittsburgh, USA
Acceptance Rates
Overall Acceptance Rate 15 of 49 submissions, 31%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 247Total Downloads
- Downloads (Last 12 months)4
- Downloads (Last 6 weeks)0
Reflects downloads up to 20 Nov 2024
Other Metrics
Citations
Cited By
View all- Bailey KKapadia AVongsathorn LSmith SAtluri VWinslett M(2008)TwoKind authenticationProceedings of the 7th ACM workshop on Privacy in the electronic society10.1145/1456403.1456412(39-44)Online publication date: 27-Oct-2008
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in