Internet Archive Scholar

Toward a secure and usable cloud-based password manager for web browsers

Rui Zhao, Chuan Yue
<span title="">2014</span> <i title="Elsevier BV"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/e25s2ofdbnfb3j2rstrnkqsqfi" style="color: black;">Computers &amp; security</a> </i> &nbsp;

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (657.8 kB)
https://web.archive.org/web/20161207145939/http://www.cs.uccs.edu/~cyue/papers/COMPSEC14.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit <a rel="external noopener" href="http://www.cs.uccs.edu/~cyue/papers/COMPSEC14.pdf">the original URL</a>. The file type is <code>application/pdf</code>.

Web users are confronted with the daunting challenges of creating, remembering, and using more and more strong passwords than ever before in order to protect their valuable assets on different websites. Password manager, particularly Browser-based Password Manager (BPM), is one of the most popular approaches designed to address these challenges by saving users' passwords and later automatically filling the login forms on behalf of users. Fortunately, all the five most popular Web browsers have
more &raquo; ... rovided password managers as a useful built-in feature. In this paper, we uncover the vulnerabilities of existing BPMs and analyze how they can be exploited by attackers to crack users' saved passwords. Moreover, we propose a novel Cloud-based Storage-Free BPM (CSF-BPM) design to achieve a high level of security with the desired confidentiality, integrity, and availability properties. We have implemented a CSF-BPM system into Firefox and evaluated its correctness, performance, and usability. Our evaluation results and analysis demonstrate that CSF-BPM can be efficiently and conveniently used. We believe CSF-BPM is a rational design that can also be integrated into other popular browsers to make the online experience of Web users more secure, convenient, and enjoyable.
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1016/j.cose.2014.07.003">doi:10.1016/j.cose.2014.07.003</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/quzgsw6orbagppaldpahal3a6a">fatcat:quzgsw6orbagppaldpahal3a6a</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20161207145939/http://www.cs.uccs.edu/~cyue/papers/COMPSEC14.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/48/eb/48eb1625fd4ddc96272b491a517ce87fb558383a.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1016/j.cose.2014.07.003"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> elsevier.com </button> </a>
Citation

Rui Zhao, Chuan Yue. "Toward a secure and usable cloud-based password manager for web browsers." Computers & security (2014) 32-47