Article

Passpet: convenient password management and phishing protection

Authors:

Kragen SitakerAuthors Info & Claims

SOUPS '06: Proceedings of the second symposium on Usable privacy and security

Pages 32 - 43

https://doi.org/10.1145/1143120.1143126

Published: 12 July 2006 Publication History

Abstract

We describe Passpet, a tool that improves both the convenience and security of website logins through a combination of techniques. Password hashing helps users manage multiple accounts by turning a single memorized password into a different password for each account. User-assigned site labels (petnames) help users securely identify sites in the face of determined attempts at impersonation (phishing). Password-strengthening measures defend against dictionary attacks. Customizing the user interface defends against user-interface spoofing attacks. We propose new improvements to these techniques, discuss how they are integrated into a single tool, and compare Passpet to other solutions for managing passwords and preventing phishing.

References

[1]

M. Abadi, T. M. A. Lomas, and R. Needham. Strengthening Passwords. Technical Report 1997-033, SRC, 2005.

[2]

T. Close. Petname Tool. http://petname.mozdev.org/.

[3]

CoreStreet. Spoofstick. http://www.spoofstick.com/.

[4]

R. Dhamija and J. D. Tygar. The battle against phishing: Dynamic Security Skins. In Proc. 2005 Symposium on Usable Privacy and Securtiy, pages 77--88, 2005.

Digital Library

[5]

R. Dhamija, J. D. Tygar, and M. Hearst. Why Phishing Works. In Proc. CHI 2006 Conference on Human Factors in Computing Systems, 2006.

Digital Library

[6]

Earthlink. Earthlink Toolbar and ScamBlocker FAQ. http://kb.earthlink.net/case.asp?article=30492.

[7]

Earthlink. Earthlink Toolbar Featuring ScamBlocker for Windows Users. http://www.earthlink.net/software/free/toolbar/.

[8]

S. Fox, L. Rainie, J. Horrigan, A. Lenhart, T. Spooner, and C. Carter. Trust and privacy online: Why Americans want to rewrite the rules. August 2000. http://www.pewinternet.org/report_display.asp?r=19.

[9]

R. Franco. Better Website Identification and Extended Validation Certificates in IE7 and Other Browsers. November 2005. http://blogs.msdn.com/ie/archive/2005/11/21/495507.aspx.

[10]

E. Gabber, P. B. Gibbons, Y. Matias, and A. Mayer. How to Make Personalized Web Browsing Simple, Secure, and Anonymous. In Proc. Financial Cryptography 1997. Springer-Verlag, February 1997.

Digital Library

[11]

E. Gabrilovich and A. Gontmakher. The Homograph Attack. Comm. of the ACM, 45(2):128, February 2002.

Digital Library

[12]

J. A. Halderman, B. Waters, and E. W. Felten. A Convenient Method for Securely Managing Passwords. In Proc. 14th International World-Wide Web Conference, 2005. http://www.cs.princeton.edu/~jhalderm/projects/password/.

Digital Library

[13]

A. Herzberg and A. Gbara. TrustBar: Protecting (even Naïve) Web Users from Spoofing and Phishing Attacks. Cryptology ePrint Archive, Report 2004/155, 2004. http://www.cs.biu.ac.il/~herzbea/TrustBar/.

[14]

A. Karp. Site-Specific Passwords. Technical report, HP Labs. http://www.hpl.hp.com/personal/Alan_Karp/site_password/.

[15]

J. Kelsey, B. Schneier, C. Hall, and D. Wagner. Secure Applications of Low-Entropy Keys. Lecture Notes in Computer Science, 1396, 121--134, 1998.

Digital Library

[16]

R. Naraine. Microsoft Downgrades Claria Adware Detections. July 2005. http://www.eweek.com/article2/0,1895,1834607,00.asp.

[17]

Netcraft. Netcraft Anti-Phishing Toolbar. http://toolbar.netcraft.com/.

[18]

Netcraft. Netcraft Toolbar Privacy Policy. http://toolbar.netcraft.com/privacypolicy.html.

[19]

Bank of America. Sign up for the SiteKey Service. http://www.bankofamerica.com/privacy/passmark/.

[20]

B. Ross, C. Jackson, N. Miyake, D. Boneh, and J. C. Mitchell. Stronger Password Authentication Using Browser Extensions. In Proc. 14th Usenix Security, 2005.

Digital Library

[21]

T. Sharif. Phishing Filter in IE7. September 2005. http://blogs.msdn.com/ie/archive/2005/09/09/463204.aspx.

[22]

M. Stiegler. An Introduction to Petname Systems. http://www.skyhunter.com/marcs/petnames/IntroPetNames.html.

[23]

Protocom Development Systems. Global Password Usage Survey. September 2003. http://www.protocom.com/html/whitepapers/biz_password_survey.html.

[24]

T. Wu. The Secure Remote Password Protocol. In Proc. 1998 Internet Society Network and Distributed System Security Symposium, pages 97--111, March 1998.

