Internet Archive Scholar

Delayed password disclosure

Markus Jakobsson, Steven Myers
2007 ACM SIGACT News  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (136.6 kB)
https://web.archive.org/web/20170811215426/http://markus-jakobsson.com/papers/jakobsson-ijac08.pdf?origin=publication_detail

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL. The file type is application/pdf.

We present a new authentication protocol called Delayed Password Disclosure (DPD). Based on the traditional username and password paradigm, the protocol's goal is aimed at reducing the effectiveness of phishing/spoofing attacks that are becoming increasingly problematic for Internet users. This is done by providing the user with dynamic feedback while password entry occurs. While this is a process that would normally be frowned upon by the cryptographic community, we argue that it may result in
more » ... more effective security than that offered by currently proposed 'cryptographically acceptable' alternatives. While the protocol cannot prevent partial disclosure of one's password to the phisher, it does provide a user with the tools necessary to recognise an ongoing phishing attack, and prevent the disclosure of his/her entire password, providing graceful security degradation.
doi:10.1145/1324215.1324228 fatcat:mmtijq5vrvckxbzwzpgphfpouu
Citation

Markus Jakobsson, Steven Myers. "Delayed password disclosure." ACM SIGACT News 38.3 (2007) 56