Cited By

Zhu YFang YHu XYang R(2024)Design and FPGA Implementation of a Password Management System Utilizing RO PUF2024 5th International Seminar on Artificial Intelligence, Networking and Information Technology (AINIT)10.1109/AINIT61980.2024.10581776(303-307)Online publication date: 29-Mar-2024
https://doi.org/10.1109/AINIT61980.2024.10581776
Dhanalakshmi RVijayaraghavan NNarasimhan SBasha S(2023)Password Manager with Multi-Factor Authentication2023 International Conference on Networking and Communications (ICNWC)10.1109/ICNWC57852.2023.10127424(1-5)Online publication date: 5-Apr-2023
https://doi.org/10.1109/ICNWC57852.2023.10127424
Sarker OHaggag SJayatilaka ALiu C(2023)Personalized Guidelines for Design, Implementation and Evaluation of Anti-Phishing Interventions2023 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)10.1109/ESEM56168.2023.10304861(1-12)Online publication date: 26-Oct-2023
https://doi.org/10.1109/ESEM56168.2023.10304861
Show More Cited By

Index Terms

Passpet: convenient password management and phishing protection
1. Human-centered computing
  1. Human computer interaction (HCI)
    1. Interaction paradigms
      1. Graphical user interfaces
2. Information systems
  1. World Wide Web

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

SOUPS '06: Proceedings of the second symposium on Usable privacy and security

July 2006

168 pages

ISBN:1595934480

DOI:10.1145/1143120

General Chair:
Lorrie Faith Cranor
Carnegie Mellon University

Copyright © 2006 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 July 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Article

Acceptance Rates

Overall Acceptance Rate 15 of 49 submissions, 31%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

107
Total Citations
View Citations
1,783
Total Downloads

Downloads (Last 12 months)36
Downloads (Last 6 weeks)4

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Zhu YFang YHu XYang R(2024)Design and FPGA Implementation of a Password Management System Utilizing RO PUF2024 5th International Seminar on Artificial Intelligence, Networking and Information Technology (AINIT)10.1109/AINIT61980.2024.10581776(303-307)Online publication date: 29-Mar-2024
https://doi.org/10.1109/AINIT61980.2024.10581776
Dhanalakshmi RVijayaraghavan NNarasimhan SBasha S(2023)Password Manager with Multi-Factor Authentication2023 International Conference on Networking and Communications (ICNWC)10.1109/ICNWC57852.2023.10127424(1-5)Online publication date: 5-Apr-2023
https://doi.org/10.1109/ICNWC57852.2023.10127424
Sarker OHaggag SJayatilaka ALiu C(2023)Personalized Guidelines for Design, Implementation and Evaluation of Anti-Phishing Interventions2023 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)10.1109/ESEM56168.2023.10304861(1-12)Online publication date: 26-Oct-2023
https://doi.org/10.1109/ESEM56168.2023.10304861
Yin YJang-Jaccard JBaghaei N(2022)PassImg: A Secure Password Generation and Management Scheme without Storing2022 IEEE 25th International Conference on Computer Supported Cooperative Work in Design (CSCWD)10.1109/CSCWD54268.2022.9776045(341-346)Online publication date: 4-May-2022
https://doi.org/10.1109/CSCWD54268.2022.9776045
Kumar Sahoo P(2021)An Emerging Solution for Detection of Phishing AttacksCybersecurity Threats with New Perspectives [Working Title]10.5772/intechopen.96134Online publication date: 3-Mar-2021
https://doi.org/10.5772/intechopen.96134
Franz AZimmermann VAlbrecht GHartwig KReuter CBenlian AVogt JChiasson S(2021)SoKProceedings of the Seventeenth USENIX Conference on Usable Privacy and Security10.5555/3563572.3563590(339-357)Online publication date: 9-Aug-2021
https://dl.acm.org/doi/10.5555/3563572.3563590
Shirvanian MPrice CJubur MSaxena NJarecki SKrawczyk HHung CHong JBechini ASong E(2021)A hidden-password online password managerProceedings of the 36th Annual ACM Symposium on Applied Computing10.1145/3412841.3442131(1683-1686)Online publication date: 22-Mar-2021
https://dl.acm.org/doi/10.1145/3412841.3442131
Shirvanian MSaxena NJarecki SKrawczyk H(2019)Building and Studying a Password Store that Perfectly Hides Passwords from ItselfIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2019.290255116:5(770-782)Online publication date: 1-Sep-2019
https://doi.org/10.1109/TDSC.2019.2902551
Mohammadinodoushan MCambou BPhilabaum CHely DBooher D(2019)Implementation of Password Management System Using Ternary Addressable PUF Generator2019 16th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON)10.1109/SAHCN.2019.8824792(1-8)Online publication date: Jun-2019
https://doi.org/10.1109/SAHCN.2019.8824792
Chaudhary SSchafeitel-Tähtinen THelenius MBerki E(2019)Usability, security and trust in password managers: A quest for user-centric properties and featuresComputer Science Review10.1016/j.cosrev.2019.03.00233(69-90)Online publication date: Aug-2019
https://doi.org/10.1016/j.cosrev.2019.03.002
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents